AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Links an existing user account in a user pool, or DestinationUser, to an identity
from an external IdP, or SourceUser, based on a specified attribute name and
value from the external IdP.
This operation connects a local user profile with a user identity who hasn't yet signed
in from their third-party IdP. When the user signs in with their IdP, they get access-control
configuration from the local user profile. Linked local users can also sign in with
SDK-based API operations like InitiateAuth after they sign in at least once
through their IdP. For more information, see Linking
federated users.
The maximum number of federated identities linked to a user is five.
Because this API allows a user with an external federated identity to sign in as a local user, it is critical that it only be used with external IdPs and linked attributes that you trust.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
For .NET Core this operation is only available in asynchronous form. Please refer to AdminLinkProviderForUserAsync.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual AdminLinkProviderForUserResponse AdminLinkProviderForUser( AdminLinkProviderForUserRequest request )
Container for the necessary parameters to execute the AdminLinkProviderForUser service method.
| Exception | Condition |
|---|---|
| AliasExistsException | This exception is thrown when a user tries to confirm the account with an email address or phone number that has already been supplied as an alias for a different user profile. This exception indicates that an account with this email address or phone already exists in a user pool that you've configured to use email address or phone number as a sign-in alias. |
| InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
| InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
| LimitExceededException | This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. |
| NotAuthorizedException | This exception is thrown when a user isn't authorized. |
| ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
| TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
| UserNotFoundException | This exception is thrown when a user isn't found. |
.NET Framework:
Supported in: 4.5 and newer, 3.5