CognitoIdentityProvider / Client / admin_list_user_auth_events

admin_list_user_auth_events#

CognitoIdentityProvider.Client.admin_list_user_auth_events(**kwargs)#

Requests a history of user activity and any risks detected as part of Amazon Cognito threat protection. For more information, see Viewing user event history.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.admin_list_user_auth_events(
    UserPoolId='string',
    Username='string',
    MaxResults=123,
    NextToken='string'
)
Parameters:
  • UserPoolId (string) –

    [REQUIRED]

    The Id of the user pool that contains the user profile with the logged events.

  • Username (string) –

    [REQUIRED]

    The username of the user that you want to query or modify. The value of this parameter is typically your user’s username, but it can be any of their alias attributes. If username isn’t an alias attribute in your user pool, this value must be the sub of a local user or the username of a user from a third-party IdP.

  • MaxResults (integer) – The maximum number of authentication events to return. Returns 60 events if you set MaxResults to 0, or if you don’t include a MaxResults parameter.

  • NextToken (string) – This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

Return type:

dict

Returns:

Response Syntax

{
    'AuthEvents': [
        {
            'EventId': 'string',
            'EventType': 'SignIn'|'SignUp'|'ForgotPassword'|'PasswordChange'|'ResendCode',
            'CreationDate': datetime(2015, 1, 1),
            'EventResponse': 'Pass'|'Fail'|'InProgress',
            'EventRisk': {
                'RiskDecision': 'NoRisk'|'AccountTakeover'|'Block',
                'RiskLevel': 'Low'|'Medium'|'High',
                'CompromisedCredentialsDetected': True|False
            },
            'ChallengeResponses': [
                {
                    'ChallengeName': 'Password'|'Mfa',
                    'ChallengeResponse': 'Success'|'Failure'
                },
            ],
            'EventContextData': {
                'IpAddress': 'string',
                'DeviceName': 'string',
                'Timezone': 'string',
                'City': 'string',
                'Country': 'string'
            },
            'EventFeedback': {
                'FeedbackValue': 'Valid'|'Invalid',
                'Provider': 'string',
                'FeedbackDate': datetime(2015, 1, 1)
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • AuthEvents (list) –

      The response object. It includes the EventID, EventType, CreationDate, EventRisk, and EventResponse.

      • (dict) –

        One authentication event that Amazon Cognito logged in a user pool with advanced security features active. Contains user and device metadata and a risk assessment from your user pool.

        This data type is a request parameter of AdminListUserAuthEvents.

        • EventId (string) –

          The event ID.

        • EventType (string) –

          The type of authentication event.

        • CreationDate (datetime) –

          The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

        • EventResponse (string) –

          The event response.

        • EventRisk (dict) –

          The threat evaluation from your user pool about an event. Contains information about whether your user pool detected compromised credentials, whether the event triggered an automated response, and the level of risk.

          • RiskDecision (string) –

            The action taken by adaptive authentication. If NoRisk, your user pool took no action. If AccountTakeover, your user pool applied the adaptive authentication automated response that you configured. If Block, your user pool prevented the attempt.

          • RiskLevel (string) –

            The risk level that adaptive authentication assessed for the authentication event.

          • CompromisedCredentialsDetected (boolean) –

            Indicates whether compromised credentials were detected during an authentication event.

        • ChallengeResponses (list) –

          A list of the challenges that the user was requested to answer, for example Password, and the result, for example Success.

          • (dict) –

            The responses to the challenge that you received in the previous request. Each challenge has its own required response parameters. The following examples are partial JSON request bodies that highlight challenge-response parameters.

            Warning

            You must provide a SECRET_HASH parameter in all challenge responses to an app client that has a client secret. Include a DEVICE_KEY for device authentication.

            SELECT_CHALLENGE

            "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "USERNAME": "[username]", "ANSWER": "[Challenge name]"}

            Available challenges are PASSWORD, PASSWORD_SRP, EMAIL_OTP, SMS_OTP, and WEB_AUTHN.

            Complete authentication in the SELECT_CHALLENGE response for PASSWORD, PASSWORD_SRP, and WEB_AUTHN:

            • "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "WEB_AUTHN", "USERNAME": "[username]", "CREDENTIAL": "[AuthenticationResponseJSON]"} See AuthenticationResponseJSON.

            • "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "PASSWORD", "USERNAME": "[username]", "PASSWORD": "[password]"}

            • "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "PASSWORD_SRP", "USERNAME": "[username]", "SRP_A": "[SRP_A]"}

            For SMS_OTP and EMAIL_OTP, respond with the username and answer. Your user pool will send a code for the user to submit in the next challenge response.

