public interface AmazonCognitoIdentity
Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.
Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.
To provide end-user credentials, first make an unsigned call to GetId.
If the end user is authenticated with one of the supported identity
providers, set the Logins map with the identity provider
token. GetId returns a unique identifier for the user.
Next, make an unsigned call to GetCredentialsForIdentity. This call
expects the same Logins map as the GetId
call, as well as the IdentityID originally returned by
GetId . Assuming your identity pool has been configured
via the SetIdentityPoolRoles operation,
GetCredentialsForIdentity will return AWS credentials for
your use. If your pool has not been configured with
SetIdentityPoolRoles , or if you want to follow legacy
flow, make an unsigned call to GetOpenIdToken, which returns the
OpenID token necessary to call STS and retrieve AWS credentials. This
call expects the same Logins map as the
GetId call, as well as the IdentityID
originally returned by GetId . The token returned by
GetOpenIdToken can be passed to the STS operation
AssumeRoleWithWebIdentity
to retrieve AWS credentials.
If you want to use Amazon Cognito in an Android, iOS, or Unity application, you will probably want to make API calls via the AWS Mobile SDK. To learn more, see the AWS Mobile SDK Developer Guide .
| Modifier and Type | Method and Description |
|---|---|
CreateIdentityPoolResult |
createIdentityPool(CreateIdentityPoolRequest createIdentityPoolRequest)
Creates a new identity pool.
|
DeleteIdentitiesResult |
deleteIdentities(DeleteIdentitiesRequest deleteIdentitiesRequest)
Deletes identities from an identity pool.
|
void |
deleteIdentityPool(DeleteIdentityPoolRequest deleteIdentityPoolRequest)
Deletes a user pool.
|
DescribeIdentityResult |
describeIdentity(DescribeIdentityRequest describeIdentityRequest)
Returns metadata related to the given identity, including when the
identity was created and any associated linked logins.
|
DescribeIdentityPoolResult |
describeIdentityPool(DescribeIdentityPoolRequest describeIdentityPoolRequest)
Gets details about a particular identity pool, including the pool
name, ID description, creation date, and current number of users.
|
ResponseMetadata |
getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for
debugging issues where a service isn't acting as expected.
|
GetCredentialsForIdentityResult |
getCredentialsForIdentity(GetCredentialsForIdentityRequest getCredentialsForIdentityRequest)
Returns credentials for the the provided identity ID.
|
GetIdResult |
getId(GetIdRequest getIdRequest)
Generates (or retrieves) a Cognito ID.
|
GetIdentityPoolRolesResult |
getIdentityPoolRoles(GetIdentityPoolRolesRequest getIdentityPoolRolesRequest)
Gets the roles for an identity pool.
|
GetOpenIdTokenResult |
getOpenIdToken(GetOpenIdTokenRequest getOpenIdTokenRequest)
Gets an OpenID token, using a known Cognito ID.
|
GetOpenIdTokenForDeveloperIdentityResult |
getOpenIdTokenForDeveloperIdentity(GetOpenIdTokenForDeveloperIdentityRequest getOpenIdTokenForDeveloperIdentityRequest)
Registers (or retrieves) a Cognito
IdentityId and an
OpenID Connect token for a user authenticated by your backend
authentication process. |
ListIdentitiesResult |
listIdentities(ListIdentitiesRequest listIdentitiesRequest)
Lists the identities in a pool.
|
ListIdentityPoolsResult |
listIdentityPools(ListIdentityPoolsRequest listIdentityPoolsRequest)
Lists all of the Cognito identity pools registered for your account.
|
LookupDeveloperIdentityResult |
lookupDeveloperIdentity(LookupDeveloperIdentityRequest lookupDeveloperIdentityRequest)
Retrieves the
IdentityID associated with a
DeveloperUserIdentifier or the list of
DeveloperUserIdentifier s associated with an
IdentityId for an existing identity. |
MergeDeveloperIdentitiesResult |
mergeDeveloperIdentities(MergeDeveloperIdentitiesRequest mergeDeveloperIdentitiesRequest)
Merges two users having different
IdentityId s, existing
in the same identity pool, and identified by the same developer
provider. |
void |
setEndpoint(String endpoint)
Overrides the default endpoint for this client ("https://cognito-identity.us-east-1.amazonaws.com/").
