# Data Types


The Amazon Cognito Identity API contains several data types that various actions use. This section describes each data type in detail.

**Note**  
The order of each element in a data type structure is not guaranteed. Applications should not assume a particular order.

The following data types are supported:
+  [CognitoIdentityProvider](API_CognitoIdentityProvider.md) 
+  [Credentials](API_Credentials.md) 
+  [IdentityDescription](API_IdentityDescription.md) 
+  [IdentityPoolShortDescription](API_IdentityPoolShortDescription.md) 
+  [MappingRule](API_MappingRule.md) 
+  [RoleMapping](API_RoleMapping.md) 
+  [RulesConfigurationType](API_RulesConfigurationType.md) 
+  [UnprocessedIdentityId](API_UnprocessedIdentityId.md) 

# CognitoIdentityProvider


A provider representing an Amazon Cognito user pool and its client ID.

## Contents


 ** ClientId **   <a name="CognitoIdentity-Type-CognitoIdentityProvider-ClientId"></a>
The client ID for the Amazon Cognito user pool.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[\w_]+`   
Required: No

 ** ProviderName **   <a name="CognitoIdentity-Type-CognitoIdentityProvider-ProviderName"></a>
The provider name for an Amazon Cognito user pool. For example, `cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789`.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[\w._:/-]+`   
Required: No

 ** ServerSideTokenCheck **   <a name="CognitoIdentity-Type-CognitoIdentityProvider-ServerSideTokenCheck"></a>
TRUE if server-side token validation is enabled for the identity provider’s token.  
Once you set `ServerSideTokenCheck` to TRUE for an identity pool, that identity pool will check with the integrated user pools to make sure that the user has not been globally signed out or deleted before the identity pool provides an OIDC token or Amazon credentials for the user.  
If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.  
Type: Boolean  
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/CognitoIdentityProvider) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/CognitoIdentityProvider) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/CognitoIdentityProvider) 

# Credentials


Credentials for the provided identity ID.

## Contents


 ** AccessKeyId **   <a name="CognitoIdentity-Type-Credentials-AccessKeyId"></a>
The Access Key portion of the credentials.  
Type: String  
Required: No

 ** Expiration **   <a name="CognitoIdentity-Type-Credentials-Expiration"></a>
The date at which these credentials will expire.  
Type: Timestamp  
Required: No

 ** SecretKey **   <a name="CognitoIdentity-Type-Credentials-SecretKey"></a>
The Secret Access Key portion of the credentials  
Type: String  
Required: No

 ** SessionToken **   <a name="CognitoIdentity-Type-Credentials-SessionToken"></a>
The Session Token portion of the credentials  
Type: String  
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/Credentials) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/Credentials) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/Credentials) 

# IdentityDescription


A description of the identity.

## Contents


 ** CreationDate **   <a name="CognitoIdentity-Type-IdentityDescription-CreationDate"></a>
Date on which the identity was created.  
Type: Timestamp  
Required: No

 ** IdentityId **   <a name="CognitoIdentity-Type-IdentityDescription-IdentityId"></a>
A unique identifier in the format REGION:GUID.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 55.  
Pattern: `[\w-]+:[0-9a-f-]+`   
Required: No

 ** LastModifiedDate **   <a name="CognitoIdentity-Type-IdentityDescription-LastModifiedDate"></a>
Date on which the identity was last modified.  
Type: Timestamp  
Required: No

 ** Logins **   <a name="CognitoIdentity-Type-IdentityDescription-Logins"></a>
The provider names.  
Type: Array of strings  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/IdentityDescription) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/IdentityDescription) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/IdentityDescription) 

# IdentityPoolShortDescription


A description of the identity pool.

