interface UserPoolClientOptions
Language | Type name |
---|---|
![]() | Amazon.CDK.AWS.Cognito.UserPoolClientOptions |
![]() | github.com/aws/aws-cdk-go/awscdk/v2/awscognito#UserPoolClientOptions |
![]() | software.amazon.awscdk.services.cognito.UserPoolClientOptions |
![]() | aws_cdk.aws_cognito.UserPoolClientOptions |
![]() | aws-cdk-lib » aws_cognito » UserPoolClientOptions |
Options to create a UserPoolClient.
Example
const pool = new cognito.UserPool(this, 'Pool');
pool.addClient('app-client', {
oAuth: {
flows: {
authorizationCodeGrant: true,
},
scopes: [ cognito.OAuthScope.OPENID ],
callbackUrls: [ 'https://my-app-domain.com/welcome' ],
logoutUrls: [ 'https://my-app-domain.com/signin' ],
},
});
Properties
Name | Type | Description |
---|---|---|
access | Duration | Validity of the access token. |
analytics? | Analytics | The analytics configuration for this client. |
auth | Auth | The set of OAuth authentication flows to enable on the client. |
auth | Duration | Cognito creates a session token for each API request in an authentication flow. |
disable | boolean | Turns off all OAuth interactions for this client. |
enable | boolean | Enable the propagation of additional user context data. |
enable | boolean | Enable token revocation for this client. |
generate | boolean | Whether to generate a client secret. |
id | Duration | Validity of the ID token. |
o | OAuth | OAuth settings for this client to interact with the app. |
prevent | boolean | Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence. |
read | Client | The set of attributes this client will be able to read. |
refresh | Duration | Validity of the refresh token. |
supported | User [] | The list of identity providers that users should be able to use to sign in using this client. |
user | string | Name of the application client. |
write | Client | The set of attributes this client will be able to write. |
accessTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
analytics?
Type:
Analytics
(optional, default: no analytics configuration)
The analytics configuration for this client.
authFlows?
Type:
Auth
(optional, default: If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.)
The set of OAuth authentication flows to enable on the client.
authSessionValidity?
Type:
Duration
(optional, default: Duration.minutes(3))
Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity is the duration, in minutes, of that session token.
see defaults in AuthSessionValidity
. Valid duration is from 3 to 15 minutes.
disableOAuth?
Type:
boolean
(optional, default: false)
Turns off all OAuth interactions for this client.
enablePropagateAdditionalUserContextData?
Type:
boolean
(optional, default: false for new user pool clients)
Enable the propagation of additional user context data.
You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
enableTokenRevocation?
Type:
boolean
(optional, default: true for new user pool clients)
Enable token revocation for this client.
generateSecret?
Type:
boolean
(optional, default: false)
Whether to generate a client secret.
idTokenValidity?
Type:
Duration
(optional, default: Duration.minutes(60))
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
oAuth?
Type:
OAuth
(optional, default: see defaults in OAuthSettings
. meaningless if disableOAuth
is set.)
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and disableOAuth
is set.
preventUserExistenceErrors?
Type:
boolean
(optional, default: false)
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
readAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to read.
refreshTokenValidity?
Type:
Duration
(optional, default: Duration.days(30))
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
supportedIdentityProviders?
Type:
User
[]
(optional, default: supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are
registered with the user pool using the UserPool.registerIdentityProvider()
API.)
The list of identity providers that users should be able to use to sign in using this client.
userPoolClientName?
Type:
string
(optional, default: cloudformation generated name)
Name of the application client.
writeAttributes?
Type:
Client
(optional, default: all standard and custom attributes)
The set of attributes this client will be able to write.