class UserPoolClient (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Cognito.UserPoolClient |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awscognito#UserPoolClient |
 Java | software.amazon.awscdk.services.cognito.UserPoolClient |
 Python | aws_cdk.aws_cognito.UserPoolClient |
 TypeScript (source) | aws-cdk-lib » aws_cognito » UserPoolClient |
Implements
IConstruct, IDependable, IResource, IUser
Define a UserPool App Client.
Example
const pool = new cognito.UserPool(this, 'Pool');
const provider = new cognito.UserPoolIdentityProviderAmazon(this, 'Amazon', {
userPool: pool,
clientId: 'amzn-client-id',
clientSecret: 'amzn-client-secret',
});
const client = pool.addClient('app-client', {
// ...
supportedIdentityProviders: [
cognito.UserPoolClientIdentityProvider.AMAZON,
],
});
client.node.addDependency(provider);
Initializer
new UserPoolClient(scope: Construct, id: string, props: UserPoolClientProps)
Parameters
- scope
Construct - id
string - props
UserPool Client Props
Construct Props
| Name | Type | Description |
|---|---|---|
| user | IUser | The UserPool resource this client will have access to. |
| access | Duration | Validity of the access token. |
| auth | Auth | The set of OAuth authentication flows to enable on the client. |
| auth | Duration | Cognito creates a session token for each API request in an authentication flow. |
| disable | boolean | Turns off all OAuth interactions for this client. |
| enable | boolean | Enable the propagation of additional user context data. |
| enable | boolean | Enable token revocation for this client. |
| generate | boolean | Whether to generate a client secret. |
| id | Duration | Validity of the ID token. |
| o | OAuth | OAuth settings for this client to interact with the app. |
| prevent | boolean | Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence. |
| read | Client | The set of attributes this client will be able to read. |
| refresh | Duration | Validity of the refresh token. |
| supported | User[] | The list of identity providers that users should be able to use to sign in using this client. |
| user | string | Name of the application client. |
| write | Client | The set of attributes this client will be able to write. |
userPool
Type:
IUser
The UserPool resource this client will have access to.
accessTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
authFlows?
Type:
Auth
(optional, default: If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.)
The set of OAuth authentication flows to enable on the client.
authSessionValidity?
Type:
Duration
(optional, default: Duration.minutes(3))
Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity is the duration, in minutes, of that session token.
see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes.
disableOAuth?
Type:
boolean
(optional, default: false)
Turns off all OAuth interactions for this client.
enablePropagateAdditionalUserContextData?
Type:
boolean
(optional, default: false for new user pool clients)
Enable the propagation of additional user context data.
You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
enableTokenRevocation?
Type:
boolean
(optional, default: true for new user pool clients)
Enable token revocation for this client.
generateSecret?
Type:
boolean
(optional, default: false)
Whether to generate a client secret.
idTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
oAuth?
Type:
OAuth
(optional, default: see defaults in OAuthSettings. meaningless if disableOAuth is set.)
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and disableOAuth is set.
preventUserExistenceErrors?
Type:
boolean
(optional, default: false)
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
readAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to read.
refreshTokenValidity?
Type:
Duration
(optional, default: Duration.days(30))
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
supportedIdentityProviders?
Type:
User[]
(optional, default: supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are
registered with the user pool using the UserPool.registerIdentityProvider() API.)
The list of identity providers that users should be able to use to sign in using this client.
userPoolClientName?
Type:
string
(optional, default: cloudformation generated name)
Name of the application client.
writeAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to write.
Properties
| Name | Type | Description |
|---|---|---|
| env | Resource | The environment this resource belongs to. |
| node | Node | The tree node. |
| o | OAuth | The OAuth flows enabled for this client. |
| stack | Stack | The stack in which this resource is defined. |
| user | string | Name of the application client. |
| user | string | The client name that was specified via the userPoolClientName property during initialization, throws an error otherwise. |
| user | Secret | The generated client secret. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
node
Type:
Node
The tree node.
oAuthFlows
Type:
OAuth
The OAuth flows enabled for this client.
stack
Type:
Stack
The stack in which this resource is defined.
userPoolClientId
Type:
string
Name of the application client.
userPoolClientName
Type:
string
The client name that was specified via the userPoolClientName property during initialization, throws an error otherwise.
userPoolClientSecret
Type:
Secret
The generated client secret.
Only available if the "generateSecret" props is set to true
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| to | Returns a string representation of this construct. |
| static from | Import a user pool client given its id. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromUserPoolClientId(scope, id, userPoolClientId)
public static fromUserPoolClientId(scope: Construct, id: string, userPoolClientId: string): IUserPoolClient
Parameters
- scope
Construct - id
string - userPoolClientId
string
Returns
Import a user pool client given its id.