interface UserPoolClientOptions
This page is available in another version. Click here for the v2 documentation.
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.Cognito.UserPoolClientOptions |
Java | software.amazon.awscdk.services.cognito.UserPoolClientOptions |
Python | aws_cdk.aws_cognito.UserPoolClientOptions |
TypeScript (source) | @aws-cdk/aws-cognito » UserPoolClientOptions |
Options to create a UserPoolClient.
Example
const pool = new cognito.UserPool(this, 'Pool');
pool.addClient('app-client', {
oAuth: {
flows: {
authorizationCodeGrant: true,
},
scopes: [ cognito.OAuthScope.OPENID ],
callbackUrls: [ 'https://my-app-domain.com/welcome' ],
logoutUrls: [ 'https://my-app-domain.com/signin' ],
},
});
Properties
Name | Type | Description |
---|---|---|
access | Duration | Validity of the access token. |
auth | Auth | The set of OAuth authentication flows to enable on the client. |
disable | boolean | Turns off all OAuth interactions for this client. |
enable | boolean | Enable token revocation for this client. |
generate | boolean | Whether to generate a client secret. |
id | Duration | Validity of the ID token. |
o | OAuth | OAuth settings for this client to interact with the app. |
prevent | boolean | Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence. |
read | Client | The set of attributes this client will be able to read. |
refresh | Duration | Validity of the refresh token. |
supported | User [] | The list of identity providers that users should be able to use to sign in using this client. |
user | string | Name of the application client. |
write | Client | The set of attributes this client will be able to write. |
accessTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
authFlows?
Type:
Auth
(optional, default: all auth flows disabled)
The set of OAuth authentication flows to enable on the client.
disableOAuth?
Type:
boolean
(optional, default: false)
Turns off all OAuth interactions for this client.
enableTokenRevocation?
Type:
boolean
(optional, default: true for new user pool clients)
Enable token revocation for this client.
generateSecret?
Type:
boolean
(optional, default: false)
Whether to generate a client secret.
idTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
oAuth?
Type:
OAuth
(optional, default: see defaults in OAuthSettings
. meaningless if disableOAuth
is set.)
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and disableOAuth
is set.
preventUserExistenceErrors?
Type:
boolean
(optional, default: false)
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
readAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to read.
refreshTokenValidity?
Type:
Duration
(optional, default: Duration.days(30))
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
supportedIdentityProviders?
Type:
User
[]
(optional, default: supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are
registered with the user pool using the UserPool.registerIdentityProvider()
API.)
The list of identity providers that users should be able to use to sign in using this client.
userPoolClientName?
Type:
string
(optional, default: cloudformation generated name)
Name of the application client.
writeAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to write.