CognitoIdentityProvider / Client / list_users_in_group

list_users_in_group#

CognitoIdentityProvider.Client.list_users_in_group(**kwargs)#

Given a user pool ID and a group name, returns a list of users in the group. For more information about user pool groups, see Adding groups to a user pool.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.list_users_in_group(
    UserPoolId='string',
    GroupName='string',
    Limit=123,
    NextToken='string'
)
Parameters:

  • UserPoolId (string) –

    [REQUIRED]

    The ID of the user pool where you want to view the membership of the requested group.

  • GroupName (string) –

    [REQUIRED]

    The name of the group that you want to query for user membership.

  • Limit (integer) – The maximum number of groups that you want Amazon Cognito to return in the response.

  • NextToken (string) – This API operation returns a limited number of results. The pagination token is an identifier that you can present in an additional API request with the same parameters. When you include the pagination token, Amazon Cognito returns the next set of items after the current list. Subsequent requests return a new pagination token. By use of this token, you can paginate through the full list of items.

Return type:

dict

Returns:

Response Syntax

{
    'Users': [
        {
            'Username': 'string',
            'Attributes': [
                {
                    'Name': 'string',
                    'Value': 'string'
                },
            ],
            'UserCreateDate': datetime(2015, 1, 1),
            'UserLastModifiedDate': datetime(2015, 1, 1),
            'Enabled': True|False,
            'UserStatus': 'UNCONFIRMED'|'CONFIRMED'|'ARCHIVED'|'COMPROMISED'|'UNKNOWN'|'RESET_REQUIRED'|'FORCE_CHANGE_PASSWORD'|'EXTERNAL_PROVIDER',
            'MFAOptions': [
                {
                    'DeliveryMedium': 'SMS'|'EMAIL',
                    'AttributeName': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • Users (list) –

      An array of users who are members in the group, and their attributes.

      • (dict) –

        A user profile in a Amazon Cognito user pool.

        • Username (string) –

          The user’s username.

        • Attributes (list) –

          Names and values of a user’s attributes, for example email.

          • (dict) –

            The name and value of a user attribute.

            • Name (string) –

              The name of the attribute.

            • Value (string) –

              The value of the attribute.

        • UserCreateDate (datetime) –

          The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

        • UserLastModifiedDate (datetime) –

          The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java Date object.

        • Enabled (boolean) –

          Indicates whether the user’s account is enabled or disabled.

        • UserStatus (string) –

          The user status. This can be one of the following:

          • UNCONFIRMED - User has been created but not confirmed.

          • CONFIRMED - User has been confirmed.

          • EXTERNAL_PROVIDER - User signed in with a third-party IdP.

          • UNKNOWN - User status isn’t known.

          • RESET_REQUIRED - User is confirmed, but the user must request a code and reset their password before they can sign in.

          • FORCE_CHANGE_PASSWORD - The user is confirmed and the user can sign in using a temporary password, but on first sign-in, the user must change their password to a new value before doing anything else.

        • MFAOptions (list) –

          The user’s MFA configuration.

          • (dict) –

            This data type is no longer supported. Applies only to SMS multi-factor authentication (MFA) configurations. Does not apply to time-based one-time password (TOTP) software token MFA configurations.

            • DeliveryMedium (string) –

              The delivery medium to send the MFA code. You can use this parameter to set only the SMS delivery medium value.

            • AttributeName (string) –

              The attribute name of the MFA option type. The only valid value is phone_number.

    • NextToken (string) –

      The identifier that Amazon Cognito returned with the previous request to this operation. When you include a pagination token in your request, Amazon Cognito returns the next set of items in the list. By use of this token, you can paginate through the full list of items.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException