-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon Cognito Identity SDK.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   Lenses are used for constructing and manipulating types, due to the
--   depth of nesting of AWS types and transparency regarding
--   de/serialisation into more palatable Haskell values. The provided
--   lenses should be compatible with any of the major lens libraries such
--   as <a>lens</a> or <a>lens-family-core</a>.
--   
--   See <a>Network.AWS.CognitoIdentity</a> or <a>the AWS documentation</a>
--   to get started.
@package amazonka-cognito-identity
@version 1.6.1


module Network.AWS.CognitoIdentity.Types

-- | API version <tt>2014-06-30</tt> of the Amazon Cognito Identity SDK
--   configuration.
cognitoIdentity :: Service

-- | Thrown if the identity pool has no role associated for the given auth
--   type (auth/unauth) or if the AssumeRole fails.
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown for missing or bad input parameter(s).
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a user is not authorized to access the requested resource.
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the service encounters an error during processing the
--   request.
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An exception thrown when a dependent service such as Facebook or
--   Twitter is not responding
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a request is throttled.
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown if there are parallel requests to modify a resource.
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a user tries to use a login which is already linked to
--   another account.
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The provided developer user identifier is already registered with
--   Cognito under a different identity ID.
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the requested resource (for example, a dataset or record)
--   does not exist.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the total number of user pools has exceeded a preset
--   limit.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
data AmbiguousRoleResolutionType
AuthenticatedRole :: AmbiguousRoleResolutionType
Deny :: AmbiguousRoleResolutionType
data CognitoErrorCode
AccessDenied :: CognitoErrorCode
InternalServerError :: CognitoErrorCode
data MappingRuleMatchType
Contains :: MappingRuleMatchType
Equals :: MappingRuleMatchType
NotEqual :: MappingRuleMatchType
StartsWith :: MappingRuleMatchType
data RoleMappingType
Rules :: RoleMappingType
Token :: RoleMappingType

-- | A provider representing an Amazon Cognito Identity User Pool and its
--   client ID.
--   
--   <i>See:</i> <a>cognitoIdentityProvider</a> smart constructor.
data CognitoIdentityProvider

-- | Creates a value of <a>CognitoIdentityProvider</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cipClientId</a> - The client ID for the Amazon Cognito Identity
--   User Pool.</li>
--   <li><a>cipServerSideTokenCheck</a> - TRUE if server-side token
--   validation is enabled for the identity provider’s token.</li>
--   <li><a>cipProviderName</a> - The provider name for an Amazon Cognito
--   Identity User Pool. For example,
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt>
--   .</li>
--   </ul>
cognitoIdentityProvider :: CognitoIdentityProvider

-- | The client ID for the Amazon Cognito Identity User Pool.
cipClientId :: Lens' CognitoIdentityProvider (Maybe Text)

-- | TRUE if server-side token validation is enabled for the identity
--   provider’s token.
cipServerSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool)

-- | The provider name for an Amazon Cognito Identity User Pool. For
--   example,
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt> .
cipProviderName :: Lens' CognitoIdentityProvider (Maybe Text)

-- | Credentials for the provided identity ID.
--   
--   <i>See:</i> <a>credentials</a> smart constructor.
data Credentials

-- | Creates a value of <a>Credentials</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cSessionToken</a> - The Session Token portion of the
--   credentials</li>
--   <li><a>cExpiration</a> - The date at which these credentials will
--   expire.</li>
--   <li><a>cSecretKey</a> - The Secret Access Key portion of the
--   credentials</li>
--   <li><a>cAccessKeyId</a> - The Access Key portion of the
--   credentials.</li>
--   </ul>
credentials :: Credentials

-- | The Session Token portion of the credentials
cSessionToken :: Lens' Credentials (Maybe Text)

-- | The date at which these credentials will expire.
cExpiration :: Lens' Credentials (Maybe UTCTime)

-- | The Secret Access Key portion of the credentials
cSecretKey :: Lens' Credentials (Maybe Text)

-- | The Access Key portion of the credentials.
cAccessKeyId :: Lens' Credentials (Maybe Text)

-- | A description of the identity.
--   
--   <i>See:</i> <a>identityDescription</a> smart constructor.
data IdentityDescription

-- | Creates a value of <a>IdentityDescription</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>idLastModifiedDate</a> - Date on which the identity was last
--   modified.</li>
--   <li><a>idCreationDate</a> - Date on which the identity was
--   created.</li>
--   <li><a>idLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens.</li>
--   <li><a>idIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
identityDescription :: IdentityDescription

-- | Date on which the identity was last modified.
idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | Date on which the identity was created.
idCreationDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | A set of optional name-value pairs that map provider names to provider
--   tokens.
idLogins :: Lens' IdentityDescription [Text]

-- | A unique identifier in the format REGION:GUID.
idIdentityId :: Lens' IdentityDescription (Maybe Text)

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>identityPool</a> smart constructor.
data IdentityPool

-- | Creates a value of <a>IdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>ipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>ipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>ipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>ipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>ipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>ipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
identityPool :: Text -> Text -> Bool -> IdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
ipSamlProviderARNs :: Lens' IdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
ipIdentityPoolId :: Lens' IdentityPool Text

-- | A string that you provide.
ipIdentityPoolName :: Lens' IdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool

-- | A description of the identity pool.
--   
--   <i>See:</i> <a>identityPoolShortDescription</a> smart constructor.
data IdentityPoolShortDescription

-- | Creates a value of <a>IdentityPoolShortDescription</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipsdIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipsdIdentityPoolName</a> - A string that you provide.</li>
--   </ul>
identityPoolShortDescription :: IdentityPoolShortDescription

-- | An identity pool ID in the format REGION:GUID.
ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text)

-- | A string that you provide.
ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text)

-- | A rule that maps a claim name, a claim value, and a match type to a
--   role ARN.
--   
--   <i>See:</i> <a>mappingRule</a> smart constructor.
data MappingRule

-- | Creates a value of <a>MappingRule</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mrClaim</a> - The claim name that must be present in the token,
--   for example, "isAdmin" or "paid".</li>
--   <li><a>mrMatchType</a> - The match condition that specifies how
--   closely the claim value in the IdP token must match <tt>Value</tt>
--   .</li>
--   <li><a>mrValue</a> - A brief string that the claim must match, for
--   example, "paid" or "yes".</li>
--   <li><a>mrRoleARN</a> - The role ARN.</li>
--   </ul>
mappingRule :: Text -> MappingRuleMatchType -> Text -> Text -> MappingRule

-- | The claim name that must be present in the token, for example,
--   "isAdmin" or "paid".
mrClaim :: Lens' MappingRule Text

-- | The match condition that specifies how closely the claim value in the
--   IdP token must match <tt>Value</tt> .
mrMatchType :: Lens' MappingRule MappingRuleMatchType

-- | A brief string that the claim must match, for example, "paid" or
--   "yes".
mrValue :: Lens' MappingRule Text

-- | The role ARN.
mrRoleARN :: Lens' MappingRule Text

-- | A role mapping.
--   
--   <i>See:</i> <a>roleMapping</a> smart constructor.
data RoleMapping

-- | Creates a value of <a>RoleMapping</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rmRulesConfiguration</a> - The rules to be used for mapping
--   users to roles. If you specify Rules as the role mapping type,
--   <tt>RulesConfiguration</tt> is required.</li>
--   <li><a>rmAmbiguousRoleResolution</a> - If you specify Token or Rules
--   as the <tt>Type</tt> , <tt>AmbiguousRoleResolution</tt> is required.
--   Specifies the action to be taken if either no rules match the claim
--   value for the <tt>Rules</tt> type, or there is no
--   <tt>cognito:preferred_role</tt> claim and there are multiple
--   <tt>cognito:roles</tt> matches for the <tt>Token</tt> type.</li>
--   <li><a>rmType</a> - The role mapping type. Token will use
--   <tt>cognito:roles</tt> and <tt>cognito:preferred_role</tt> claims from
--   the Cognito identity provider token to map groups to roles. Rules will
--   attempt to match claims from the token to map to a role.</li>
--   </ul>
roleMapping :: RoleMappingType -> RoleMapping

-- | The rules to be used for mapping users to roles. If you specify Rules
--   as the role mapping type, <tt>RulesConfiguration</tt> is required.
rmRulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType)

-- | If you specify Token or Rules as the <tt>Type</tt> ,
--   <tt>AmbiguousRoleResolution</tt> is required. Specifies the action to
--   be taken if either no rules match the claim value for the
--   <tt>Rules</tt> type, or there is no <tt>cognito:preferred_role</tt>
--   claim and there are multiple <tt>cognito:roles</tt> matches for the
--   <tt>Token</tt> type.
rmAmbiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType)

-- | The role mapping type. Token will use <tt>cognito:roles</tt> and
--   <tt>cognito:preferred_role</tt> claims from the Cognito identity
--   provider token to map groups to roles. Rules will attempt to match
--   claims from the token to map to a role.
rmType :: Lens' RoleMapping RoleMappingType

-- | A container for rules.
--   
--   <i>See:</i> <a>rulesConfigurationType</a> smart constructor.
data RulesConfigurationType

-- | Creates a value of <a>RulesConfigurationType</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rctRules</a> - An array of rules. You can specify up to 25
--   rules per identity provider. Rules are evaluated in order. The first
--   one to match specifies the role.</li>
--   </ul>
rulesConfigurationType :: NonEmpty MappingRule -> RulesConfigurationType

-- | An array of rules. You can specify up to 25 rules per identity
--   provider. Rules are evaluated in order. The first one to match
--   specifies the role.
rctRules :: Lens' RulesConfigurationType (NonEmpty MappingRule)

-- | An array of UnprocessedIdentityId objects, each of which contains an
--   ErrorCode and IdentityId.
--   
--   <i>See:</i> <a>unprocessedIdentityId</a> smart constructor.
data UnprocessedIdentityId

-- | Creates a value of <a>UnprocessedIdentityId</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uiiErrorCode</a> - The error code indicating the type of error
--   that occurred.</li>
--   <li><a>uiiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
unprocessedIdentityId :: UnprocessedIdentityId

-- | The error code indicating the type of error that occurred.
uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode)

-- | A unique identifier in the format REGION:GUID.
uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text)


-- | Sets the roles for an identity pool. These roles are used when making
--   calls to <tt>GetCredentialsForIdentity</tt> action.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.SetIdentityPoolRoles

-- | Creates a value of <a>SetIdentityPoolRoles</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>siprRoleMappings</a> - How users for a specific identity
--   provider are to mapped to roles. This is a string to
--   <a>RoleMapping</a> object map. The string identifies the identity
--   provider, for example, "graph.facebook.com" or
--   "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
--   Up to 25 rules can be specified per identity provider.</li>
--   <li><a>siprIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>siprRoles</a> - The map of roles associated with this pool. For
--   a given role, the key will be either "authenticated" or
--   "unauthenticated" and the value will be the Role ARN.</li>
--   </ul>
setIdentityPoolRoles :: Text -> SetIdentityPoolRoles

-- | Input to the <tt>SetIdentityPoolRoles</tt> action.
--   
--   <i>See:</i> <a>setIdentityPoolRoles</a> smart constructor.
data SetIdentityPoolRoles

-- | How users for a specific identity provider are to mapped to roles.
--   This is a string to <a>RoleMapping</a> object map. The string
--   identifies the identity provider, for example, "graph.facebook.com" or
--   "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
--   Up to 25 rules can be specified per identity provider.
siprRoleMappings :: Lens' SetIdentityPoolRoles (HashMap Text RoleMapping)

-- | An identity pool ID in the format REGION:GUID.
siprIdentityPoolId :: Lens' SetIdentityPoolRoles Text

-- | The map of roles associated with this pool. For a given role, the key
--   will be either "authenticated" or "unauthenticated" and the value will
--   be the Role ARN.
siprRoles :: Lens' SetIdentityPoolRoles (HashMap Text Text)

-- | Creates a value of <a>SetIdentityPoolRolesResponse</a> with the
--   minimum fields required to make a request.
setIdentityPoolRolesResponse :: SetIdentityPoolRolesResponse

-- | <i>See:</i> <a>setIdentityPoolRolesResponse</a> smart constructor.
data SetIdentityPoolRolesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Data.Data.Data Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance GHC.Show.Show Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance GHC.Read.Read Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRolesResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.SetIdentityPoolRoles.SetIdentityPoolRoles


-- | Merges two users having different <tt>IdentityId</tt> s, existing in
--   the same identity pool, and identified by the same developer provider.
--   You can use this action to request that discrete users be merged and
--   identified as a single user in the Cognito environment. Cognito
--   associates the given source user (<tt>SourceUserIdentifier</tt> ) with
--   the <tt>IdentityId</tt> of the <tt>DestinationUserIdentifier</tt> .
--   Only developer-authenticated users can be merged. If the users to be
--   merged are associated with the same public provider, but as two
--   different users, an exception will be thrown.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.MergeDeveloperIdentities

-- | Creates a value of <a>MergeDeveloperIdentities</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mdiSourceUserIdentifier</a> - User identifier for the source
--   user. The value should be a <tt>DeveloperUserIdentifier</tt> .</li>
--   <li><a>mdiDestinationUserIdentifier</a> - User identifier for the
--   destination user. The value should be a
--   <tt>DeveloperUserIdentifier</tt> .</li>
--   <li><a>mdiDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users. This is a (pseudo) domain name that you
--   provide while creating an identity pool. This name acts as a
--   placeholder that allows your backend and the Cognito service to
--   communicate about the developer provider. For the
--   <tt>DeveloperProviderName</tt> , you can use letters as well as period
--   (.), underscore (_), and dash (-).</li>
--   <li><a>mdiIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
mergeDeveloperIdentities :: Text -> Text -> Text -> Text -> MergeDeveloperIdentities

-- | Input to the <tt>MergeDeveloperIdentities</tt> action.
--   
--   <i>See:</i> <a>mergeDeveloperIdentities</a> smart constructor.
data MergeDeveloperIdentities

-- | User identifier for the source user. The value should be a
--   <tt>DeveloperUserIdentifier</tt> .
mdiSourceUserIdentifier :: Lens' MergeDeveloperIdentities Text

-- | User identifier for the destination user. The value should be a
--   <tt>DeveloperUserIdentifier</tt> .
mdiDestinationUserIdentifier :: Lens' MergeDeveloperIdentities Text

-- | The "domain" by which Cognito will refer to your users. This is a
--   (pseudo) domain name that you provide while creating an identity pool.
--   This name acts as a placeholder that allows your backend and the
--   Cognito service to communicate about the developer provider. For the
--   <tt>DeveloperProviderName</tt> , you can use letters as well as period
--   (.), underscore (_), and dash (-).
mdiDeveloperProviderName :: Lens' MergeDeveloperIdentities Text

-- | An identity pool ID in the format REGION:GUID.
mdiIdentityPoolId :: Lens' MergeDeveloperIdentities Text

-- | Creates a value of <a>MergeDeveloperIdentitiesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mdirsIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>mdirsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
mergeDeveloperIdentitiesResponse :: Int -> MergeDeveloperIdentitiesResponse

-- | Returned in response to a successful <tt>MergeDeveloperIdentities</tt>
--   action.
--   
--   <i>See:</i> <a>mergeDeveloperIdentitiesResponse</a> smart constructor.
data MergeDeveloperIdentitiesResponse

-- | A unique identifier in the format REGION:GUID.
mdirsIdentityId :: Lens' MergeDeveloperIdentitiesResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
mdirsResponseStatus :: Lens' MergeDeveloperIdentitiesResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Data.Data.Data Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance GHC.Show.Show Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance GHC.Read.Read Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentitiesResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.MergeDeveloperIdentities.MergeDeveloperIdentities


-- | Retrieves the <tt>IdentityID</tt> associated with a
--   <tt>DeveloperUserIdentifier</tt> or the list of
--   <tt>DeveloperUserIdentifier</tt> s associated with an
--   <tt>IdentityId</tt> for an existing identity. Either
--   <tt>IdentityID</tt> or <tt>DeveloperUserIdentifier</tt> must not be
--   null. If you supply only one of these values, the other value will be
--   searched in the database and returned as a part of the response. If
--   you supply both, <tt>DeveloperUserIdentifier</tt> will be matched
--   against <tt>IdentityID</tt> . If the values are verified against the
--   database, the response returns both values and is the same as the
--   request. Otherwise a <tt>ResourceConflictException</tt> is thrown.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.LookupDeveloperIdentity

-- | Creates a value of <a>LookupDeveloperIdentity</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ldiDeveloperUserIdentifier</a> - A unique ID used by your
--   backend authentication process to identify a user. Typically, a
--   developer identity provider would issue many developer user
--   identifiers, in keeping with the number of users.</li>
--   <li><a>ldiNextToken</a> - A pagination token. The first call you make
--   will have <tt>NextToken</tt> set to null. After that the service will
--   return <tt>NextToken</tt> values as needed. For example, let's say you
--   make a request with <tt>MaxResults</tt> set to 10, and there are 20
--   matches in the database. The service will return a pagination token as
--   a part of the response. This token can be used to call the API again
--   and get results starting from the 11th match.</li>
--   <li><a>ldiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>ldiMaxResults</a> - The maximum number of identities to
--   return.</li>
--   <li><a>ldiIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
lookupDeveloperIdentity :: Text -> LookupDeveloperIdentity