|
void |
setIdentityPoolRoles(SetIdentityPoolRolesRequest setIdentityPoolRolesRequest)
Sets the roles for an identity pool.
|
void |
setRegion(Region region)
An alternative to
setEndpoint(String), sets the
regional endpoint for this client's service calls. |
void |
shutdown()
Shuts down this client object, releasing any resources that might be held
open.
|
void |
unlinkDeveloperIdentity(UnlinkDeveloperIdentityRequest unlinkDeveloperIdentityRequest)
Unlinks a
DeveloperUserIdentifier from an existing
identity. |
void |
unlinkIdentity(UnlinkIdentityRequest unlinkIdentityRequest)
Unlinks a federated identity from an existing account.
|
UpdateIdentityPoolResult |
updateIdentityPool(UpdateIdentityPoolRequest updateIdentityPoolRequest)
Updates a user pool.
|
void setEndpoint(String endpoint) throws IllegalArgumentException
Callers can pass in just the endpoint (ex: "cognito-identity.us-east-1.amazonaws.com/") or a full
URL, including the protocol (ex: "https://cognito-identity.us-east-1.amazonaws.com/"). If the
protocol is not specified here, the default protocol from this client's
ClientConfiguration will be used, which by default is HTTPS.
For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912
This method is not threadsafe. An endpoint should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
endpoint - The endpoint (ex: "cognito-identity.us-east-1.amazonaws.com/") or a full URL,
including the protocol (ex: "https://cognito-identity.us-east-1.amazonaws.com/") of
the region specific AWS endpoint this client will communicate
with.IllegalArgumentException - If any problems are detected with the specified endpoint.void setRegion(Region region) throws IllegalArgumentException
setEndpoint(String), sets the
regional endpoint for this client's service calls. Callers can use this
method to control which AWS region they want to work with.
By default, all service endpoints in all regions use the https protocol.
To use http instead, specify it in the ClientConfiguration
supplied at construction.
This method is not threadsafe. A region should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
region - The region this client will communicate with. See
Region.getRegion(com.amazonaws.regions.Regions) for
accessing a given region.IllegalArgumentException - If the given region is null, or if this service isn't
available in the given region. See
Region.isServiceSupported(String)Region.getRegion(com.amazonaws.regions.Regions),
Region.createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration)void unlinkDeveloperIdentity(UnlinkDeveloperIdentityRequest unlinkDeveloperIdentityRequest) throws AmazonServiceException, AmazonClientException
Unlinks a DeveloperUserIdentifier from an existing
identity. Unlinked developer users will be considered new identities
next time they are seen. If, for a given Cognito identity, you remove
all federated identities as well as the developer user identifier, the
Cognito identity becomes inaccessible.
This is a public API. You do not need any credentials to call this API.
unlinkDeveloperIdentityRequest - Container for the necessary
parameters to execute the UnlinkDeveloperIdentity service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.DeleteIdentitiesResult deleteIdentities(DeleteIdentitiesRequest deleteIdentitiesRequest) throws AmazonServiceException, AmazonClientException
Deletes identities from an identity pool. You can specify a list of 1-60 identities that you want to delete.
You must use AWS Developer credentials to call this API.
deleteIdentitiesRequest - Container for the necessary parameters
to execute the DeleteIdentities service method on
AmazonCognitoIdentity.InternalErrorExceptionInvalidParameterExceptionTooManyRequestsExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.DescribeIdentityPoolResult describeIdentityPool(DescribeIdentityPoolRequest describeIdentityPoolRequest) throws AmazonServiceException, AmazonClientException
Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.
You must use AWS Developer credentials to call this API.
describeIdentityPoolRequest - Container for the necessary
parameters to execute the DescribeIdentityPool service method on
AmazonCognitoIdentity.InternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.GetIdResult getId(GetIdRequest getIdRequest) throws AmazonServiceException, AmazonClientException
Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicit linked account.
token+";"+tokenSecret.
This is a public API. You do not need any credentials to call this API.
getIdRequest - Container for the necessary parameters to execute
the GetId service method on AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionLimitExceededExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionExternalServiceExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.void deleteIdentityPool(DeleteIdentityPoolRequest deleteIdentityPoolRequest) throws AmazonServiceException, AmazonClientException
Deletes a user pool. Once a pool is deleted, users will not be able to authenticate with the pool.
You must use AWS Developer credentials to call this API.
deleteIdentityPoolRequest - Container for the necessary
parameters to execute the DeleteIdentityPool service method on
AmazonCognitoIdentity.InternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.UpdateIdentityPoolResult updateIdentityPool(UpdateIdentityPoolRequest updateIdentityPoolRequest) throws AmazonServiceException, AmazonClientException
Updates a user pool.
You must use AWS Developer credentials to call this API.
updateIdentityPoolRequest - Container for the necessary
parameters to execute the UpdateIdentityPool service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionConcurrentModificationExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.GetCredentialsForIdentityResult getCredentialsForIdentity(GetCredentialsForIdentityRequest getCredentialsForIdentityRequest) throws AmazonServiceException, AmazonClientException
Returns credentials for the the provided identity ID. Any provided logins will be validated against supported login providers. If the token is for cognito-identity.amazonaws.com, it will be passed through to AWS Security Token Service with the appropriate role for the token.
This is a public API. You do not need any credentials to call this API.
getCredentialsForIdentityRequest - Container for the necessary
parameters to execute the GetCredentialsForIdentity service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionInvalidIdentityPoolConfigurationExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionExternalServiceExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.MergeDeveloperIdentitiesResult mergeDeveloperIdentities(MergeDeveloperIdentitiesRequest mergeDeveloperIdentitiesRequest) throws AmazonServiceException, AmazonClientException
Merges two users having different IdentityId s, existing
in the same identity pool, and identified by the same developer
provider. You can use this action to request that discrete users be
merged and identified as a single user in the Cognito environment.
Cognito associates the given source user (
SourceUserIdentifier ) with the IdentityId
of the DestinationUserIdentifier . Only
developer-authenticated users can be merged. If the users to be merged
are associated with the same public provider, but as two different
users, an exception will be thrown.
You must use AWS Developer credentials to call this API.
mergeDeveloperIdentitiesRequest - Container for the necessary
parameters to execute the MergeDeveloperIdentities service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.ListIdentityPoolsResult listIdentityPools(ListIdentityPoolsRequest listIdentityPoolsRequest) throws AmazonServiceException, AmazonClientException
Lists all of the Cognito identity pools registered for your account.
This is a public API. You do not need any credentials to call this API.
listIdentityPoolsRequest - Container for the necessary parameters
to execute the ListIdentityPools service method on
AmazonCognitoIdentity.InternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.GetOpenIdTokenResult getOpenIdToken(GetOpenIdTokenRequest getOpenIdTokenRequest) throws AmazonServiceException, AmazonClientException
Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by GetId. You can optionally add additional logins for the identity. Supplying multiple logins creates an implicit link.
The OpenId token is valid for 15 minutes.
This is a public API. You do not need any credentials to call this API.
getOpenIdTokenRequest - Container for the necessary parameters to
execute the GetOpenIdToken service method on AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionExternalServiceExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.LookupDeveloperIdentityResult lookupDeveloperIdentity(LookupDeveloperIdentityRequest lookupDeveloperIdentityRequest) throws AmazonServiceException, AmazonClientException
Retrieves the IdentityID associated with a
DeveloperUserIdentifier or the list of
DeveloperUserIdentifier s associated with an
IdentityId for an existing identity. Either
IdentityID or DeveloperUserIdentifier must
not be null. If you supply only one of these values, the other value
will be searched in the database and returned as a part of the
response. If you supply both, DeveloperUserIdentifier
will be matched against IdentityID . If the values are
verified against the database, the response returns both values and is
the same as the request. Otherwise a
ResourceConflictException is thrown.
You must use AWS Developer credentials to call this API.
lookupDeveloperIdentityRequest - Container for the necessary
parameters to execute the LookupDeveloperIdentity service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.DescribeIdentityResult describeIdentity(DescribeIdentityRequest describeIdentityRequest) throws AmazonServiceException, AmazonClientException
Returns metadata related to the given identity, including when the identity was created and any associated linked logins.
