update_identity_provider

update_identity_provider(**kwargs)

Updates IdP information for a user pool.

See also: AWS API Documentation

Request Syntax

response = client.update_identity_provider(
    UserPoolId='string',
    ProviderName='string',
    ProviderDetails={
        'string': 'string'
    },
    AttributeMapping={
        'string': 'string'
    },
    IdpIdentifiers=[
        'string',
    ]
)
Parameters
  • UserPoolId (string) --

    [REQUIRED]

    The user pool ID.

  • ProviderName (string) --

    [REQUIRED]

    The IdP name.

  • ProviderDetails (dict) --

    The IdP details to be updated, such as MetadataURL and MetadataFile .

    • (string) --
      • (string) --
  • AttributeMapping (dict) --

    The IdP attribute mapping to be changed.

    • (string) --
      • (string) --
  • IdpIdentifiers (list) --

    A list of IdP identifiers.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'IdentityProvider': {
        'UserPoolId': 'string',
        'ProviderName': 'string',
        'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
        'ProviderDetails': {
            'string': 'string'
        },
        'AttributeMapping': {
            'string': 'string'
        },
        'IdpIdentifiers': [
            'string',
        ],
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • IdentityProvider (dict) --

      The identity provider details.

      • UserPoolId (string) --

        The user pool ID.

      • ProviderName (string) --

        The IdP name.

      • ProviderType (string) --

        The IdP type.

      • ProviderDetails (dict) --

        The IdP details. The following list describes the provider detail keys for each IdP type.

        • For Google and Login with Amazon:
          • client_id
          • client_secret
          • authorize_scopes
        • For Facebook:
          • client_id
          • client_secret
          • authorize_scopes
          • api_version
        • For Sign in with Apple:
          • client_id
          • team_id
          • key_id
          • private_key You can submit a private_key when you add or update an IdP. Describe operations don't return the private key.
          • authorize_scopes
        • For OIDC providers:
          • client_id
          • client_secret
          • attributes_request_method
          • oidc_issuer
          • authorize_scopes
          • The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
            • authorize_url
            • token_url
            • attributes_url
            • jwks_uri
          • Amazon Cognito sets the value of the following keys automatically. They are read-only.
            • attributes_url_add_attributes
        • For SAML providers:
          • MetadataFile or MetadataURL
          • IDPSignout optional
        • (string) --
          • (string) --
      • AttributeMapping (dict) --

        A mapping of IdP attributes to standard and custom user pool attributes.

        • (string) --
          • (string) --
      • IdpIdentifiers (list) --

        A list of IdP identifiers.

        • (string) --
      • LastModifiedDate (datetime) --

        The date the IdP was last modified.

      • CreationDate (datetime) --

        The date the IdP was created.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException
  • CognitoIdentityProvider.Client.exceptions.UnsupportedIdentityProviderException
  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
  • CognitoIdentityProvider.Client.exceptions.ConcurrentModificationException
  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
  • CognitoIdentityProvider.Client.exceptions.InternalErrorException