The AWS Mobile SDK for iOS 2.0.13.

Author: Yosuke Matsuda

AWSCore/Authentication/AWSIdentityProvider.h

@@ -60,7 +60,18 @@ typedef NS_ENUM(NSInteger, AWSCognitoIdentityProviderErrorType) {
 
 @end
 
-@interface AWSBasicCognitoIdentityProvider : AWSAbstractIdentityProvider
+@interface AWSAbstractCognitoIdentityProvider : AWSAbstractIdentityProvider
+
+@property (nonatomic, strong, readonly) NSString *providerName;
+
+- (instancetype)initWithRegionType:(AWSRegionType)regionType
+                        identityId:(NSString *)identityId
+                         accountId:(NSString *)accountId
+                    identityPoolId:(NSString *)identityPoolId
+                            logins:(NSDictionary *)logins;
+@end
+
+@interface AWSBasicCognitoIdentityProvider : AWSAbstractCognitoIdentityProvider
 
 - (instancetype)initWithRegionType:(AWSRegionType)regionType
                         identityId:(NSString *)identityId

AWSCore/Authentication/AWSIdentityProvider.m

@@ -117,15 +117,16 @@ - (void)postIdentityIdChangedNotification:(NSString *)newId {
 
 @end
 
-@interface AWSBasicCognitoIdentityProvider()
+@interface AWSAbstractCognitoIdentityProvider()
 @property (nonatomic, strong) NSString *accountId;
+@property (nonatomic, strong) NSString *providerName;
 @property (nonatomic, strong) AWSCognitoIdentity *cib;
 @property (nonatomic, strong) BFExecutor *executor;
 @property (atomic, assign) int32_t count;
 @property (nonatomic, strong) dispatch_semaphore_t semaphore;
 @end
 
-@implementation AWSBasicCognitoIdentityProvider
+@implementation AWSAbstractCognitoIdentityProvider
 @synthesize accountId=_accountId;
 
 - (instancetype)initWithRegionType:(AWSRegionType)regionType
@@ -169,7 +170,7 @@ - (BFTask *)getIdentityId {
             }
             else {
                 dispatch_semaphore_wait(self.semaphore, dispatch_time(DISPATCH_TIME_NOW, 5 * NSEC_PER_SEC));
-                return nil;
+                return [BFTask taskWithResult:nil];
             }
         }] continueWithBlock:^id(BFTask *task) {
             self.count--;
@@ -263,8 +264,25 @@ - (BFTask *)refresh {
             self.identityId = identityIdFromToken;
         }
 
-        return nil;
+        return [BFTask taskWithResult:nil];
     }];
 }
 
 @end
+
+@implementation AWSBasicCognitoIdentityProvider
+
+- (instancetype)initWithRegionType:(AWSRegionType)regionType
+                        identityId:(NSString *)identityId
+                         accountId:(NSString *)accountId
+                    identityPoolId:(NSString *)identityPoolId
+                            logins:(NSDictionary *)logins {
+    
+    
+    if (self = [super initWithRegionType:regionType identityId:identityId accountId:accountId identityPoolId:identityPoolId logins:logins]) {
+        self.providerName = @"Cognito";
+    }
+    return self;
+}
+
+@end

AWSCore/Authentication/AWSSignature.m

@@ -50,8 +50,7 @@ + (NSString *)hashString:(NSString *)stringToHash {
 }
 
 + (NSData *)hash:(NSData *)dataToHash {
-    if ([dataToHash length] > UINT32_MAX)
-    {
+    if ([dataToHash length] > UINT32_MAX) {
         return nil;
     }
 

AWSCore/CognitoIdentity/AWSCognitoIdentity.h

@@ -20,7 +20,7 @@
 @class BFTask;
 