You must use AWS Developer credentials to call this API.
describeIdentityRequest - Container for the necessary parameters
to execute the DescribeIdentity service method on
AmazonCognitoIdentity.InternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.void setIdentityPoolRoles(SetIdentityPoolRolesRequest setIdentityPoolRolesRequest) throws AmazonServiceException, AmazonClientException
Sets the roles for an identity pool. These roles are used when making
calls to GetCredentialsForIdentity action.
You must use AWS Developer credentials to call this API.
setIdentityPoolRolesRequest - Container for the necessary
parameters to execute the SetIdentityPoolRoles service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionConcurrentModificationExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.void unlinkIdentity(UnlinkIdentityRequest unlinkIdentityRequest) throws AmazonServiceException, AmazonClientException
Unlinks a federated identity from an existing account. Unlinked logins will be considered new identities next time they are seen. Removing the last linked login will make this identity inaccessible.
This is a public API. You do not need any credentials to call this API.
unlinkIdentityRequest - Container for the necessary parameters to
execute the UnlinkIdentity service method on AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionExternalServiceExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.ListIdentitiesResult listIdentities(ListIdentitiesRequest listIdentitiesRequest) throws AmazonServiceException, AmazonClientException
Lists the identities in a pool.
You must use AWS Developer credentials to call this API.
listIdentitiesRequest - Container for the necessary parameters to
execute the ListIdentities service method on AmazonCognitoIdentity.InternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.GetIdentityPoolRolesResult getIdentityPoolRoles(GetIdentityPoolRolesRequest getIdentityPoolRolesRequest) throws AmazonServiceException, AmazonClientException
Gets the roles for an identity pool.
You must use AWS Developer credentials to call this API.
getIdentityPoolRolesRequest - Container for the necessary
parameters to execute the GetIdentityPoolRoles service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.GetOpenIdTokenForDeveloperIdentityResult getOpenIdTokenForDeveloperIdentity(GetOpenIdTokenForDeveloperIdentityRequest getOpenIdTokenForDeveloperIdentityRequest) throws AmazonServiceException, AmazonClientException
Registers (or retrieves) a Cognito IdentityId and an
OpenID Connect token for a user authenticated by your backend
authentication process. Supplying multiple logins will create an
implicit linked account. You can only specify one developer provider
as part of the Logins map, which is linked to the
identity pool. The developer provider is the "domain" by which Cognito
will refer to your users.
You can use GetOpenIdTokenForDeveloperIdentity to create
a new identity and to link new logins (that is, user credentials
issued by a public provider or developer provider) to an existing
identity. When you want to create a new identity, the
IdentityId should be null. When you want to associate a
new login with an existing authenticated/unauthenticated identity, you
can do so by providing the existing IdentityId . This API
will create the identity in the specified IdentityPoolId
.
You must use AWS Developer credentials to call this API.
getOpenIdTokenForDeveloperIdentityRequest - Container for the
necessary parameters to execute the GetOpenIdTokenForDeveloperIdentity
service method on AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionDeveloperUserAlreadyRegisteredExceptionResourceNotFoundExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.CreateIdentityPoolResult createIdentityPool(CreateIdentityPoolRequest createIdentityPoolRequest) throws AmazonServiceException, AmazonClientException
Creates a new identity pool. The identity pool is a store of user identity information that is specific to your AWS account. The limit on identity pools is 60 per account. You must use AWS Developer credentials to call this API.
createIdentityPoolRequest - Container for the necessary
parameters to execute the CreateIdentityPool service method on
AmazonCognitoIdentity.ResourceConflictExceptionInternalErrorExceptionLimitExceededExceptionNotAuthorizedExceptionInvalidParameterExceptionTooManyRequestsExceptionAmazonClientException - If any internal errors are encountered inside the client while
attempting to make the request or handle the response. For example
if a network connection is not available.AmazonServiceException - If an error response is returned by AmazonCognitoIdentity indicating
either a problem with the data in the request, or a server side issue.void shutdown()
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
request - The originally executed request.Copyright © 2015. All rights reserved.