CognitoIdentityProvider / Client / list_users

list_users

CognitoIdentityProvider.Client.list_users(**kwargs)

Lists users and their basic details in a user pool.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

• Signing Amazon Web Services API Requests

• Using the Amazon Cognito user pools API and user pool endpoints

See also: AWS API Documentation

Request Syntax

response = client.list_users(
    UserPoolId='string',
    AttributesToGet=[
        'string',
    ],
    Limit=123,
    PaginationToken='string',
    Filter='string'
)

Parameters:

• UserPoolId (string) –

  [REQUIRED]

  The user pool ID for the user pool on which the search should be performed.

• AttributesToGet (list) –

  A JSON array of user attribute names, for example given_name, that you want Amazon Cognito to include in the response for each user. When you don’t provide an AttributesToGet parameter, Amazon Cognito returns all attributes for each user.

  • (string) –

• Limit (integer) – Maximum number of users to be returned.

• PaginationToken (string) – An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

• Filter (string) –

  A filter string of the form “AttributeName Filter-Type “AttributeValue””. Quotation marks within the filter string must be escaped using the backslash () character. For example, “ family_name = "Reddy"”.

  • AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.

  • Filter-Type: For an exact match, use =, for example, “ given_name = "Jon"”. For a prefix (“starts with”) match, use ^=, for example, “ given_name ^= "Jon"”.

  • AttributeValue: The attribute value that must be matched for each user.

  If the filter string is empty, ListUsers returns all users in the user pool.

  You can only search for the following standard attributes:

  • username (case-sensitive)

  • email

  • phone_number

  • name

  • given_name

  • family_name

  • preferred_username

  • cognito:user_status (called Status in the Console) (case-insensitive)

  • status (called **Enabled** in the Console) (case-sensitive)

  • sub

  Custom attributes aren’t searchable.

  Note

  You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the --query parameter of the list-users action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.

  For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.

  For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.

Return type:

dict

Returns:

Response Syntax

{
    'Users': [
        {
            'Username': 'string',
            'Attributes': [
                {
                    'Name': 'string',
                    'Value': 'string'
                },
            ],
            'UserCreateDate': datetime(2015, 1, 1),
            'UserLastModifiedDate': datetime(2015, 1, 1),
            'Enabled': True|False,
            'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD',
            'MFAOptions': [
                {
                    'DeliveryMedium': 'SMS'|'EMAIL',
                    'AttributeName': 'string'
                },
            ]
        },
    ],
    'PaginationToken': 'string'
}

Response Structure

• (dict) –

  The response from the request to list users.

  • Users (list) –

    A list of the user pool users, and their attributes, that match your query.

    Note

    Amazon Cognito creates a profile in your user pool for each native user in your user pool, and each unique user ID from your third-party identity providers (IdPs). When you link users with the AdminLinkProviderForUser API operation, the output of ListUsers displays both the IdP user and the native user that you linked. You can identify IdP users in the Users object of this API response by the IdP prefix that Amazon Cognito appends to Username.

    • (dict) –

      A user profile in a Amazon Cognito user pool.

      • Username (string) –

        The user name of the user you want to describe.

      • Attributes (list) –

        A container with information about the user type attributes.

        • (dict) –

          Specifies whether the attribute is standard or custom.

          • Name (string) –

            The name of the attribute.

          • Value (string) –

            The value of the attribute.

      • UserCreateDate (datetime) –

        The creation date of the user.

      • UserLastModifiedDate (datetime) –

        The date and time, in ISO 8601 format, when the item was modified.

      • Enabled (boolean) –

        Specifies whether the user is enabled.

      • UserStatus (string) –

        The user status. This can be one of the following:

        • UNCONFIRMED - User has been created but not confirmed.

        • CONFIRMED - User has been confirmed.

        • EXTERNAL_PROVIDER - User signed in with a third-party IdP.

        • UNKNOWN - User status isn’t known.

        • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.

        • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

      • MFAOptions (list) –

        The MFA options for the user.

        • (dict) –

          This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

          • DeliveryMedium (string) –

            The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

          • AttributeName (string) –

            The attribute name of the MFA option type. The only valid value is phone_number.

  • PaginationToken (string) –

    An identifier that was returned from the previous call to this operation, which can be used to return the next set of items in the list.

Exceptions

• CognitoIdentityProvider.Client.exceptions.InvalidParameterException

• CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

• CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

• CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

• CognitoIdentityProvider.Client.exceptions.InternalErrorException