 /**
- * <fullname>Amazon Cognito</fullname><p>Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices andother untrusted environments. Amazon Cognito uniquely identifies a device and supplies the userwith a consistent identity over the lifetime of an application.</p><p>Using Amazon Cognito, you can enable authentication with one or more third-party identityproviders (Facebook, Google, or Login with Amazon), and you can also choose to supportunauthenticated access from your app. Cognito delivers a unique identifier for each userand acts as an OpenID token provider trusted by AWS Security Token Service (STS) to accesstemporary, limited-privilege AWS credentials.</p><p>To provide end-user credentials, first make an unsigned call to <a>GetId</a>. If the enduser is authenticated with one of the supported identity providers, set the <code>Logins</code> map with the identity provider token. <code>GetId</code> returns aunique identifier for the user.</p><p>Next, make an unsigned call to <a>GetOpenIdToken</a>, which returns the OpenID tokennecessary to call STS and retrieve AWS credentials. This call expects the same <code>Logins</code> map as the <code>GetId</code> call, as well as the <code>IdentityID</code> originally returned by <code>GetId</code>. The token returned by <code>GetOpenIdToken</code> can be passed to the STS operation <a href="http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html">AssumeRoleWithWebIdentity</a> to retrieve AWS credentials.</p>
+ * <fullname>Amazon Cognito</fullname><p>Amazon Cognito is a web service that delivers scoped temporary credentials to mobile devices and other untrusted environments. Amazon Cognito uniquely identifies a device and supplies the user with a consistent identity over the lifetime of an application.</p><p>Using Amazon Cognito, you can enable authentication with one or more third-party identity providers (Facebook, Google, or Login with Amazon), and you can also choose to support unauthenticated access from your app. Cognito delivers a unique identifier for each user and acts as an OpenID token provider trusted by AWS Security Token Service (STS) to access temporary, limited-privilege AWS credentials.</p><p>To provide end-user credentials, first make an unsigned call to <a>GetId</a>. If the end user is authenticated with one of the supported identity providers, set the <code>Logins</code> map with the identity provider token. <code>GetId</code> returns a unique identifier for the user.</p><p>Next, make an unsigned call to <a>GetOpenIdToken</a>, which returns the OpenID token necessary to call STS and retrieve AWS credentials. This call expects the same <code>Logins</code> map as the <code>GetId</code> call, as well as the <code>IdentityID</code> originally returned by <code>GetId</code>. The token returned by <code>GetOpenIdToken</code> can be passed to the STS operation <a href="http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html">AssumeRoleWithWebIdentity</a> to retrieve AWS credentials.</p>
  */
 @interface AWSCognitoIdentity : AWSService
 
@@ -31,7 +31,7 @@
 - (instancetype)initWithConfiguration:(AWSServiceConfiguration *)configuration;
 
 /**
- * <p>Creates a new identity pool. The identity pool is a store of user identity information thatis specific to your AWS account. The limit on identity pools is 60 per account.</p>
+ * <p>Creates a new identity pool. The identity pool is a store of user identity information that is specific to your AWS account. The limit on identity pools is 60 per account.</p>
  *
  * @param request A container for the necessary parameters to execute the CreateIdentityPool service method.
  *
@@ -43,7 +43,7 @@
 - (BFTask *)createIdentityPool:(AWSCognitoIdentityCreateIdentityPoolInput *)request;
 
 /**
- * <p>Deletes a user pool. Once a pool is deleted, users will not be able to authenticate withthe pool.</p>
+ * <p>Deletes a user pool. Once a pool is deleted, users will not be able to authenticate with the pool.</p>
  *
  * @param request A container for the necessary parameters to execute the DeleteIdentityPool service method.
  *
@@ -54,7 +54,7 @@
 - (BFTask *)deleteIdentityPool:(AWSCognitoIdentityDeleteIdentityPoolInput *)request;
 
 /**
- * <p>Gets details about a particular identity pool, including the pool name, ID description,creation date, and current number of users.</p>
+ * <p>Gets details about a particular identity pool, including the pool name, ID description, creation date, and current number of users.</p>
  *
  * @param request A container for the necessary parameters to execute the DescribeIdentityPool service method.
  *
@@ -66,7 +66,7 @@
 - (BFTask *)describeIdentityPool:(AWSCognitoIdentityDescribeIdentityPoolInput *)request;
 
 /**
- * <p>Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicitlinked account.</p>
+ * <p>Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicit linked account.</p>
  *
  * @param request A container for the necessary parameters to execute the GetId service method.
  *
@@ -78,7 +78,7 @@
 - (BFTask *)getId:(AWSCognitoIdentityGetIdInput *)request;
 
 /**
- * <p>Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by<a>GetId</a>. You can optionally add additional logins for the identity. Supplying multiple loginscreates an implicit link.</p><p>The OpenId token is valid for 15 minutes.</p>
+ * <p>Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by <a>GetId</a>. You can optionally add additional logins for the identity. Supplying multiple logins creates an implicit link.</p><p>The OpenId token is valid for 15 minutes.</p>
  *
  * @param request A container for the necessary parameters to execute the GetOpenIdToken service method.
  *
@@ -89,6 +89,16 @@
  */
 - (BFTask *)getOpenIdToken:(AWSCognitoIdentityGetOpenIdTokenInput *)request;
 
+/**
+ * <p>Registers (or retrieves) a Cognito <code>IdentityId</code> and an OpenID Connect token for a user authenticated by your backend authentication process. Supplying multiple logins will create an implicit linked account. You can only specify one developer provider as part of the <code>Logins</code> map, which is linked to the identity pool. The developer provider is the "domain" by which Cognito will refer to your users.</p><p>You can use <code>GetOpenIdTokenForDeveloperIdentity</code> to create a new identity and to link new logins (that is, user credentials issued by a public provider or developer provider) to an existing identity. When you want to create a new identity, the <code>IdentityId</code> should be null. When you want to associate a new login with an existing authenticated/unauthenticated identity, you can do so by providing the existing <code>IdentityId</code>. This API will create the identity in the specified <code>IdentityPoolId</code>.</p>
+ *
+ * @param request A container for the necessary parameters to execute the GetOpenIdTokenForDeveloperIdentity service method.
+ *
+ * @return An instance of BFTask. On successful execution, task.result will contain an instance of AWSCognitoIdentityGetOpenIdTokenForDeveloperIdentityResponse. On failed execution, task.error may contain an NSError with AWSCognitoIdentityErrorDomain domian and the following error code: AWSCognitoIdentityErrorInvalidParameter, AWSCognitoIdentityErrorResourceNotFound, AWSCognitoIdentityErrorNotAuthorized, AWSCognitoIdentityErrorResourceConflict, AWSCognitoIdentityErrorTooManyRequests, AWSCognitoIdentityErrorInternalError, AWSCognitoIdentityErrorDeveloperUserAlreadyRegistered.
+ *
+ * @see AWSCognitoIdentityGetOpenIdTokenForDeveloperIdentityInput
+ * @see AWSCognitoIdentityGetOpenIdTokenForDeveloperIdentityResponse
+ */
 - (BFTask *)getOpenIdTokenForDeveloperIdentity:(AWSCognitoIdentityGetOpenIdTokenForDeveloperIdentityInput *)request;
 
 /**
@@ -115,14 +125,43 @@
  */
 - (BFTask *)listIdentityPools:(AWSCognitoIdentityListIdentityPoolsInput *)request;
 
+/**
+ * <p>Retrieves the <code>IdentityID</code> associated with a <code>DeveloperUserIdentifier</code> or the list of <code>DeveloperUserIdentifier</code>s associated with an <code>IdentityId</code> for an existing identity. Either <code>IdentityID</code> or <code>DeveloperUserIdentifier</code> must not be null. If you supply only one of these values, the other value will be searched in the database and returned as a part of the response. If you supply both, <code>DeveloperUserIdentifier</code> will be matched against <code>IdentityID</code>. If the values are verified against the database, the response returns both values and is the same as the request. Otherwise a <code>ResourceConflictException</code> is thrown.</p>
+ *
+ * @param request A container for the necessary parameters to execute the LookupDeveloperIdentity service method.
+ *
+ * @return An instance of BFTask. On successful execution, task.result will contain an instance of AWSCognitoIdentityLookupDeveloperIdentityResponse. On failed execution, task.error may contain an NSError with AWSCognitoIdentityErrorDomain domian and the following error code: AWSCognitoIdentityErrorInvalidParameter, AWSCognitoIdentityErrorResourceNotFound, AWSCognitoIdentityErrorNotAuthorized, AWSCognitoIdentityErrorResourceConflict, AWSCognitoIdentityErrorTooManyRequests, AWSCognitoIdentityErrorInternalError.
+ *
+ * @see AWSCognitoIdentityLookupDeveloperIdentityInput
+ * @see AWSCognitoIdentityLookupDeveloperIdentityResponse
+ */
 - (BFTask *)lookupDeveloperIdentity:(AWSCognitoIdentityLookupDeveloperIdentityInput *)request;
 
