AWS code-library documentation change
Summary
Updated 'get-identity-provider-by-identifier' example with SAML provider configuration details
Security assessment
Documents SAML identity provider configuration but doesn't address specific vulnerabilities
Diff
diff --git a/code-library/latest/ug/cli_2_cognito-identity-provider_code_examples.md index af9591c27..c60c23d02 100644 --- a/code-library/latest/ug/cli_2_cognito-identity-provider_code_examples.md +++ b/code-library/latest/ug/cli_2_cognito-identity-provider_code_examples.md @@ -2970 +2970 @@ For more information, see [Adding groups to a user pool](https://docs.aws.amazon -The following code example shows how to use `get-signing-certificate`. +The following code example shows how to use `get-identity-provider-by-identifier`. @@ -2975 +2975,40 @@ The following code example shows how to use `get-signing-certificate`. -**To get a signing certificate** +**To get the configuration of an identity provider from the IdP identifier** + +The following `get-identity-provider-by-identifier` example returns the configuration of the identity provider with the identifier `mysso`. + + + aws cognito-idp get-identity-provider-by-identifier \ + --user-pool-id us-west-2_EXAMPLE \ + --idp-identifier mysso + + +Output: + + + { + "IdentityProvider": { + "UserPoolId": "us-west-2_EXAMPLE", + "ProviderName": "MYSAML", + "ProviderType": "SAML", + "ProviderDetails": { + "ActiveEncryptionCertificate": "[Certificate contents]", + "IDPSignout": "false", + "MetadataURL": "https://auth.example.com/saml/metadata/", + "SLORedirectBindingURI": "https://auth.example.com/saml/logout/", + "SSORedirectBindingURI": "https://auth.example.com/saml/assertion/" + }, + "AttributeMapping": { + "email": "email" + }, + "IdpIdentifiers": [ + "mysso", + "mysamlsso" + ], + "LastModifiedDate": 1705616729.188, + "CreationDate": 1643734622.919 + } + } + +For more information, see [Third-party IdP sign-in](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation.html) in the _Amazon Cognito Developer Guide_. + + * For API details, see [GetIdentityProviderByIdentifier](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-identity-provider-by-identifier.html) in _AWS CLI Command Reference_. @@ -2977 +3015,0 @@ The following code example shows how to use `get-signing-certificate`. -This example gets a signing certificate for a user pool. @@ -2979 +3016,0 @@ This example gets a signing certificate for a user pool. -Command: @@ -2982 +3019,12 @@ Command: - aws cognito-idp get-signing-certificate --user-pool-id us-west-2_aaaaaaaaa +The following code example shows how to use `get-log-delivery-configuration`. + +**AWS CLI** + + +**To display the log delivery configuration** + +The following `get-log-delivery-configuration` example displays the log export settings of the requested user pool. + + + aws cognito-idp get-log-delivery-configuration \ + --user-pool-id us-west-2_EXAMPLE @@ -2989 +3037,15 @@ Output: - "Certificate": "CERTIFICATE_DATA" + "LogDeliveryConfiguration": { + "UserPoolId": "us-west-2_EXAMPLE", + "LogConfigurations": [ + { + "LogLevel": "INFO", + "EventSource": "userAuthEvents", + "FirehoseConfiguration": { + "StreamArn": "arn:aws:firehose:us-west-2:123456789012:deliverystream/my-test-deliverystream" + } + }, + { + "LogLevel": "ERROR", + "EventSource": "userNotification", + "CloudWatchLogsConfiguration": { + "LogGroupArn": "arn:aws:logs:us-west-2:123456789012:log-group:my-message-delivery-logs" @@ -2990,0 +3053,34 @@ Output: + } + ] + } + } + +For more information, see [Exporting user pool logs](https://docs.aws.amazon.com/cognito/latest/developerguide/exporting-quotas-and-usage.html) in the _Amazon Cognito Developer Guide_. + + * For API details, see [GetLogDeliveryConfiguration](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-log-delivery-configuration.html) in _AWS CLI Command Reference_. + + + + +The following code example shows how to use `get-signing-certificate`. + +**AWS CLI** + + +**To display the SAML signing certificate** + +The following `get-signing-certificate` example displays the SAML 2.0 signing certificate for the request user pool. + + + aws cognito-idp get-signing-certificate \ + --user-pool-id us-west-2_EXAMPLE + + +Output: + + + { + "Certificate": "[Certificate content]" + } + +For more information, see [SAML signing and encryption](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html) in the _Amazon Cognito Developer Guide_. @@ -3002,3 +3098 @@ The following code example shows how to use `get-ui-customization`. -**To get UI customization information** - -This example gets UI customization information for a user pool. +**To display the classic hosted UI customization settings for an app client** @@ -3006 +3100 @@ This example gets UI customization information for a user pool. -Command: +The following `get-ui-customization` example displays the classic hosted UI customization settings for an app client that doesn't inherit settings from the user pool. @@ -3009 +3103,3 @@ Command: - aws cognito-idp get-ui-customization --user-pool-id us-west-2_aaaaaaaaa + aws cognito-idp get-ui-customization \ + --user-pool-id us-west-2_EXAMPLE \ + --client-id 1example23456789 @@ -3017,5 +3113,5 @@ Output: - "UserPoolId": "us-west-2_aaaaaaaaa", - "ClientId": "ALL", - "ImageUrl": "https://aaaaaaaaaaaaa.cloudfront.net/us-west-2_aaaaaaaaa/ALL/20190128231240/assets/images/image.jpg", - "CSS": ".logo-customizable {\n\tmax-width: 60%;\n\tmax-height: 30%;\n}\n.banner-customizable {\n\tpadding: 25px 0px 25px 10px;\n\tbackground-color: lightgray;\n}\n.label-customizable {\n\tfont-weight: 300;\n}\n.textDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.idpDescription-customizable {\n\tpadding-top: 10px;\n\tpadding-bottom: 10px;\n\tdisplay: block;\n\tfont-size: 16px;\n}\n.legalText-customizable {\n\tcolor: #747474;\n\tfont-size: 11px;\n}\n.submitButton-customizable {\n\tfont-size: 14px;\n\tfont-weight: bold;\n\tmargin: 20px 0px 10px 0px;\n\theight: 40px;\n\twidth: 100%;\n\tcolor: #fff;\n\tbackground-color: #337ab7;\n}\n.submitButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #286090;\n}\n.errorMessage-customizable {\n\tpadding: 5px;\n\tfont-size: 14px;\n\twidth: 100%;\n\tbackground: #F5F5F5;\n\tborder: 2px solid #D64958;\n\tcolor: #D64958;\n}\n.inputField-customizable {\n\twidth: 100%;\n\theight: 34px;\n\tcolor: #555;\n\tbackground-color: #fff;\n\tborder: 1px solid #ccc;\n}\n.inputField-customizable:focus {\n\tborder-color: #66afe9;\n\toutline: 0;\n}\n.idpButton-customizable {\n\theight: 40px;\n\twidth: 100%;\n\ttext-align: center;\n\tmargin-bottom: 15px;\n\tcolor: #fff;\n\tbackground-color: #5bc0de;\n\tborder-color: #46b8da;\n}\n.idpButton-customizable:hover {\n\tcolor: #fff;\n\tbackground-color: #31b0d5;\n}\n.socialButton-customizable {\n\theight: 40px;\n\ttext-align: left;\n\twidth: 100%;\n\tmargin-bottom: 15px;\n}\n.redirect-customizable {\n\ttext-align: center;\n}\n.passwordCheck-notValid-customizable {\n\tcolor: #DF3312;\n}\n.passwordCheck-valid-customizable {\n\tcolor: #19BF00;\n}\n.background-customizable {\n\tbackground-color: #faf;\n}\n", - "CSSVersion": "20190128231240" + "UserPoolId": "us-west-2_EXAMPLE", + "ClientId": "1example23456789", + "ImageUrl": "https://example.cloudfront.net/us-west-2_EXAMPLE/1example23456789/20250115191928/assets/images/image.jpg", + "CSS": "\n.logo-customizable {\n max-width: 80%;\n max-height: 30%;\n}\n\n.banner-customizable {\n padding: 25px 0px 25px 0px;\n background-color: lightgray;\n}\n\n.label-customizable {\n font-weight: 400;\n}\n\n.textDescription-customizable {\n padding-top: 100px;\n padding-bottom: 