/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the cognito-idp-2016-04-18.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.CognitoIdentityProvider.Model
{
///
/// Container for the parameters to the AdminLinkProviderForUser operation.
/// Links an existing user account in a user pool (DestinationUser) to an
/// identity from an external IdP (SourceUser) based on a specified attribute
/// name and value from the external IdP. This allows you to create a link from the existing
/// user account to an external federated user identity that has not yet been used to
/// sign in. You can then use the federated user identity to sign in as the existing user
/// account.
///
///
///
/// For example, if there is an existing user with a username and password, this API
/// links that user to a federated user identity. When the user signs in with a federated
/// user identity, they sign in as the existing user account.
///
///
///
/// The maximum number of federated identities linked to a user is five.
///
///
///
/// Because this API allows a user with an external federated identity to sign in as an
/// existing user in the user pool, it is critical that it only be used with external
/// IdPs and provider attributes that have been trusted by the application owner.
///
///
///
/// This action is administrative and requires developer credentials.
///
///
public partial class AdminLinkProviderForUserRequest : AmazonCognitoIdentityProviderRequest
{
private ProviderUserIdentifierType _destinationUser;
private ProviderUserIdentifierType _sourceUser;
private string _userPoolId;
///
/// Gets and sets the property DestinationUser.
///
/// The existing user in the user pool that you want to assign to the external IdP user
/// account. This user can be a native (Username + Password) Amazon Cognito user pools
/// user or a federated user (for example, a SAML or Facebook user). If the user doesn't
/// exist, Amazon Cognito generates an exception. Amazon Cognito returns this user when
/// the new user (with the linked IdP attribute) signs in.
///
///
///
/// For a native username + password user, the ProviderAttributeValue for
/// the DestinationUser should be the username in the user pool. For a federated
/// user, it should be the provider-specific user_id.
///
///
///
/// The ProviderAttributeName of the DestinationUser is ignored.
///
///
///
/// The ProviderName should be set to Cognito for users in Cognito
/// user pools.
///
///
///
/// All attributes in the DestinationUser profile must be mutable. If you have assigned
/// the user any immutable custom attributes, the operation won't succeed.
///
///
///
[AWSProperty(Required=true)]
public ProviderUserIdentifierType DestinationUser
{
get { return this._destinationUser; }
set { this._destinationUser = value; }
}
// Check to see if DestinationUser property is set
internal bool IsSetDestinationUser()
{
return this._destinationUser != null;
}
///
/// Gets and sets the property SourceUser.
///
/// An external IdP account for a user who doesn't exist yet in the user pool. This user
/// must be a federated user (for example, a SAML or Facebook user), not another native
/// user.
///
///
///
/// If the SourceUser is using a federated social IdP, such as Facebook,
/// Google, or Login with Amazon, you must set the ProviderAttributeName
/// to Cognito_Subject. For social IdPs, the ProviderName will
/// be Facebook, Google, or LoginWithAmazon, and
/// Amazon Cognito will automatically parse the Facebook, Google, and Login with Amazon
/// tokens for id, sub, and user_id, respectively.
/// The ProviderAttributeValue for the user must be the same value as the
/// id, sub, or user_id value found in the social
/// IdP token.
///
///
///
/// For SAML, the ProviderAttributeName can be any value that matches a claim
/// in the SAML assertion. If you want to link SAML users based on the subject of the
/// SAML assertion, you should map the subject to a claim through the SAML IdP and submit
/// that claim name as the ProviderAttributeName. If you set ProviderAttributeName
/// to Cognito_Subject, Amazon Cognito will automatically parse the default
/// unique identifier found in the subject from the SAML token.
///
///
[AWSProperty(Required=true)]
public ProviderUserIdentifierType SourceUser
{
get { return this._sourceUser; }
set { this._sourceUser = value; }
}
// Check to see if SourceUser property is set
internal bool IsSetSourceUser()
{
return this._sourceUser != null;
}
///
/// Gets and sets the property UserPoolId.
///
/// The user pool ID for the user pool.
///
///
[AWSProperty(Required=true)]
public string UserPoolId
{
get { return this._userPoolId; }
set { this._userPoolId = value; }
}
// Check to see if UserPoolId property is set
internal bool IsSetUserPoolId()
{
return this._userPoolId != null;
}
}
}