            • "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "SMS_OTP", "USERNAME": "[username]"}

            • "ChallengeName": "SELECT_CHALLENGE", "ChallengeResponses": { "ANSWER": "EMAIL_OTP", "USERNAME": "[username]"}

              SMS_OTP

            "ChallengeName": "SMS_OTP", "ChallengeResponses": {"SMS_OTP_CODE": "[code]", "USERNAME": "[username]"}

            EMAIL_OTP

            "ChallengeName": "EMAIL_OTP", "ChallengeResponses": {"EMAIL_OTP_CODE": "[code]", "USERNAME": "[username]"}

            SMS_MFA

            "ChallengeName": "SMS_MFA", "ChallengeResponses": {"SMS_MFA_CODE": "[code]", "USERNAME": "[username]"}

            PASSWORD_VERIFIER

            This challenge response is part of the SRP flow. Amazon Cognito requires that your application respond to this challenge within a few seconds. When the response time exceeds this period, your user pool returns a NotAuthorizedException error.

            "ChallengeName": "PASSWORD_VERIFIER", "ChallengeResponses": {"PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}

            Add "DEVICE_KEY" when you sign in with a remembered device.

            CUSTOM_CHALLENGE

            "ChallengeName": "CUSTOM_CHALLENGE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[challenge_answer]"}

            Add "DEVICE_KEY" when you sign in with a remembered device.

            NEW_PASSWORD_REQUIRED

            "ChallengeName": "NEW_PASSWORD_REQUIRED", "ChallengeResponses": {"NEW_PASSWORD": "[new_password]", "USERNAME": "[username]"}

            To set any required attributes that InitiateAuth returned in an requiredAttributes parameter, add "userAttributes.[attribute_name]": "[attribute_value]". This parameter can also set values for writable attributes that aren’t required by your user pool.

            Note

            In a NEW_PASSWORD_REQUIRED challenge response, you can’t modify a required attribute that already has a value. In RespondToAuthChallenge, set a value for any keys that Amazon Cognito returned in the requiredAttributes parameter, then use the UpdateUserAttributes API operation to modify the value of any additional attributes.

            SOFTWARE_TOKEN_MFA

            "ChallengeName": "SOFTWARE_TOKEN_MFA", "ChallengeResponses": {"USERNAME": "[username]", "SOFTWARE_TOKEN_MFA_CODE": [authenticator_code]}

            DEVICE_SRP_AUTH

            "ChallengeName": "DEVICE_SRP_AUTH", "ChallengeResponses": {"USERNAME": "[username]", "DEVICE_KEY": "[device_key]", "SRP_A": "[srp_a]"}

            DEVICE_PASSWORD_VERIFIER

            "ChallengeName": "DEVICE_PASSWORD_VERIFIER", "ChallengeResponses": {"DEVICE_KEY": "[device_key]", "PASSWORD_CLAIM_SIGNATURE": "[claim_signature]", "PASSWORD_CLAIM_SECRET_BLOCK": "[secret_block]", "TIMESTAMP": [timestamp], "USERNAME": "[username]"}

            MFA_SETUP

            "ChallengeName": "MFA_SETUP", "ChallengeResponses": {"USERNAME": "[username]"}, "SESSION": "[Session ID from VerifySoftwareToken]"

            SELECT_MFA_TYPE

            "ChallengeName": "SELECT_MFA_TYPE", "ChallengeResponses": {"USERNAME": "[username]", "ANSWER": "[SMS_MFA or SOFTWARE_TOKEN_MFA]"}

            For more information about SECRET_HASH, see Computing secret hash values. For information about DEVICE_KEY, see Working with user devices in your user pool.

            This data type is a request parameter of RespondToAuthChallenge and AdminRespondToAuthChallenge.

            • ChallengeName (string) –

              The type of challenge that your previous authentication request returned in the parameter ChallengeName, for example SMS_MFA.

            • ChallengeResponse (string) –

              The set of key-value pairs that provides a response to the requested challenge.

        • EventContextData (dict) –

          The user context data captured at the time of an event request. This value provides additional information about the client from which event the request is received.

          • IpAddress (string) –

            The source IP address of your user’s device.

          • DeviceName (string) –

            The user’s device name.

          • Timezone (string) –

            The user’s time zone.

          • City (string) –

            The user’s city.

          • Country (string) –

            The user’s country.

        • EventFeedback (dict) –

          The UpdateAuthEventFeedback or AdminUpdateAuthEventFeedback feedback that you or your user provided in response to the event. A value of Valid indicates that you disagreed with the level of risk that your user pool assigned, and evaluated a session to be valid, or likely safe. A value of Invalid indicates that you agreed with the user pool risk level and evaluated a session to be invalid, or likely malicious.

          • FeedbackValue (string) –

            The authentication event feedback value. When you provide a FeedbackValue value of valid, you tell Amazon Cognito that you trust a user session where Amazon Cognito has evaluated some level of risk. When you provide a FeedbackValue value of invalid, you tell Amazon Cognito that you don’t trust a user session, or you don’t believe that Amazon Cognito evaluated a high-enough risk level.

          • Provider (string) –

            The submitter of the event feedback. For example, if you submit event feedback in the Amazon Cognito console, this value is Admin.

          • FeedbackDate (datetime) –

            The date that you or your user submitted the feedback.

    • NextToken (string) –

      The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.UserNotFoundException

  • CognitoIdentityProvider.Client.exceptions.UserPoolAddOnNotEnabledException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException