import { Command as $Command } from "@smithy/core/client"; import type { MetadataBearer as __MetadataBearer } from "@smithy/types"; import type { CognitoIdentityProviderClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../CognitoIdentityProviderClient"; import type { AdminLinkProviderForUserRequest, AdminLinkProviderForUserResponse } from "../models/models_0"; /** * @public */ export type { __MetadataBearer }; export { $Command }; /** * @public * * The input for {@link AdminLinkProviderForUserCommand}. */ export interface AdminLinkProviderForUserCommandInput extends AdminLinkProviderForUserRequest { } /** * @public * * The output of {@link AdminLinkProviderForUserCommand}. */ export interface AdminLinkProviderForUserCommandOutput extends AdminLinkProviderForUserResponse, __MetadataBearer { } declare const AdminLinkProviderForUserCommand_base: { new (input: AdminLinkProviderForUserCommandInput): import("@smithy/core/client").CommandImpl; new (input: AdminLinkProviderForUserCommandInput): import("@smithy/core/client").CommandImpl; getEndpointParameterInstructions(): { [x: string]: unknown; }; }; /** *

Links an existing user account in a user pool, or DestinationUser, to an * identity from an external IdP, or SourceUser, based on a specified * attribute name and value from the external IdP.

*

This operation connects a local user profile with a user identity who hasn't yet * signed in from their third-party IdP. When the user signs in with their IdP, they get * access-control configuration from the local user profile. Linked local users can also * sign in with SDK-based API operations like InitiateAuth after they sign in * at least once through their IdP. For more information, see Linking federated users.

* *

The maximum number of federated identities linked to a user is five.

*
* *

Because this API allows a user with an external federated identity to sign in as a * local user, it is critical that it only be used with external IdPs and linked * attributes that you trust.

*
* *

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For * this operation, you must use IAM credentials to authorize requests, and you must * grant yourself the corresponding IAM permission in a policy.

*

* Learn more *

* *
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript * import { CognitoIdentityProviderClient, AdminLinkProviderForUserCommand } from "@aws-sdk/client-cognito-identity-provider"; // ES Modules import * // const { CognitoIdentityProviderClient, AdminLinkProviderForUserCommand } = require("@aws-sdk/client-cognito-identity-provider"); // CommonJS import * // import type { CognitoIdentityProviderClientConfig } from "@aws-sdk/client-cognito-identity-provider"; * const config = {}; // type is CognitoIdentityProviderClientConfig * const client = new CognitoIdentityProviderClient(config); * const input = { // AdminLinkProviderForUserRequest * UserPoolId: "STRING_VALUE", // required * DestinationUser: { // ProviderUserIdentifierType * ProviderName: "STRING_VALUE", * ProviderAttributeName: "STRING_VALUE", * ProviderAttributeValue: "STRING_VALUE", * }, * SourceUser: { * ProviderName: "STRING_VALUE", * ProviderAttributeName: "STRING_VALUE", * ProviderAttributeValue: "STRING_VALUE", * }, * }; * const command = new AdminLinkProviderForUserCommand(input); * const response = await client.send(command); * // {}; * * ``` * * @param AdminLinkProviderForUserCommandInput - {@link AdminLinkProviderForUserCommandInput} * @returns {@link AdminLinkProviderForUserCommandOutput} * @see {@link AdminLinkProviderForUserCommandInput} for command's `input` shape. * @see {@link AdminLinkProviderForUserCommandOutput} for command's `response` shape. * @see {@link CognitoIdentityProviderClientResolvedConfig | config} for CognitoIdentityProviderClient's `config` shape. * * @throws {@link AliasExistsException} (client fault) *

This exception is thrown when a user tries to confirm the account with an email * address or phone number that has already been supplied as an alias for a different user * profile. This exception indicates that an account with this email address or phone * already exists in a user pool that you've configured to use email address or phone * number as a sign-in alias.

* * @throws {@link InternalErrorException} (server fault) *

This exception is thrown when Amazon Cognito encounters an internal error.

* * @throws {@link InvalidParameterException} (client fault) *

This exception is thrown when the Amazon Cognito service encounters an invalid * parameter.

* * @throws {@link LimitExceededException} (client fault) *

This exception is thrown when a user exceeds the limit for a requested Amazon Web Services * resource.

* * @throws {@link NotAuthorizedException} (client fault) *

This exception is thrown when a user isn't authorized.

* * @throws {@link OperationNotEnabledException} (client fault) *

This exception is thrown when an operation is not available in the current region or for the current user pool configuration. This can occur when attempting to perform operations that are not supported in secondary replica regions.

* * @throws {@link ResourceNotFoundException} (client fault) *

This exception is thrown when the Amazon Cognito service can't find the requested * resource.

* * @throws {@link TooManyRequestsException} (client fault) *

This exception is thrown when the user has made too many requests for a given * operation.

* * @throws {@link UserNotFoundException} (client fault) *

This exception is thrown when a user isn't found.

* * @throws {@link CognitoIdentityProviderServiceException} *

Base exception class for all service exceptions from CognitoIdentityProvider service.

* * * @public */ export declare class AdminLinkProviderForUserCommand extends AdminLinkProviderForUserCommand_base { /** @internal type navigation helper, not in runtime. */ protected static __types: { api: { input: AdminLinkProviderForUserRequest; output: {}; }; sdk: { input: AdminLinkProviderForUserCommandInput; output: AdminLinkProviderForUserCommandOutput; }; }; }