+/**
+ * <p>Merges two users having different <code>IdentityId</code>s, existing in the same identity pool, and identified by the same developer provider. You can use this action to request that discrete users be merged and identified as a single user in the Cognito environment. Cognito associates the given source user (<code>SourceUserIdentifier</code>) with the <code>IdentityId</code> of the <code>DestinationUserIdentifier</code>. Only developer-authenticated users can be merged. If the users to be merged are associated with the same public provider, but as two different users, an exception will be thrown.</p>
+ *
+ * @param request A container for the necessary parameters to execute the MergeDeveloperIdentities service method.
+ *
+ * @return An instance of BFTask. On successful execution, task.result will contain an instance of AWSCognitoIdentityMergeDeveloperIdentitiesResponse. On failed execution, task.error may contain an NSError with AWSCognitoIdentityErrorDomain domian and the following error code: AWSCognitoIdentityErrorInvalidParameter, AWSCognitoIdentityErrorResourceNotFound, AWSCognitoIdentityErrorNotAuthorized, AWSCognitoIdentityErrorResourceConflict, AWSCognitoIdentityErrorTooManyRequests, AWSCognitoIdentityErrorInternalError.
+ *
+ * @see AWSCognitoIdentityMergeDeveloperIdentitiesInput
+ * @see AWSCognitoIdentityMergeDeveloperIdentitiesResponse
+ */
 - (BFTask *)mergeDeveloperIdentities:(AWSCognitoIdentityMergeDeveloperIdentitiesInput *)request;
 
+/**
+ * <p>Unlinks a <code>DeveloperUserIdentifier</code> from an existing identity. Unlinked developer users will be considered new identities next time they are seen. If, for a given Cognito identity, you remove all federated identities as well as the developer user identifier, the Cognito identity becomes inaccessible.</p>
+ *
+ * @param request A container for the necessary parameters to execute the UnlinkDeveloperIdentity service method.
+ *
+ * @return An instance of BFTask. On successful execution, task.result will be nil. On failed execution, task.error may contain an NSError with AWSCognitoIdentityErrorDomain domian and the following error code: AWSCognitoIdentityErrorInvalidParameter, AWSCognitoIdentityErrorResourceNotFound, AWSCognitoIdentityErrorNotAuthorized, AWSCognitoIdentityErrorResourceConflict, AWSCognitoIdentityErrorTooManyRequests, AWSCognitoIdentityErrorInternalError.
+ *
+ * @see AWSCognitoIdentityUnlinkDeveloperIdentityInput
+ */
 - (BFTask *)unlinkDeveloperIdentity:(AWSCognitoIdentityUnlinkDeveloperIdentityInput *)request;
 
 /**
- * <p>Unlinks a federated identity from an existing account. Unlinked logins will be considerednew identities next time they are seen. Removing the last linked login will make thisidentity inaccessible.</p>
+ * <p>Unlinks a federated identity from an existing account. Unlinked logins will be considered new identities next time they are seen. Removing the last linked login will make this identity inaccessible.</p>
  *
  * @param request A container for the necessary parameters to execute the UnlinkIdentity service method.
  *

AWSCore/CognitoIdentity/AWSCognitoIdentity.m

@@ -14,7 +14,7 @@
 #import "AWSURLResponseSerialization.h"
 #import "AWSURLRequestRetryHandler.h"
 
-NSString *const AWSCIBDefinitionFileName = @"cib-2014-06-30";
+NSString *const AWSCIBDefinitionFileName = @"cognito-identity-2014-06-30";
 
 @interface AWSCognitoIdentityResponseSerializer : AWSJSONResponseSerializer
 
@@ -229,6 +229,7 @@ - (BFTask *)invokeRequest:(AWSRequest *)request
 }
 
 #pragma mark - Service method
+
 - (BFTask *)createIdentityPool:(AWSCognitoIdentityCreateIdentityPoolInput *)request {
     return [self invokeRequest:request
                     HTTPMethod:AWSHTTPMethodPOST