## Contents


 ** IdentityPoolId **   <a name="CognitoIdentity-Type-IdentityPoolShortDescription-IdentityPoolId"></a>
An identity pool ID in the format REGION:GUID.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 55.  
Pattern: `[\w-]+:[0-9a-f-]+`   
Required: No

 ** IdentityPoolName **   <a name="CognitoIdentity-Type-IdentityPoolShortDescription-IdentityPoolName"></a>
A string that you provide.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Pattern: `[\w\s+=,.@-]+`   
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/IdentityPoolShortDescription) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/IdentityPoolShortDescription) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/IdentityPoolShortDescription) 

# MappingRule


A rule that maps a claim name, a claim value, and a match type to a role ARN.

## Contents


 ** Claim **   <a name="CognitoIdentity-Type-MappingRule-Claim"></a>
The claim name that must be present in the token, for example, "isAdmin" or "paid".  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 64.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}]+`   
Required: Yes

 ** MatchType **   <a name="CognitoIdentity-Type-MappingRule-MatchType"></a>
The match condition that specifies how closely the claim value in the IdP token must match `Value`.  
Type: String  
Valid Values: `Equals | Contains | StartsWith | NotEqual`   
Required: Yes

 ** RoleARN **   <a name="CognitoIdentity-Type-MappingRule-RoleARN"></a>
The role ARN.  
Type: String  
Length Constraints: Minimum length of 20. Maximum length of 2048.  
Required: Yes

 ** Value **   <a name="CognitoIdentity-Type-MappingRule-Value"></a>
A brief string that the claim must match, for example, "paid" or "yes".  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 128.  
Required: Yes

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/MappingRule) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/MappingRule) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/MappingRule) 

# RoleMapping


A role mapping.

## Contents


 ** Type **   <a name="CognitoIdentity-Type-RoleMapping-Type"></a>
The role mapping type. Token will use `cognito:roles` and `cognito:preferred_role` claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.  
Type: String  
Valid Values: `Token | Rules`   
Required: Yes

 ** AmbiguousRoleResolution **   <a name="CognitoIdentity-Type-RoleMapping-AmbiguousRoleResolution"></a>
If you specify Token or Rules as the `Type`, `AmbiguousRoleResolution` is required.  
Specifies the action to be taken if either no rules match the claim value for the `Rules` type, or there is no `cognito:preferred_role` claim and there are multiple `cognito:roles` matches for the `Token` type.  
Type: String  
Valid Values: `AuthenticatedRole | Deny`   
Required: No

 ** RulesConfiguration **   <a name="CognitoIdentity-Type-RoleMapping-RulesConfiguration"></a>
The rules to be used for mapping users to roles.  
If you specify Rules as the role mapping type, `RulesConfiguration` is required.  
Type: [RulesConfigurationType](API_RulesConfigurationType.md) object  
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/RoleMapping) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/RoleMapping) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/RoleMapping) 

# RulesConfigurationType


A container for rules.

## Contents


 ** Rules **   <a name="CognitoIdentity-Type-RulesConfigurationType-Rules"></a>
An array of rules. You can specify up to 25 rules per identity provider.  
Rules are evaluated in order. The first one to match specifies the role.  
Type: Array of [MappingRule](API_MappingRule.md) objects  
Array Members: Minimum number of 1 item. Maximum number of 25 items.  
Required: Yes

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/RulesConfigurationType) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/RulesConfigurationType) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/RulesConfigurationType) 

# UnprocessedIdentityId


An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.

## Contents


 ** ErrorCode **   <a name="CognitoIdentity-Type-UnprocessedIdentityId-ErrorCode"></a>
The error code indicating the type of error that occurred.  
Type: String  
Valid Values: `AccessDenied | InternalServerError`   
Required: No

 ** IdentityId **   <a name="CognitoIdentity-Type-UnprocessedIdentityId-IdentityId"></a>
A unique identifier in the format REGION:GUID.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 55.  
Pattern: `[\w-]+:[0-9a-f-]+`   
Required: No

## See Also


For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cognito-identity-2014-06-30/UnprocessedIdentityId) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cognito-identity-2014-06-30/UnprocessedIdentityId) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cognito-identity-2014-06-30/UnprocessedIdentityId)