CognitoIdentityProvider / Client / list_users

list_users#

CognitoIdentityProvider.Client.list_users(**kwargs)#

Lists the users in the Amazon Cognito user pool.

See also: AWS API Documentation

Request Syntax

response = client.list_users(
    UserPoolId='string',
    AttributesToGet=[
        'string',
    ],
    Limit=123,
    PaginationToken='string',
    Filter='string'
)
Parameters:
  • UserPoolId (string) –

    [REQUIRED]

    The user pool ID for the user pool on which the search should be performed.

  • AttributesToGet (list) –

    An array of strings, where each string is the name of a user attribute to be returned for each user in the search results. If the array is null, all attributes are returned.

    • (string) –

  • Limit (integer) – Maximum number of users to be returned.

  • PaginationToken (string) – An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

  • Filter (string) –

    A filter string of the form “AttributeName Filter-TypeAttributeValue””. Quotation marks within the filter string must be escaped using the backslash () character. For example, “ family_name = "Reddy"”.

    • AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.

    • Filter-Type: For an exact match, use =, for example, “ given_name = "Jon"”. For a prefix (“starts with”) match, use ^=, for example, “ given_name ^= "Jon"”.

    • AttributeValue: The attribute value that must be matched for each user.

    If the filter string is empty, ListUsers returns all users in the user pool.

    You can only search for the following standard attributes:

    • username (case-sensitive)

    • email

    • phone_number

    • name

    • given_name

    • family_name

    • preferred_username

    • cognito:user_status (called Status in the Console) (case-insensitive)

    • status (called **Enabled** in the Console) (case-sensitive)

    • sub

    Custom attributes aren’t searchable.

    Note

    You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the --query parameter of the list-users action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.

    For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.

    For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.

Return type:

dict

Returns:

Response Syntax

{
    'Users': [
        {
            'Username': 'string',
            'Attributes': [
                {
                    'Name': 'string',
                    'Value': 'string'
                },
            ],
            'UserCreateDate': datetime(2015, 1, 1),
            'UserLastModifiedDate': datetime(2015, 1, 1),
            'Enabled': True|False,
            'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
            'MFAOptions': [
                {
                    'DeliveryMedium': 'SMS'|'EMAIL',
                    'AttributeName': 'string'
                },
            ]
        },
    ],
    'PaginationToken': 'string'
}

Response Structure

  • (dict) –

    The response from the request to list users.

    • Users (list) –

      The users returned in the request to list users.

      • (dict) –

        A user profile in a Amazon Cognito user pool.

        • Username (string) –

          The user name of the user you want to describe.

        • Attributes (list) –

          A container with information about the user type attributes.

          • (dict) –

            Specifies whether the attribute is standard or custom.

            • Name (string) –

              The name of the attribute.

            • Value (string) –

              The value of the attribute.

        • UserCreateDate (datetime) –

          The creation date of the user.

        • UserLastModifiedDate (datetime) –

          The last modified date of the user.

        • Enabled (boolean) –

          Specifies whether the user is enabled.

        • UserStatus (string) –

          The user status. This can be one of the following:

          • UNCONFIRMED - User has been created but not confirmed.

          • CONFIRMED - User has been confirmed.

          • EXTERNAL_PROVIDER - User signed in with a third-party IdP.

          • ARCHIVED - User is no longer active.

          • UNKNOWN - User status isn’t known.

          • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.

          • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

        • MFAOptions (list) –

          The MFA options for the user.

          • (dict) –

            This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

            • DeliveryMedium (string) –

              The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

            • AttributeName (string) –

              The attribute name of the MFA option type. The only valid value is phone_number.

    • PaginationToken (string) –

      An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException