class Aws::CognitoIdentityProvider::Types::AdminLinkProviderForUserRequest

@note When making an API call, you may pass AdminLinkProviderForUserRequest

data as a hash:

    {
      user_pool_id: "StringType", # required
      destination_user: { # required
        provider_name: "ProviderNameType",
        provider_attribute_name: "StringType",
        provider_attribute_value: "StringType",
      },
      source_user: { # required
        provider_name: "ProviderNameType",
        provider_attribute_name: "StringType",
        provider_attribute_value: "StringType",
      },
    }

@!attribute [rw] user_pool_id

The user pool ID for the user pool.
@return [String]

@!attribute [rw] destination_user

The existing user in the user pool to be linked to the external
identity provider user account. Can be a native (Username +
Password) Cognito User Pools user or a federated user (for example,
a SAML or Facebook user). If the user doesn't exist, an exception
is thrown. This is the user that is returned when the new user (with
the linked identity provider attribute) signs in.

For a native username + password user, the `ProviderAttributeValue`
for the `DestinationUser` should be the username in the user pool.
For a federated user, it should be the provider-specific `user_id`.

The `ProviderAttributeName` of the `DestinationUser` is ignored.

The `ProviderName` should be set to `Cognito` for users in Cognito
user pools.
@return [Types::ProviderUserIdentifierType]

@!attribute [rw] source_user

An external identity provider account for a user who does not
currently exist yet in the user pool. This user must be a federated
user (for example, a SAML or Facebook user), not another native
user.

If the `SourceUser` is a federated social identity provider user
(Facebook, Google, or Login with Amazon), you must set the
`ProviderAttributeName` to `Cognito_Subject`. For social identity
providers, the `ProviderName` will be `Facebook`, `Google`, or
`LoginWithAmazon`, and Cognito will automatically parse the
Facebook, Google, and Login with Amazon tokens for `id`, `sub`, and
`user_id`, respectively. The `ProviderAttributeValue` for the user
must be the same value as the `id`, `sub`, or `user_id` value found
in the social identity provider token.

For SAML, the `ProviderAttributeName` can be any value that matches
a claim in the SAML assertion. If you wish to link SAML users based
on the subject of the SAML assertion, you should map the subject to
a claim through the SAML identity provider and submit that claim
name as the `ProviderAttributeName`. If you set
`ProviderAttributeName` to `Cognito_Subject`, Cognito will
automatically parse the default unique identifier found in the
subject from the SAML token.
@return [Types::ProviderUserIdentifierType]

@see docs.aws.amazon.com/goto/WebAPI/cognito-idp-2016-04-18/AdminLinkProviderForUserRequest AWS API Documentation

Constants

SENSITIVE