-- | Input to the <tt>LookupDeveloperIdentityInput</tt> action.
--   
--   <i>See:</i> <a>lookupDeveloperIdentity</a> smart constructor.
data LookupDeveloperIdentity

-- | A unique ID used by your backend authentication process to identify a
--   user. Typically, a developer identity provider would issue many
--   developer user identifiers, in keeping with the number of users.
ldiDeveloperUserIdentifier :: Lens' LookupDeveloperIdentity (Maybe Text)

-- | A pagination token. The first call you make will have
--   <tt>NextToken</tt> set to null. After that the service will return
--   <tt>NextToken</tt> values as needed. For example, let's say you make a
--   request with <tt>MaxResults</tt> set to 10, and there are 20 matches
--   in the database. The service will return a pagination token as a part
--   of the response. This token can be used to call the API again and get
--   results starting from the 11th match.
ldiNextToken :: Lens' LookupDeveloperIdentity (Maybe Text)

-- | A unique identifier in the format REGION:GUID.
ldiIdentityId :: Lens' LookupDeveloperIdentity (Maybe Text)

-- | The maximum number of identities to return.
ldiMaxResults :: Lens' LookupDeveloperIdentity (Maybe Natural)

-- | An identity pool ID in the format REGION:GUID.
ldiIdentityPoolId :: Lens' LookupDeveloperIdentity Text

-- | Creates a value of <a>LookupDeveloperIdentityResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ldirsNextToken</a> - A pagination token. The first call you
--   make will have <tt>NextToken</tt> set to null. After that the service
--   will return <tt>NextToken</tt> values as needed. For example, let's
--   say you make a request with <tt>MaxResults</tt> set to 10, and there
--   are 20 matches in the database. The service will return a pagination
--   token as a part of the response. This token can be used to call the
--   API again and get results starting from the 11th match.</li>
--   <li><a>ldirsIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>ldirsDeveloperUserIdentifierList</a> - This is the list of
--   developer user identifiers associated with an identity ID. Cognito
--   supports the association of multiple developer user identifiers with
--   an identity ID.</li>
--   <li><a>ldirsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
lookupDeveloperIdentityResponse :: Int -> LookupDeveloperIdentityResponse

-- | Returned in response to a successful <tt>LookupDeveloperIdentity</tt>
--   action.
--   
--   <i>See:</i> <a>lookupDeveloperIdentityResponse</a> smart constructor.
data LookupDeveloperIdentityResponse

-- | A pagination token. The first call you make will have
--   <tt>NextToken</tt> set to null. After that the service will return
--   <tt>NextToken</tt> values as needed. For example, let's say you make a
--   request with <tt>MaxResults</tt> set to 10, and there are 20 matches
--   in the database. The service will return a pagination token as a part
--   of the response. This token can be used to call the API again and get
--   results starting from the 11th match.
ldirsNextToken :: Lens' LookupDeveloperIdentityResponse (Maybe Text)

-- | A unique identifier in the format REGION:GUID.
ldirsIdentityId :: Lens' LookupDeveloperIdentityResponse (Maybe Text)

-- | This is the list of developer user identifiers associated with an
--   identity ID. Cognito supports the association of multiple developer
--   user identifiers with an identity ID.
ldirsDeveloperUserIdentifierList :: Lens' LookupDeveloperIdentityResponse [Text]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ldirsResponseStatus :: Lens' LookupDeveloperIdentityResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentityResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.LookupDeveloperIdentity.LookupDeveloperIdentity


-- | Lists all of the Cognito identity pools registered for your account.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.ListIdentityPools

-- | Creates a value of <a>ListIdentityPools</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lipNextToken</a> - A pagination token.</li>
--   <li><a>lipMaxResults</a> - The maximum number of identities to
--   return.</li>
--   </ul>
listIdentityPools :: Natural -> ListIdentityPools

-- | Input to the ListIdentityPools action.
--   
--   <i>See:</i> <a>listIdentityPools</a> smart constructor.
data ListIdentityPools

-- | A pagination token.
lipNextToken :: Lens' ListIdentityPools (Maybe Text)

-- | The maximum number of identities to return.
lipMaxResults :: Lens' ListIdentityPools Natural

-- | Creates a value of <a>ListIdentityPoolsResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>liprsIdentityPools</a> - The identity pools returned by the
--   ListIdentityPools action.</li>
--   <li><a>liprsNextToken</a> - A pagination token.</li>
--   <li><a>liprsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listIdentityPoolsResponse :: Int -> ListIdentityPoolsResponse

-- | The result of a successful ListIdentityPools action.
--   
--   <i>See:</i> <a>listIdentityPoolsResponse</a> smart constructor.
data ListIdentityPoolsResponse

-- | The identity pools returned by the ListIdentityPools action.
liprsIdentityPools :: Lens' ListIdentityPoolsResponse [IdentityPoolShortDescription]

-- | A pagination token.
liprsNextToken :: Lens' ListIdentityPoolsResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
liprsResponseStatus :: Lens' ListIdentityPoolsResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Data.Data.Data Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance GHC.Show.Show Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance GHC.Read.Read Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPoolsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.ListIdentityPools.ListIdentityPools


-- | Lists the identities in a pool.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.ListIdentities

-- | Creates a value of <a>ListIdentities</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>liHideDisabled</a> - An optional boolean parameter that allows
--   you to hide disabled identities. If omitted, the ListIdentities API
--   will include disabled identities in the response.</li>
--   <li><a>liNextToken</a> - A pagination token.</li>
--   <li><a>liIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>liMaxResults</a> - The maximum number of identities to
--   return.</li>
--   </ul>
listIdentities :: Text -> Natural -> ListIdentities

-- | Input to the ListIdentities action.
--   
--   <i>See:</i> <a>listIdentities</a> smart constructor.
data ListIdentities

-- | An optional boolean parameter that allows you to hide disabled
--   identities. If omitted, the ListIdentities API will include disabled
--   identities in the response.
liHideDisabled :: Lens' ListIdentities (Maybe Bool)

-- | A pagination token.
liNextToken :: Lens' ListIdentities (Maybe Text)

-- | An identity pool ID in the format REGION:GUID.
liIdentityPoolId :: Lens' ListIdentities Text

-- | The maximum number of identities to return.
liMaxResults :: Lens' ListIdentities Natural

-- | Creates a value of <a>ListIdentitiesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lirsIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>lirsNextToken</a> - A pagination token.</li>
--   <li><a>lirsIdentities</a> - An object containing a set of identities
--   and associated mappings.</li>
--   <li><a>lirsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listIdentitiesResponse :: Int -> ListIdentitiesResponse

-- | The response to a ListIdentities request.
--   
--   <i>See:</i> <a>listIdentitiesResponse</a> smart constructor.
data ListIdentitiesResponse

-- | An identity pool ID in the format REGION:GUID.
lirsIdentityPoolId :: Lens' ListIdentitiesResponse (Maybe Text)

-- | A pagination token.
lirsNextToken :: Lens' ListIdentitiesResponse (Maybe Text)

-- | An object containing a set of identities and associated mappings.
lirsIdentities :: Lens' ListIdentitiesResponse [IdentityDescription]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lirsResponseStatus :: Lens' ListIdentitiesResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Data.Data.Data Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance GHC.Show.Show Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance GHC.Read.Read Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.ListIdentities.ListIdentitiesResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.ListIdentities.ListIdentities
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.ListIdentities.ListIdentities


-- | Registers (or retrieves) a Cognito <tt>IdentityId</tt> and an OpenID
--   Connect token for a user authenticated by your backend authentication
--   process. Supplying multiple logins will create an implicit linked
--   account. You can only specify one developer provider as part of the
--   <tt>Logins</tt> map, which is linked to the identity pool. The
--   developer provider is the "domain" by which Cognito will refer to your
--   users.
--   
--   You can use <tt>GetOpenIdTokenForDeveloperIdentity</tt> to create a
--   new identity and to link new logins (that is, user credentials issued
--   by a public provider or developer provider) to an existing identity.
--   When you want to create a new identity, the <tt>IdentityId</tt> should
--   be null. When you want to associate a new login with an existing
--   authenticated/unauthenticated identity, you can do so by providing the
--   existing <tt>IdentityId</tt> . This API will create the identity in
--   the specified <tt>IdentityPoolId</tt> .
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity

-- | Creates a value of <a>GetOpenIdTokenForDeveloperIdentity</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goitfdiTokenDuration</a> - The expiration time of the token, in
--   seconds. You can specify a custom expiration time for the token so
--   that you can cache it. If you don't provide an expiration time, the
--   token is valid for 15 minutes. You can exchange the token with Amazon
--   STS for temporary AWS credentials, which are valid for a maximum of
--   one hour. The maximum token duration you can set is 24 hours. You
--   should take care in setting the expiration time for a token, as there
--   are significant security implications: an attacker could use a leaked
--   token to access your AWS resources for the token's duration.</li>
--   <li><a>goitfdiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>goitfdiIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>goitfdiLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens. Each name-value pair represents a
--   user from a public provider or developer provider. If the user is from
--   a developer provider, the name-value pair will follow the syntax
--   <tt>"developer_provider_name": "developer_user_identifier"</tt> . The
--   developer provider is the "domain" by which Cognito will refer to your
--   users; you provided this domain while creating/updating the identity
--   pool. The developer user identifier is an identifier from your backend
--   that uniquely identifies a user. When you create an identity pool, you
--   can specify the supported logins.</li>
--   </ul>
getOpenIdTokenForDeveloperIdentity :: Text -> GetOpenIdTokenForDeveloperIdentity

-- | Input to the <tt>GetOpenIdTokenForDeveloperIdentity</tt> action.
--   
--   <i>See:</i> <a>getOpenIdTokenForDeveloperIdentity</a> smart
--   constructor.
data GetOpenIdTokenForDeveloperIdentity

-- | The expiration time of the token, in seconds. You can specify a custom
--   expiration time for the token so that you can cache it. If you don't
--   provide an expiration time, the token is valid for 15 minutes. You can
--   exchange the token with Amazon STS for temporary AWS credentials,
--   which are valid for a maximum of one hour. The maximum token duration
--   you can set is 24 hours. You should take care in setting the
--   expiration time for a token, as there are significant security
--   implications: an attacker could use a leaked token to access your AWS
--   resources for the token's duration.
goitfdiTokenDuration :: Lens' GetOpenIdTokenForDeveloperIdentity (Maybe Natural)

-- | A unique identifier in the format REGION:GUID.
goitfdiIdentityId :: Lens' GetOpenIdTokenForDeveloperIdentity (Maybe Text)

-- | An identity pool ID in the format REGION:GUID.
goitfdiIdentityPoolId :: Lens' GetOpenIdTokenForDeveloperIdentity Text

-- | A set of optional name-value pairs that map provider names to provider
--   tokens. Each name-value pair represents a user from a public provider
--   or developer provider. If the user is from a developer provider, the
--   name-value pair will follow the syntax <tt>"developer_provider_name":
--   "developer_user_identifier"</tt> . The developer provider is the
--   "domain" by which Cognito will refer to your users; you provided this
--   domain while creating/updating the identity pool. The developer user
--   identifier is an identifier from your backend that uniquely identifies
--   a user. When you create an identity pool, you can specify the
--   supported logins.
goitfdiLogins :: Lens' GetOpenIdTokenForDeveloperIdentity (HashMap Text Text)

-- | Creates a value of <a>GetOpenIdTokenForDeveloperIdentityResponse</a>
--   with the minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goitfdirsToken</a> - An OpenID token.</li>
--   <li><a>goitfdirsIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>goitfdirsResponseStatus</a> - -- | The response status
--   code.</li>
--   </ul>
getOpenIdTokenForDeveloperIdentityResponse :: Int -> GetOpenIdTokenForDeveloperIdentityResponse

-- | Returned in response to a successful
--   <tt>GetOpenIdTokenForDeveloperIdentity</tt> request.
--   
--   <i>See:</i> <a>getOpenIdTokenForDeveloperIdentityResponse</a> smart
--   constructor.
data GetOpenIdTokenForDeveloperIdentityResponse

-- | An OpenID token.
goitfdirsToken :: Lens' GetOpenIdTokenForDeveloperIdentityResponse (Maybe Text)

-- | A unique identifier in the format REGION:GUID.
goitfdirsIdentityId :: Lens' GetOpenIdTokenForDeveloperIdentityResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
goitfdirsResponseStatus :: Lens' GetOpenIdTokenForDeveloperIdentityResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentityResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.GetOpenIdTokenForDeveloperIdentity.GetOpenIdTokenForDeveloperIdentity


-- | Gets an OpenID token, using a known Cognito ID. This known Cognito ID
--   is returned by <tt>GetId</tt> . You can optionally add additional
--   logins for the identity. Supplying multiple logins creates an implicit
--   link.
--   
--   The OpenId token is valid for 15 minutes.
--   
--   This is a public API. You do not need any credentials to call this
--   API.
module Network.AWS.CognitoIdentity.GetOpenIdToken

-- | Creates a value of <a>GetOpenIdToken</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goitLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens. When using graph.facebook.com and
--   www.amazon.com, supply the access_token returned from the provider's
--   authflow. For accounts.google.com, an Amazon Cognito Identity
--   Provider, or any other OpenId Connect provider, always include the
--   <tt>id_token</tt> .</li>
--   <li><a>goitIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
getOpenIdToken :: Text -> GetOpenIdToken

-- | Input to the GetOpenIdToken action.
--   
--   <i>See:</i> <a>getOpenIdToken</a> smart constructor.
data GetOpenIdToken

-- | A set of optional name-value pairs that map provider names to provider
--   tokens. When using graph.facebook.com and www.amazon.com, supply the
--   access_token returned from the provider's authflow. For
--   accounts.google.com, an Amazon Cognito Identity Provider, or any other
--   OpenId Connect provider, always include the <tt>id_token</tt> .
goitLogins :: Lens' GetOpenIdToken (HashMap Text Text)

-- | A unique identifier in the format REGION:GUID.
goitIdentityId :: Lens' GetOpenIdToken Text

-- | Creates a value of <a>GetOpenIdTokenResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>goitrsToken</a> - An OpenID token, valid for 15 minutes.</li>
--   <li><a>goitrsIdentityId</a> - A unique identifier in the format
--   REGION:GUID. Note that the IdentityId returned may not match the one
--   passed on input.</li>
--   <li><a>goitrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getOpenIdTokenResponse :: Int -> GetOpenIdTokenResponse

-- | Returned in response to a successful GetOpenIdToken request.
--   
--   <i>See:</i> <a>getOpenIdTokenResponse</a> smart constructor.
data GetOpenIdTokenResponse

-- | An OpenID token, valid for 15 minutes.
goitrsToken :: Lens' GetOpenIdTokenResponse (Maybe Text)

-- | A unique identifier in the format REGION:GUID. Note that the
--   IdentityId returned may not match the one passed on input.
goitrsIdentityId :: Lens' GetOpenIdTokenResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
goitrsResponseStatus :: Lens' GetOpenIdTokenResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Data.Data.Data Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdTokenResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.GetOpenIdToken.GetOpenIdToken


-- | Gets the roles for an identity pool.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.GetIdentityPoolRoles

-- | Creates a value of <a>GetIdentityPoolRoles</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>giprIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
getIdentityPoolRoles :: Text -> GetIdentityPoolRoles

-- | Input to the <tt>GetIdentityPoolRoles</tt> action.
--   
--   <i>See:</i> <a>getIdentityPoolRoles</a> smart constructor.
data GetIdentityPoolRoles

-- | An identity pool ID in the format REGION:GUID.
giprIdentityPoolId :: Lens' GetIdentityPoolRoles Text

-- | Creates a value of <a>GetIdentityPoolRolesResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>giprrsRoles</a> - The map of roles associated with this pool.
--   Currently only authenticated and unauthenticated roles are
--   supported.</li>
--   <li><a>giprrsIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>giprrsRoleMappings</a> - How users for a specific identity
--   provider are to mapped to roles. This is a
--   String-to-<a>RoleMapping</a> object map. The string identifies the
--   identity provider, for example, "graph.facebook.com" or
--   "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".</li>
--   <li><a>giprrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getIdentityPoolRolesResponse :: Int -> GetIdentityPoolRolesResponse

-- | Returned in response to a successful <tt>GetIdentityPoolRoles</tt>
--   operation.
--   
--   <i>See:</i> <a>getIdentityPoolRolesResponse</a> smart constructor.
data GetIdentityPoolRolesResponse

-- | The map of roles associated with this pool. Currently only
--   authenticated and unauthenticated roles are supported.
giprrsRoles :: Lens' GetIdentityPoolRolesResponse (HashMap Text Text)

