CognitoIdentityProvider / Client / admin_user_global_sign_out

admin_user_global_sign_out

CognitoIdentityProvider.Client.admin_user_global_sign_out(**kwargs)

Signs out a user from all devices. AdminUserGlobalSignOut invalidates all identity, access and refresh tokens that Amazon Cognito has issued to a user. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the 1-hour cookie validity period.

Your app isn’t aware that a user’s access token is revoked unless it attempts to authorize a user pools API request with an access token that contains the scope aws.cognito.signin.user.admin. Your app might otherwise accept access tokens until they expire.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

See also: AWS API Documentation

Request Syntax

response = client.admin_user_global_sign_out(
    UserPoolId='string',
    Username='string'
)

Parameters:

• UserPoolId (string) –

  [REQUIRED]

  The user pool ID.

• Username (string) –

  [REQUIRED]

  The user name.

Return type:

dict

Returns:

Response Syntax

{}

Response Structure

• (dict) –

  The global sign-out response, as an administrator.

Exceptions

• CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

• CognitoIdentityProvider.Client.exceptions.InvalidParameterException

• CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

• CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

• CognitoIdentityProvider.Client.exceptions.UserNotFoundException

• CognitoIdentityProvider.Client.exceptions.InternalErrorException