UserPoolIdentityProviderOidcProps

class aws_cdk.aws_cognito.UserPoolIdentityProviderOidcProps(*, user_pool, attribute_mapping=None, client_id, client_secret, issuer_url, attribute_request_method=None, endpoints=None, identifiers=None, name=None, scopes=None)

Bases: UserPoolIdentityProviderProps

Properties to initialize UserPoolIdentityProviderOidc.

Parameters:
  • user_pool (IUserPool) – The user pool to which this construct provides identities.

  • attribute_mapping (Union[AttributeMapping, Dict[str, Any], None]) – Mapping attributes from the identity provider to standard and custom attributes of the user pool. Default: - no attribute mapping

  • client_id (str) – The client id.

  • client_secret (str) – The client secret.

  • issuer_url (str) – Issuer URL.

  • attribute_request_method (Optional[OidcAttributeRequestMethod]) – The method to use to request attributes. Default: OidcAttributeRequestMethod.GET

  • endpoints (Union[OidcEndpoints, Dict[str, Any], None]) – OpenID connect endpoints. Default: - auto discovered with issuer URL

  • identifiers (Optional[Sequence[str]]) – Identifiers. Identifiers can be used to redirect users to the correct IdP in multitenant apps. Default: - no identifiers used

  • name (Optional[str]) – The name of the provider. Default: - the unique ID of the construct

  • scopes (Optional[Sequence[str]]) – The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app. Default: [‘openid’]

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_cognito as cognito

# provider_attribute: cognito.ProviderAttribute
# user_pool: cognito.UserPool

user_pool_identity_provider_oidc_props = cognito.UserPoolIdentityProviderOidcProps(
    client_id="clientId",
    client_secret="clientSecret",
    issuer_url="issuerUrl",
    user_pool=user_pool,

    # the properties below are optional
    attribute_mapping=cognito.AttributeMapping(
        address=provider_attribute,
        birthdate=provider_attribute,
        custom={
            "custom_key": provider_attribute
        },
        email=provider_attribute,
        family_name=provider_attribute,
        fullname=provider_attribute,
        gender=provider_attribute,
        given_name=provider_attribute,
        last_update_time=provider_attribute,
        locale=provider_attribute,
        middle_name=provider_attribute,
        nickname=provider_attribute,
        phone_number=provider_attribute,
        preferred_username=provider_attribute,
        profile_page=provider_attribute,
        profile_picture=provider_attribute,
        timezone=provider_attribute,
        website=provider_attribute
    ),
    attribute_request_method=cognito.OidcAttributeRequestMethod.GET,
    endpoints=cognito.OidcEndpoints(
        authorization="authorization",
        jwks_uri="jwksUri",
        token="token",
        user_info="userInfo"
    ),
    identifiers=["identifiers"],
    name="name",
    scopes=["scopes"]
)

Attributes

attribute_mapping

Mapping attributes from the identity provider to standard and custom attributes of the user pool.

Default:
  • no attribute mapping

attribute_request_method

The method to use to request attributes.

Default:

OidcAttributeRequestMethod.GET

client_id

The client id.

client_secret

The client secret.

endpoints

OpenID connect endpoints.

Default:
  • auto discovered with issuer URL

identifiers

Identifiers.

Identifiers can be used to redirect users to the correct IdP in multitenant apps.

Default:
  • no identifiers used

issuer_url

Issuer URL.

name

The name of the provider.

Default:
  • the unique ID of the construct

scopes

The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app.

Default:

[‘openid’]

user_pool

The user pool to which this construct provides identities.