-- | An identity pool ID in the format REGION:GUID.
giprrsIdentityPoolId :: Lens' GetIdentityPoolRolesResponse (Maybe Text)

-- | How users for a specific identity provider are to mapped to roles.
--   This is a String-to-<a>RoleMapping</a> object map. The string
--   identifies the identity provider, for example, "graph.facebook.com" or
--   "cognito-idp-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id".
giprrsRoleMappings :: Lens' GetIdentityPoolRolesResponse (HashMap Text RoleMapping)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
giprrsResponseStatus :: Lens' GetIdentityPoolRolesResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Data.Data.Data Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRolesResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.GetIdentityPoolRoles.GetIdentityPoolRoles


-- | Generates (or retrieves) a Cognito ID. Supplying multiple logins will
--   create an implicit linked account.
--   
--   This is a public API. You do not need any credentials to call this
--   API.
module Network.AWS.CognitoIdentity.GetId

-- | Creates a value of <a>GetId</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>giAccountId</a> - A standard AWS account ID (9+ digits).</li>
--   <li><a>giLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens. The available provider names for
--   <tt>Logins</tt> are as follows: * Facebook:
--   <tt>graph.facebook.com</tt> * Amazon Cognito Identity Provider:
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt> *
--   Google: <tt>accounts.google.com</tt> * Amazon: <tt>www.amazon.com</tt>
--   * Twitter: <tt>api.twitter.com</tt> * Digits:
--   <tt>www.digits.com</tt></li>
--   <li><a>giIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
getId :: Text -> GetId

-- | Input to the GetId action.
--   
--   <i>See:</i> <a>getId</a> smart constructor.
data GetId

-- | A standard AWS account ID (9+ digits).
giAccountId :: Lens' GetId (Maybe Text)

-- | A set of optional name-value pairs that map provider names to provider
--   tokens. The available provider names for <tt>Logins</tt> are as
--   follows: * Facebook: <tt>graph.facebook.com</tt> * Amazon Cognito
--   Identity Provider:
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt> *
--   Google: <tt>accounts.google.com</tt> * Amazon: <tt>www.amazon.com</tt>
--   * Twitter: <tt>api.twitter.com</tt> * Digits: <tt>www.digits.com</tt>
giLogins :: Lens' GetId (HashMap Text Text)

-- | An identity pool ID in the format REGION:GUID.
giIdentityPoolId :: Lens' GetId Text

-- | Creates a value of <a>GetIdResponse</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>girsIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>girsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getIdResponse :: Int -> GetIdResponse

-- | Returned in response to a GetId request.
--   
--   <i>See:</i> <a>getIdResponse</a> smart constructor.
data GetIdResponse

-- | A unique identifier in the format REGION:GUID.
girsIdentityId :: Lens' GetIdResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
girsResponseStatus :: Lens' GetIdResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetId.GetId
instance Data.Data.Data Network.AWS.CognitoIdentity.GetId.GetId
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetId.GetId
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetId.GetId
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetId.GetId
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.GetId.GetId
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetId.GetIdResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.GetId.GetId
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetId.GetId
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.GetId.GetId
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.GetId.GetId
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.GetId.GetId
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.GetId.GetId


-- | Returns credentials for the provided identity ID. Any provided logins
--   will be validated against supported login providers. If the token is
--   for cognito-identity.amazonaws.com, it will be passed through to AWS
--   Security Token Service with the appropriate role for the token.
--   
--   This is a public API. You do not need any credentials to call this
--   API.
module Network.AWS.CognitoIdentity.GetCredentialsForIdentity

-- | Creates a value of <a>GetCredentialsForIdentity</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcfiCustomRoleARN</a> - The Amazon Resource Name (ARN) of the
--   role to be assumed when multiple roles were received in the token from
--   the identity provider. For example, a SAML-based identity provider.
--   This parameter is optional for identity providers that do not support
--   role customization.</li>
--   <li><a>gcfiLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens.</li>
--   <li><a>gcfiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
getCredentialsForIdentity :: Text -> GetCredentialsForIdentity

-- | Input to the <tt>GetCredentialsForIdentity</tt> action.
--   
--   <i>See:</i> <a>getCredentialsForIdentity</a> smart constructor.
data GetCredentialsForIdentity

-- | The Amazon Resource Name (ARN) of the role to be assumed when multiple
--   roles were received in the token from the identity provider. For
--   example, a SAML-based identity provider. This parameter is optional
--   for identity providers that do not support role customization.
gcfiCustomRoleARN :: Lens' GetCredentialsForIdentity (Maybe Text)

-- | A set of optional name-value pairs that map provider names to provider
--   tokens.
gcfiLogins :: Lens' GetCredentialsForIdentity (HashMap Text Text)

-- | A unique identifier in the format REGION:GUID.
gcfiIdentityId :: Lens' GetCredentialsForIdentity Text

-- | Creates a value of <a>GetCredentialsForIdentityResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcfirsCredentials</a> - Credentials for the provided identity
--   ID.</li>
--   <li><a>gcfirsIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>gcfirsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getCredentialsForIdentityResponse :: Int -> GetCredentialsForIdentityResponse

-- | Returned in response to a successful
--   <tt>GetCredentialsForIdentity</tt> operation.
--   
--   <i>See:</i> <a>getCredentialsForIdentityResponse</a> smart
--   constructor.
data GetCredentialsForIdentityResponse

-- | Credentials for the provided identity ID.
gcfirsCredentials :: Lens' GetCredentialsForIdentityResponse (Maybe Credentials)

-- | A unique identifier in the format REGION:GUID.
gcfirsIdentityId :: Lens' GetCredentialsForIdentityResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gcfirsResponseStatus :: Lens' GetCredentialsForIdentityResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentityResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.GetCredentialsForIdentity.GetCredentialsForIdentity


-- | Gets details about a particular identity pool, including the pool
--   name, ID description, creation date, and current number of users.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.DescribeIdentityPool

-- | Creates a value of <a>DescribeIdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
describeIdentityPool :: Text -> DescribeIdentityPool

-- | Input to the DescribeIdentityPool action.
--   
--   <i>See:</i> <a>describeIdentityPool</a> smart constructor.
data DescribeIdentityPool

-- | An identity pool ID in the format REGION:GUID.
dipIdentityPoolId :: Lens' DescribeIdentityPool Text

-- | Creates a value of <a>IdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>ipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>ipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>ipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>ipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>ipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>ipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
identityPool :: Text -> Text -> Bool -> IdentityPool

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>identityPool</a> smart constructor.
data IdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
ipSamlProviderARNs :: Lens' IdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
ipIdentityPoolId :: Lens' IdentityPool Text

-- | A string that you provide.
ipIdentityPoolName :: Lens' IdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Data.Data.Data Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance GHC.Show.Show Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance GHC.Read.Read Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.DescribeIdentityPool.DescribeIdentityPool


-- | Returns metadata related to the given identity, including when the
--   identity was created and any associated linked logins.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.DescribeIdentity

-- | Creates a value of <a>DescribeIdentity</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>diIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
describeIdentity :: Text -> DescribeIdentity

-- | Input to the <tt>DescribeIdentity</tt> action.
--   
--   <i>See:</i> <a>describeIdentity</a> smart constructor.
data DescribeIdentity

-- | A unique identifier in the format REGION:GUID.
diIdentityId :: Lens' DescribeIdentity Text

-- | Creates a value of <a>IdentityDescription</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>idLastModifiedDate</a> - Date on which the identity was last
--   modified.</li>
--   <li><a>idCreationDate</a> - Date on which the identity was
--   created.</li>
--   <li><a>idLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens.</li>
--   <li><a>idIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
identityDescription :: IdentityDescription

-- | A description of the identity.
--   
--   <i>See:</i> <a>identityDescription</a> smart constructor.
data IdentityDescription

-- | Date on which the identity was last modified.
idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | Date on which the identity was created.
idCreationDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | A set of optional name-value pairs that map provider names to provider
--   tokens.
idLogins :: Lens' IdentityDescription [Text]

-- | A unique identifier in the format REGION:GUID.
idIdentityId :: Lens' IdentityDescription (Maybe Text)
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.DescribeIdentity.DescribeIdentity


-- | Deletes a user pool. Once a pool is deleted, users will not be able to
--   authenticate with the pool.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.DeleteIdentityPool

-- | Creates a value of <a>DeleteIdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   </ul>
deleteIdentityPool :: Text -> DeleteIdentityPool

-- | Input to the DeleteIdentityPool action.
--   
--   <i>See:</i> <a>deleteIdentityPool</a> smart constructor.
data DeleteIdentityPool