10px;\n display: block;\n font-size: 12px;\n}\n\n.idpDescription-customizable {\n padding-top: 10px;\n padding-bottom: 10px;\n display: block;\n font-size: 16px;\n}\n\n.legalText-customizable {\n color: #747474;\n font-size: 11px;\n}\n\n.submitButton-customizable {\n font-size: 14px;\n font-weight: bold;\n margin: 20px 0px 10px 0px;\n height: 50px;\n width: 100%;\n color: #fff;\n background-color: #337ab7;\n}\n\n.submitButton-customizable:hover {\n color: #fff;\n background-color: #286090;\n}\n\n.errorMessage-customizable {\n padding: 5px;\n font-size: 12px;\n width: 100%;\n background: #F5F5F5;\n border: 2px solid #D64958;\n color: #D64958;\n}\n\n.inputField-customizable {\n width: 100%;\n height: 34px;\n color: #555;\n background-color: #fff;\n border: 1px solid #ccc;\n}\n\n.inputField-customizable:focus {\n border-color: #66afe9;\n outline: 0;\n}\n\n.idpButton-customizable {\n height: 40px;\n width: 100%;\n width: 100%;\n text-align: center;\n margin-bottom: 15px;\n color: #fff;\n background-color: #5bc0de;\n border-color: #46b8da;\n}\n\n.idpButton-customizable:hover {\n color: #fff;\n background-color: #31b0d5;\n}\n\n.socialButton-customizable {\n border-radius: 2px;\n height: 60px;\n margin-bottom: 15px;\n padding: 1px;\n text-align: left;\n width: 100%;\n}\n\n.redirect-customizable {\n text-align: center;\n}\n\n.passwordCheck-notValid-customizable {\n color: #DF3312;\n}\n\n.passwordCheck-valid-customizable {\n color: #19BF00;\n}\n\n.background-customizable {\n background-color: #fff;\n}\n", + "CSSVersion": "20250115191928" @@ -3024,0 +3121,2 @@ Output: +For more information, see [Hosted UI (classic) branding](https://docs.aws.amazon.com/cognito/latest/developerguide/hosted-ui-classic-branding.html) in the _Amazon Cognito Developer Guide_. + @@ -3030 +3128 @@ Output: -The following code example shows how to use `list-devices`. +The following code example shows how to use `get-user-attribute-verification-code`. @@ -3035 +3133 @@ The following code example shows how to use `list-devices`. -**To list devices for a user** +**To send an attribute verification code to the current user** @@ -3037 +3135 @@ The following code example shows how to use `list-devices`. -The following `list-devices` example lists devices for the currently sign-in user. +The following `get-user-attribute-verification-code` example sends an attribute verification code to the currently signed-in user's email address. @@ -3040,2 +3138 @@ The following `list-devices` example lists devices for the currently sign-in use - aws cognito-idp admin-list-devices \ - --user-pool-id us-west-2_EXAMPLE \ + aws cognito-idp get-user-attribute-verification-code \ @@ -3043 +3140 @@ The following `list-devices` example lists devices for the currently sign-in use - --limit 1 + --attribute-name email @@ -3050 +3147,208 @@ Output: - "Devices": [ + "CodeDeliveryDetails": { + "Destination": "a***@e***", + "DeliveryMedium": "EMAIL", + "AttributeName": "email" + } + } + +For more information, see [Signing up and confirming user accounts](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html) in the _Amazon Cognito Developer Guide_. + + * For API details, see [GetUserAttributeVerificationCode](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/get-user-attribute-verification-code.html) in _AWS CLI Command Reference_. + + + + +The following code example shows how to use `get-user-auth-factors`. + +**AWS CLI** + + +**To list the authentication factors available to the current user** + +The following `get-user-auth-factors` example lists the available authentication factors for the currently signed-in user. + + + aws cognito-idp get-user-auth-factors \ + --access-token eyJra456defEXAMPLE + + +Output: + + + { + "Username": "testuser", + "ConfiguredUserAuthFactors": [ + "PASSWORD", + "EMAIL_OTP",