-- | An identity pool ID in the format REGION:GUID.
dIdentityPoolId :: Lens' DeleteIdentityPool Text

-- | Creates a value of <a>DeleteIdentityPoolResponse</a> with the minimum
--   fields required to make a request.
deleteIdentityPoolResponse :: DeleteIdentityPoolResponse

-- | <i>See:</i> <a>deleteIdentityPoolResponse</a> smart constructor.
data DeleteIdentityPoolResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Data.Data.Data Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance GHC.Show.Show Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance GHC.Read.Read Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPoolResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.DeleteIdentityPool.DeleteIdentityPool


-- | Deletes identities from an identity pool. You can specify a list of
--   1-60 identities that you want to delete.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.DeleteIdentities

-- | Creates a value of <a>DeleteIdentities</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>diIdentityIdsToDelete</a> - A list of 1-60 identities that you
--   want to delete.</li>
--   </ul>
deleteIdentities :: NonEmpty Text -> DeleteIdentities

-- | Input to the <tt>DeleteIdentities</tt> action.
--   
--   <i>See:</i> <a>deleteIdentities</a> smart constructor.
data DeleteIdentities

-- | A list of 1-60 identities that you want to delete.
diIdentityIdsToDelete :: Lens' DeleteIdentities (NonEmpty Text)

-- | Creates a value of <a>DeleteIdentitiesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dirsUnprocessedIdentityIds</a> - An array of
--   UnprocessedIdentityId objects, each of which contains an ErrorCode and
--   IdentityId.</li>
--   <li><a>dirsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
deleteIdentitiesResponse :: Int -> DeleteIdentitiesResponse

-- | Returned in response to a successful <tt>DeleteIdentities</tt>
--   operation.
--   
--   <i>See:</i> <a>deleteIdentitiesResponse</a> smart constructor.
data DeleteIdentitiesResponse

-- | An array of UnprocessedIdentityId objects, each of which contains an
--   ErrorCode and IdentityId.
dirsUnprocessedIdentityIds :: Lens' DeleteIdentitiesResponse [UnprocessedIdentityId]

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
dirsResponseStatus :: Lens' DeleteIdentitiesResponse Int
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Data.Data.Data Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance GHC.Show.Show Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance GHC.Read.Read Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentitiesResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.DeleteIdentities.DeleteIdentities


-- | Creates a new identity pool. The identity pool is a store of user
--   identity information that is specific to your AWS account. The limit
--   on identity pools is 60 per account. The keys for
--   <tt>SupportedLoginProviders</tt> are as follows:
--   
--   <ul>
--   <li>Facebook: <tt>graph.facebook.com</tt></li>
--   <li>Google: <tt>accounts.google.com</tt></li>
--   <li>Amazon: <tt>www.amazon.com</tt></li>
--   <li>Twitter: <tt>api.twitter.com</tt></li>
--   <li>Digits: <tt>www.digits.com</tt></li>
--   </ul>
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.CreateIdentityPool

-- | Creates a value of <a>CreateIdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>cipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>cipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users. This name acts as a placeholder that allows
--   your backend and the Cognito service to communicate about the
--   developer provider. For the <tt>DeveloperProviderName</tt> , you can
--   use letters as well as period (<tt>.</tt> ), underscore (<tt>_</tt> ),
--   and dash (<tt>-</tt> ). Once you have set a developer provider name,
--   you cannot change it. Please take care in setting this parameter.</li>
--   <li><a>cipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>cipCognitoIdentityProviders</a> - An array of Amazon Cognito
--   Identity user pools and their client IDs.</li>
--   <li><a>cipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>cipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
createIdentityPool :: Text -> Bool -> CreateIdentityPool

-- | Input to the CreateIdentityPool action.
--   
--   <i>See:</i> <a>createIdentityPool</a> smart constructor.
data CreateIdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
cipSamlProviderARNs :: Lens' CreateIdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
cipSupportedLoginProviders :: Lens' CreateIdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users. This name acts
--   as a placeholder that allows your backend and the Cognito service to
--   communicate about the developer provider. For the
--   <tt>DeveloperProviderName</tt> , you can use letters as well as period
--   (<tt>.</tt> ), underscore (<tt>_</tt> ), and dash (<tt>-</tt> ). Once
--   you have set a developer provider name, you cannot change it. Please
--   take care in setting this parameter.
cipDeveloperProviderName :: Lens' CreateIdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
cipOpenIdConnectProviderARNs :: Lens' CreateIdentityPool [Text]

-- | An array of Amazon Cognito Identity user pools and their client IDs.
cipCognitoIdentityProviders :: Lens' CreateIdentityPool [CognitoIdentityProvider]

-- | A string that you provide.
cipIdentityPoolName :: Lens' CreateIdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
cipAllowUnauthenticatedIdentities :: Lens' CreateIdentityPool Bool

-- | Creates a value of <a>IdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>ipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>ipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>ipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>ipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>ipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>ipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
identityPool :: Text -> Text -> Bool -> IdentityPool

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>identityPool</a> smart constructor.
data IdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
ipSamlProviderARNs :: Lens' IdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
ipIdentityPoolId :: Lens' IdentityPool Text

-- | A string that you provide.
ipIdentityPoolName :: Lens' IdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Data.Data.Data Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance GHC.Show.Show Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance GHC.Read.Read Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.CreateIdentityPool.CreateIdentityPool


-- | Unlinks a <tt>DeveloperUserIdentifier</tt> from an existing identity.
--   Unlinked developer users will be considered new identities next time
--   they are seen. If, for a given Cognito identity, you remove all
--   federated identities as well as the developer user identifier, the
--   Cognito identity becomes inaccessible.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity

-- | Creates a value of <a>UnlinkDeveloperIdentity</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>udiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>udiIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>udiDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>udiDeveloperUserIdentifier</a> - A unique ID used by your
--   backend authentication process to identify a user.</li>
--   </ul>
unlinkDeveloperIdentity :: Text -> Text -> Text -> Text -> UnlinkDeveloperIdentity

-- | Input to the <tt>UnlinkDeveloperIdentity</tt> action.
--   
--   <i>See:</i> <a>unlinkDeveloperIdentity</a> smart constructor.
data UnlinkDeveloperIdentity

-- | A unique identifier in the format REGION:GUID.
udiIdentityId :: Lens' UnlinkDeveloperIdentity Text

-- | An identity pool ID in the format REGION:GUID.
udiIdentityPoolId :: Lens' UnlinkDeveloperIdentity Text

-- | The "domain" by which Cognito will refer to your users.
udiDeveloperProviderName :: Lens' UnlinkDeveloperIdentity Text

-- | A unique ID used by your backend authentication process to identify a
--   user.
udiDeveloperUserIdentifier :: Lens' UnlinkDeveloperIdentity Text

-- | Creates a value of <a>UnlinkDeveloperIdentityResponse</a> with the
--   minimum fields required to make a request.
unlinkDeveloperIdentityResponse :: UnlinkDeveloperIdentityResponse

-- | <i>See:</i> <a>unlinkDeveloperIdentityResponse</a> smart constructor.
data UnlinkDeveloperIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentityResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.UnlinkDeveloperIdentity.UnlinkDeveloperIdentity


-- | Unlinks a federated identity from an existing account. Unlinked logins
--   will be considered new identities next time they are seen. Removing
--   the last linked login will make this identity inaccessible.
--   
--   This is a public API. You do not need any credentials to call this
--   API.
module Network.AWS.CognitoIdentity.UnlinkIdentity

-- | Creates a value of <a>UnlinkIdentity</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   <li><a>uiLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens.</li>
--   <li><a>uiLoginsToRemove</a> - Provider names to unlink from this
--   identity.</li>
--   </ul>
unlinkIdentity :: Text -> UnlinkIdentity

-- | Input to the UnlinkIdentity action.
--   
--   <i>See:</i> <a>unlinkIdentity</a> smart constructor.
data UnlinkIdentity

-- | A unique identifier in the format REGION:GUID.
uiIdentityId :: Lens' UnlinkIdentity Text

-- | A set of optional name-value pairs that map provider names to provider
--   tokens.
uiLogins :: Lens' UnlinkIdentity (HashMap Text Text)

-- | Provider names to unlink from this identity.
uiLoginsToRemove :: Lens' UnlinkIdentity [Text]

-- | Creates a value of <a>UnlinkIdentityResponse</a> with the minimum
--   fields required to make a request.
unlinkIdentityResponse :: UnlinkIdentityResponse

-- | <i>See:</i> <a>unlinkIdentityResponse</a> smart constructor.
data UnlinkIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance Data.Data.Data Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance GHC.Show.Show Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance GHC.Read.Read Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Data.Data.Data Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance GHC.Show.Show Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance GHC.Read.Read Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentityResponse
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.UnlinkIdentity.UnlinkIdentity


-- | Updates a user pool.
--   
--   You must use AWS Developer credentials to call this API.
module Network.AWS.CognitoIdentity.UpdateIdentityPool

-- | Creates a value of <a>UpdateIdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>uipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>uipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>uipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>uipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>uipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>uipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>uipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
updateIdentityPool :: Text -> Text -> Bool -> UpdateIdentityPool

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>updateIdentityPool</a> smart constructor.
data UpdateIdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
uipSamlProviderARNs :: Lens' UpdateIdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
uipSupportedLoginProviders :: Lens' UpdateIdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
uipDeveloperProviderName :: Lens' UpdateIdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
uipOpenIdConnectProviderARNs :: Lens' UpdateIdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
uipCognitoIdentityProviders :: Lens' UpdateIdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
uipIdentityPoolId :: Lens' UpdateIdentityPool Text

-- | A string that you provide.
uipIdentityPoolName :: Lens' UpdateIdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
uipAllowUnauthenticatedIdentities :: Lens' UpdateIdentityPool Bool

-- | Creates a value of <a>IdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>ipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>ipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>ipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>ipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>ipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>ipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
identityPool :: Text -> Text -> Bool -> IdentityPool

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>identityPool</a> smart constructor.
data IdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
ipSamlProviderARNs :: Lens' IdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
ipIdentityPoolId :: Lens' IdentityPool Text

-- | A string that you provide.
ipIdentityPoolName :: Lens' IdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool
instance GHC.Generics.Generic Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Data.Data.Data Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance GHC.Show.Show Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance GHC.Read.Read Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance GHC.Classes.Eq Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Network.AWS.Types.AWSRequest Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Data.Hashable.Class.Hashable Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Control.DeepSeq.NFData Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Network.AWS.Data.Path.ToPath Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool
instance Network.AWS.Data.Query.ToQuery Network.AWS.CognitoIdentity.UpdateIdentityPool.UpdateIdentityPool


module Network.AWS.CognitoIdentity.Waiters


-- | <b>Amazon Cognito</b>
--   
--   Amazon Cognito is a web service that delivers scoped temporary
--   credentials to mobile devices and other untrusted environments. Amazon
--   Cognito uniquely identifies a device and supplies the user with a
--   consistent identity over the lifetime of an application.
--   
--   Using Amazon Cognito, you can enable authentication with one or more
--   third-party identity providers (Facebook, Google, or Login with
--   Amazon), and you can also choose to support unauthenticated access
--   from your app. Cognito delivers a unique identifier for each user and
--   acts as an OpenID token provider trusted by AWS Security Token Service
--   (STS) to access temporary, limited-privilege AWS credentials.
--   
--   To provide end-user credentials, first make an unsigned call to
--   <a>GetId</a> . If the end user is authenticated with one of the
--   supported identity providers, set the <tt>Logins</tt> map with the
--   identity provider token. <tt>GetId</tt> returns a unique identifier
--   for the user.
--   
--   Next, make an unsigned call to <a>GetCredentialsForIdentity</a> . This
--   call expects the same <tt>Logins</tt> map as the <tt>GetId</tt> call,
--   as well as the <tt>IdentityID</tt> originally returned by
--   <tt>GetId</tt> . Assuming your identity pool has been configured via
--   the <a>SetIdentityPoolRoles</a> operation,
--   <tt>GetCredentialsForIdentity</tt> will return AWS credentials for
--   your use. If your pool has not been configured with
--   <tt>SetIdentityPoolRoles</tt> , or if you want to follow legacy flow,
--   make an unsigned call to <a>GetOpenIdToken</a> , which returns the
--   OpenID token necessary to call STS and retrieve AWS credentials. This
--   call expects the same <tt>Logins</tt> map as the <tt>GetId</tt> call,
--   as well as the <tt>IdentityID</tt> originally returned by
--   <tt>GetId</tt> . The token returned by <tt>GetOpenIdToken</tt> can be
--   passed to the STS operation <a>AssumeRoleWithWebIdentity</a> to
--   retrieve AWS credentials.
--   
--   If you want to use Amazon Cognito in an Android, iOS, or Unity
--   application, you will probably want to make API calls via the AWS
--   Mobile SDK. To learn more, see the <a>AWS Mobile SDK Developer
--   Guide</a> .
module Network.AWS.CognitoIdentity

-- | API version <tt>2014-06-30</tt> of the Amazon Cognito Identity SDK
--   configuration.
cognitoIdentity :: Service

-- | Thrown if the identity pool has no role associated for the given auth
--   type (auth/unauth) or if the AssumeRole fails.
_InvalidIdentityPoolConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown for missing or bad input parameter(s).
_InvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a user is not authorized to access the requested resource.
_NotAuthorizedException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the service encounters an error during processing the
--   request.
_InternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An exception thrown when a dependent service such as Facebook or
--   Twitter is not responding
_ExternalServiceException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a request is throttled.
_TooManyRequestsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown if there are parallel requests to modify a resource.
_ConcurrentModificationException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when a user tries to use a login which is already linked to
--   another account.
_ResourceConflictException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The provided developer user identifier is already registered with
--   Cognito under a different identity ID.
_DeveloperUserAlreadyRegisteredException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the requested resource (for example, a dataset or record)
--   does not exist.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Thrown when the total number of user pools has exceeded a preset
--   limit.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
data AmbiguousRoleResolutionType
AuthenticatedRole :: AmbiguousRoleResolutionType
Deny :: AmbiguousRoleResolutionType
data CognitoErrorCode
AccessDenied :: CognitoErrorCode
InternalServerError :: CognitoErrorCode
data MappingRuleMatchType
Contains :: MappingRuleMatchType
Equals :: MappingRuleMatchType
NotEqual :: MappingRuleMatchType
StartsWith :: MappingRuleMatchType
data RoleMappingType
Rules :: RoleMappingType
Token :: RoleMappingType

-- | A provider representing an Amazon Cognito Identity User Pool and its
--   client ID.
--   
--   <i>See:</i> <a>cognitoIdentityProvider</a> smart constructor.
data CognitoIdentityProvider

-- | Creates a value of <a>CognitoIdentityProvider</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cipClientId</a> - The client ID for the Amazon Cognito Identity
--   User Pool.</li>
--   <li><a>cipServerSideTokenCheck</a> - TRUE if server-side token
--   validation is enabled for the identity provider’s token.</li>
--   <li><a>cipProviderName</a> - The provider name for an Amazon Cognito
--   Identity User Pool. For example,
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt>
--   .</li>
--   </ul>
cognitoIdentityProvider :: CognitoIdentityProvider

-- | The client ID for the Amazon Cognito Identity User Pool.
cipClientId :: Lens' CognitoIdentityProvider (Maybe Text)

-- | TRUE if server-side token validation is enabled for the identity
--   provider’s token.
cipServerSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool)

-- | The provider name for an Amazon Cognito Identity User Pool. For
--   example,
--   <tt>cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789</tt> .
cipProviderName :: Lens' CognitoIdentityProvider (Maybe Text)

-- | Credentials for the provided identity ID.
--   
--   <i>See:</i> <a>credentials</a> smart constructor.
data Credentials

-- | Creates a value of <a>Credentials</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cSessionToken</a> - The Session Token portion of the
--   credentials</li>
--   <li><a>cExpiration</a> - The date at which these credentials will
--   expire.</li>
--   <li><a>cSecretKey</a> - The Secret Access Key portion of the
--   credentials</li>
--   <li><a>cAccessKeyId</a> - The Access Key portion of the
--   credentials.</li>
--   </ul>
credentials :: Credentials

-- | The Session Token portion of the credentials
cSessionToken :: Lens' Credentials (Maybe Text)

-- | The date at which these credentials will expire.
cExpiration :: Lens' Credentials (Maybe UTCTime)

-- | The Secret Access Key portion of the credentials
cSecretKey :: Lens' Credentials (Maybe Text)

-- | The Access Key portion of the credentials.
cAccessKeyId :: Lens' Credentials (Maybe Text)

-- | A description of the identity.
--   
--   <i>See:</i> <a>identityDescription</a> smart constructor.
data IdentityDescription

-- | Creates a value of <a>IdentityDescription</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>idLastModifiedDate</a> - Date on which the identity was last
--   modified.</li>
--   <li><a>idCreationDate</a> - Date on which the identity was
--   created.</li>
--   <li><a>idLogins</a> - A set of optional name-value pairs that map
--   provider names to provider tokens.</li>
--   <li><a>idIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
identityDescription :: IdentityDescription

-- | Date on which the identity was last modified.
idLastModifiedDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | Date on which the identity was created.
idCreationDate :: Lens' IdentityDescription (Maybe UTCTime)

-- | A set of optional name-value pairs that map provider names to provider
--   tokens.
idLogins :: Lens' IdentityDescription [Text]

-- | A unique identifier in the format REGION:GUID.
idIdentityId :: Lens' IdentityDescription (Maybe Text)

-- | An object representing an Amazon Cognito identity pool.
--   
--   <i>See:</i> <a>identityPool</a> smart constructor.
data IdentityPool

-- | Creates a value of <a>IdentityPool</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipSamlProviderARNs</a> - An array of Amazon Resource Names
--   (ARNs) of the SAML provider for your identity pool.</li>
--   <li><a>ipSupportedLoginProviders</a> - Optional key:value pairs
--   mapping provider names to provider app IDs.</li>
--   <li><a>ipDeveloperProviderName</a> - The "domain" by which Cognito
--   will refer to your users.</li>
--   <li><a>ipOpenIdConnectProviderARNs</a> - A list of OpendID Connect
--   provider ARNs.</li>
--   <li><a>ipCognitoIdentityProviders</a> - A list representing an Amazon
--   Cognito Identity User Pool and its client ID.</li>
--   <li><a>ipIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipIdentityPoolName</a> - A string that you provide.</li>
--   <li><a>ipAllowUnauthenticatedIdentities</a> - TRUE if the identity
--   pool supports unauthenticated logins.</li>
--   </ul>
identityPool :: Text -> Text -> Bool -> IdentityPool

-- | An array of Amazon Resource Names (ARNs) of the SAML provider for your
--   identity pool.
ipSamlProviderARNs :: Lens' IdentityPool [Text]

-- | Optional key:value pairs mapping provider names to provider app IDs.
ipSupportedLoginProviders :: Lens' IdentityPool (HashMap Text Text)

-- | The "domain" by which Cognito will refer to your users.
ipDeveloperProviderName :: Lens' IdentityPool (Maybe Text)

-- | A list of OpendID Connect provider ARNs.
ipOpenIdConnectProviderARNs :: Lens' IdentityPool [Text]

-- | A list representing an Amazon Cognito Identity User Pool and its
--   client ID.
ipCognitoIdentityProviders :: Lens' IdentityPool [CognitoIdentityProvider]

-- | An identity pool ID in the format REGION:GUID.
ipIdentityPoolId :: Lens' IdentityPool Text

-- | A string that you provide.
ipIdentityPoolName :: Lens' IdentityPool Text

-- | TRUE if the identity pool supports unauthenticated logins.
ipAllowUnauthenticatedIdentities :: Lens' IdentityPool Bool

-- | A description of the identity pool.
--   
--   <i>See:</i> <a>identityPoolShortDescription</a> smart constructor.
data IdentityPoolShortDescription

-- | Creates a value of <a>IdentityPoolShortDescription</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ipsdIdentityPoolId</a> - An identity pool ID in the format
--   REGION:GUID.</li>
--   <li><a>ipsdIdentityPoolName</a> - A string that you provide.</li>
--   </ul>
identityPoolShortDescription :: IdentityPoolShortDescription

-- | An identity pool ID in the format REGION:GUID.
ipsdIdentityPoolId :: Lens' IdentityPoolShortDescription (Maybe Text)

-- | A string that you provide.
ipsdIdentityPoolName :: Lens' IdentityPoolShortDescription (Maybe Text)

-- | A rule that maps a claim name, a claim value, and a match type to a
--   role ARN.
--   
--   <i>See:</i> <a>mappingRule</a> smart constructor.
data MappingRule

-- | Creates a value of <a>MappingRule</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>mrClaim</a> - The claim name that must be present in the token,
--   for example, "isAdmin" or "paid".</li>
--   <li><a>mrMatchType</a> - The match condition that specifies how
--   closely the claim value in the IdP token must match <tt>Value</tt>
--   .</li>
--   <li><a>mrValue</a> - A brief string that the claim must match, for
--   example, "paid" or "yes".</li>
--   <li><a>mrRoleARN</a> - The role ARN.</li>
--   </ul>
mappingRule :: Text -> MappingRuleMatchType -> Text -> Text -> MappingRule

-- | The claim name that must be present in the token, for example,
--   "isAdmin" or "paid".
mrClaim :: Lens' MappingRule Text

-- | The match condition that specifies how closely the claim value in the
--   IdP token must match <tt>Value</tt> .
mrMatchType :: Lens' MappingRule MappingRuleMatchType

-- | A brief string that the claim must match, for example, "paid" or
--   "yes".
mrValue :: Lens' MappingRule Text

-- | The role ARN.
mrRoleARN :: Lens' MappingRule Text

-- | A role mapping.
--   
--   <i>See:</i> <a>roleMapping</a> smart constructor.
data RoleMapping

-- | Creates a value of <a>RoleMapping</a> with the minimum fields required
--   to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rmRulesConfiguration</a> - The rules to be used for mapping
--   users to roles. If you specify Rules as the role mapping type,
--   <tt>RulesConfiguration</tt> is required.</li>
--   <li><a>rmAmbiguousRoleResolution</a> - If you specify Token or Rules
--   as the <tt>Type</tt> , <tt>AmbiguousRoleResolution</tt> is required.
--   Specifies the action to be taken if either no rules match the claim
--   value for the <tt>Rules</tt> type, or there is no
--   <tt>cognito:preferred_role</tt> claim and there are multiple
--   <tt>cognito:roles</tt> matches for the <tt>Token</tt> type.</li>
--   <li><a>rmType</a> - The role mapping type. Token will use
--   <tt>cognito:roles</tt> and <tt>cognito:preferred_role</tt> claims from
--   the Cognito identity provider token to map groups to roles. Rules will
--   attempt to match claims from the token to map to a role.</li>
--   </ul>
roleMapping :: RoleMappingType -> RoleMapping

-- | The rules to be used for mapping users to roles. If you specify Rules
--   as the role mapping type, <tt>RulesConfiguration</tt> is required.
rmRulesConfiguration :: Lens' RoleMapping (Maybe RulesConfigurationType)

-- | If you specify Token or Rules as the <tt>Type</tt> ,
--   <tt>AmbiguousRoleResolution</tt> is required. Specifies the action to
--   be taken if either no rules match the claim value for the
--   <tt>Rules</tt> type, or there is no <tt>cognito:preferred_role</tt>
--   claim and there are multiple <tt>cognito:roles</tt> matches for the
--   <tt>Token</tt> type.
rmAmbiguousRoleResolution :: Lens' RoleMapping (Maybe AmbiguousRoleResolutionType)

-- | The role mapping type. Token will use <tt>cognito:roles</tt> and
--   <tt>cognito:preferred_role</tt> claims from the Cognito identity
--   provider token to map groups to roles. Rules will attempt to match
--   claims from the token to map to a role.
rmType :: Lens' RoleMapping RoleMappingType

-- | A container for rules.
--   
--   <i>See:</i> <a>rulesConfigurationType</a> smart constructor.
data RulesConfigurationType

-- | Creates a value of <a>RulesConfigurationType</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rctRules</a> - An array of rules. You can specify up to 25
--   rules per identity provider. Rules are evaluated in order. The first
--   one to match specifies the role.</li>
--   </ul>
rulesConfigurationType :: NonEmpty MappingRule -> RulesConfigurationType

-- | An array of rules. You can specify up to 25 rules per identity
--   provider. Rules are evaluated in order. The first one to match
--   specifies the role.
rctRules :: Lens' RulesConfigurationType (NonEmpty MappingRule)

-- | An array of UnprocessedIdentityId objects, each of which contains an
--   ErrorCode and IdentityId.
--   
--   <i>See:</i> <a>unprocessedIdentityId</a> smart constructor.
data UnprocessedIdentityId

-- | Creates a value of <a>UnprocessedIdentityId</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>uiiErrorCode</a> - The error code indicating the type of error
--   that occurred.</li>
--   <li><a>uiiIdentityId</a> - A unique identifier in the format
--   REGION:GUID.</li>
--   </ul>
unprocessedIdentityId :: UnprocessedIdentityId

-- | The error code indicating the type of error that occurred.
uiiErrorCode :: Lens' UnprocessedIdentityId (Maybe CognitoErrorCode)

-- | A unique identifier in the format REGION:GUID.
uiiIdentityId :: Lens' UnprocessedIdentityId (Maybe Text)
