Class CfnUserPoolClient
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.cognito.CfnUserPoolClient
- All Implemented Interfaces:
IInspectable,software.amazon.jsii.JsiiSerializable,software.constructs.IConstruct,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.101.0 (build b95fe5d)",
date="2024-07-12T19:33:59.451Z")
@Stability(Stable)
public class CfnUserPoolClient
extends CfnResource
implements IInspectable
The
AWS::Cognito::UserPoolClient resource specifies an Amazon Cognito user pool client.
If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.
Example:
import software.amazon.awscdk.services.certificatemanager.*;
Vpc vpc;
Certificate certificate;
ApplicationLoadBalancer lb = ApplicationLoadBalancer.Builder.create(this, "LB")
.vpc(vpc)
.internetFacing(true)
.build();
UserPool userPool = new UserPool(this, "UserPool");
UserPoolClient userPoolClient = UserPoolClient.Builder.create(this, "Client")
.userPool(userPool)
// Required minimal configuration for use with an ELB
.generateSecret(true)
.authFlows(AuthFlow.builder()
.userPassword(true)
.build())
.oAuth(OAuthSettings.builder()
.flows(OAuthFlows.builder()
.authorizationCodeGrant(true)
.build())
.scopes(List.of(OAuthScope.EMAIL))
.callbackUrls(List.of(String.format("https://%s/oauth2/idpresponse", lb.getLoadBalancerDnsName())))
.build())
.build();
CfnUserPoolClient cfnClient = (CfnUserPoolClient)userPoolClient.getNode().getDefaultChild();
cfnClient.addPropertyOverride("RefreshTokenValidity", 1);
cfnClient.addPropertyOverride("SupportedIdentityProviders", List.of("COGNITO"));
UserPoolDomain userPoolDomain = UserPoolDomain.Builder.create(this, "Domain")
.userPool(userPool)
.cognitoDomain(CognitoDomainOptions.builder()
.domainPrefix("test-cdk-prefix")
.build())
.build();
lb.addListener("Listener", BaseApplicationListenerProps.builder()
.port(443)
.certificates(List.of(certificate))
.defaultAction(AuthenticateCognitoAction.Builder.create()
.userPool(userPool)
.userPoolClient(userPoolClient)
.userPoolDomain(userPoolDomain)
.next(ListenerAction.fixedResponse(200, FixedResponseOptions.builder()
.contentType("text/plain")
.messageBody("Authenticated")
.build()))
.build())
.build());
CfnOutput.Builder.create(this, "DNS")
.value(lb.getLoadBalancerDnsName())
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceThe Amazon Pinpoint analytics configuration necessary to collect metrics for a user pool.static final classA fluent builder forCfnUserPoolClient.static interfaceThe time units you use when you set the duration of ID, access, and refresh tokens.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$DefaultNested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe CloudFormation resource type name for this resource class. -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedCfnUserPoolClient(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnUserPoolClient(software.amazon.jsii.JsiiObjectRef objRef) CfnUserPoolClient(software.constructs.Construct scope, String id, CfnUserPoolClientProps props) -
Method Summary
Modifier and TypeMethodDescriptionThe access token time limit.The OAuth grant types that you want your app client to generate.Set totrueto use OAuth 2.0 features in your user pool app client.The allowed OAuth scopes.The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.The ID of the app client, for example1example23456789.Amazon Cognito creates a session token for each API request in an authentication flow.A list of allowed redirect (callback) URLs for the IdPs.The client name for the user pool client you would like to create.The default redirect URI.Activates the propagation of additional user context data.Activates or deactivates token revocation.The authentication flows that you want your user pool client to support.Boolean to specify whether you want to generate a secret for the user pool client being created.The ID token time limit.A list of allowed logout URLs for the IdPs.Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.The list of user attributes that you want your app client to have read-only access to.The refresh token time limit.A list of provider names for the identity providers (IdPs) that are supported on this client.The units in which the validity times are represented.The user pool ID for the user pool where you want to create a user pool client.The list of user attributes that you want your app client to have write access to.voidinspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties(Map<String, Object> props) voidsetAccessTokenValidity(Number value) The access token time limit.voidsetAllowedOAuthFlows(List<String> value) The OAuth grant types that you want your app client to generate.voidSet totrueto use OAuth 2.0 features in your user pool app client.voidSet totrueto use OAuth 2.0 features in your user pool app client.voidsetAllowedOAuthScopes(List<String> value) The allowed OAuth scopes.voidThe user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.voidThe user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.voidsetAuthSessionValidity(Number value) Amazon Cognito creates a session token for each API request in an authentication flow.voidsetCallbackUrLs(List<String> value) A list of allowed redirect (callback) URLs for the IdPs.voidsetClientName(String value) The client name for the user pool client you would like to create.voidsetDefaultRedirectUri(String value) The default redirect URI.voidActivates the propagation of additional user context data.voidActivates the propagation of additional user context data.voidsetEnableTokenRevocation(Boolean value) Activates or deactivates token revocation.voidActivates or deactivates token revocation.voidsetExplicitAuthFlows(List<String> value) The authentication flows that you want your user pool client to support.voidsetGenerateSecret(Boolean value) Boolean to specify whether you want to generate a secret for the user pool client being created.voidsetGenerateSecret(IResolvable value) Boolean to specify whether you want to generate a secret for the user pool client being created.voidsetIdTokenValidity(Number value) The ID token time limit.voidsetLogoutUrLs(List<String> value) A list of allowed logout URLs for the IdPs.voidUse this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.voidsetReadAttributes(List<String> value) The list of user attributes that you want your app client to have read-only access to.voidsetRefreshTokenValidity(Number value) The refresh token time limit.voidsetSupportedIdentityProviders(List<String> value) A list of provider names for the identity providers (IdPs) that are supported on this client.voidsetTokenValidityUnits(IResolvable value) The units in which the validity times are represented.voidThe units in which the validity times are represented.voidsetUserPoolId(String value) The user pool ID for the user pool where you want to create a user pool client.voidsetWriteAttributes(List<String> value) The list of user attributes that you want your app client to have write access to.Methods inherited from class software.amazon.awscdk.CfnResource
addDeletionOverride, addDependency, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, obtainDependencies, obtainResourceDependencies, removeDependency, replaceDependency, shouldSynthesize, toString, validatePropertiesMethods inherited from class software.amazon.awscdk.CfnRefElement
getRefMethods inherited from class software.amazon.awscdk.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalIdMethods inherited from class software.constructs.Construct
getNode, isConstructMethods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnUserPoolClient
protected CfnUserPoolClient(software.amazon.jsii.JsiiObjectRef objRef) -
CfnUserPoolClient
protected CfnUserPoolClient(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnUserPoolClient
@Stability(Stable) public CfnUserPoolClient(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnUserPoolClientProps props) - Parameters:
scope- Scope in which this resource is defined. This parameter is required.id- Construct identifier for this resource (unique in its scope). This parameter is required.props- Resource properties. This parameter is required.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspectin interfaceIInspectable- Parameters:
inspector- tree inspector to collect and process attributes. This parameter is required.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderPropertiesin classCfnResource- Parameters:
props- This parameter is required.
-
getAttrClientId
The ID of the app client, for example1example23456789. -
getAttrClientSecret
-
getAttrName
-
getCfnProperties
- Overrides:
getCfnPropertiesin classCfnResource
-
getUserPoolId
The user pool ID for the user pool where you want to create a user pool client. -
setUserPoolId
The user pool ID for the user pool where you want to create a user pool client. -
getAccessTokenValidity
The access token time limit. -
setAccessTokenValidity
The access token time limit. -
getAllowedOAuthFlows
The OAuth grant types that you want your app client to generate. -
setAllowedOAuthFlows
The OAuth grant types that you want your app client to generate. -
getAllowedOAuthFlowsUserPoolClient
Set totrueto use OAuth 2.0 features in your user pool app client. -
setAllowedOAuthFlowsUserPoolClient
Set totrueto use OAuth 2.0 features in your user pool app client. -
setAllowedOAuthFlowsUserPoolClient
Set totrueto use OAuth 2.0 features in your user pool app client. -
getAllowedOAuthScopes
The allowed OAuth scopes. -
setAllowedOAuthScopes
The allowed OAuth scopes. -
getAnalyticsConfiguration
The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. -
setAnalyticsConfiguration
The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. -
setAnalyticsConfiguration
@Stability(Stable) public void setAnalyticsConfiguration(@Nullable CfnUserPoolClient.AnalyticsConfigurationProperty value) The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. -
getAuthSessionValidity
Amazon Cognito creates a session token for each API request in an authentication flow. -
setAuthSessionValidity
Amazon Cognito creates a session token for each API request in an authentication flow. -
getCallbackUrLs
A list of allowed redirect (callback) URLs for the IdPs. -
setCallbackUrLs
A list of allowed redirect (callback) URLs for the IdPs. -
getClientName
The client name for the user pool client you would like to create. -
setClientName
The client name for the user pool client you would like to create. -
getDefaultRedirectUri
The default redirect URI. -
setDefaultRedirectUri
The default redirect URI. -
getEnablePropagateAdditionalUserContextData
Activates the propagation of additional user context data. -
setEnablePropagateAdditionalUserContextData
Activates the propagation of additional user context data. -
setEnablePropagateAdditionalUserContextData
@Stability(Stable) public void setEnablePropagateAdditionalUserContextData(@Nullable IResolvable value) Activates the propagation of additional user context data. -
getEnableTokenRevocation
Activates or deactivates token revocation.For more information about revoking tokens, see RevokeToken .
-
setEnableTokenRevocation
Activates or deactivates token revocation.For more information about revoking tokens, see RevokeToken .
-
setEnableTokenRevocation
Activates or deactivates token revocation.For more information about revoking tokens, see RevokeToken .
-
getExplicitAuthFlows
The authentication flows that you want your user pool client to support. -
setExplicitAuthFlows
The authentication flows that you want your user pool client to support. -
getGenerateSecret
Boolean to specify whether you want to generate a secret for the user pool client being created. -
setGenerateSecret
Boolean to specify whether you want to generate a secret for the user pool client being created. -
setGenerateSecret
Boolean to specify whether you want to generate a secret for the user pool client being created. -
getIdTokenValidity
The ID token time limit. -
setIdTokenValidity
The ID token time limit. -
getLogoutUrLs
A list of allowed logout URLs for the IdPs. -
setLogoutUrLs
A list of allowed logout URLs for the IdPs. -
getPreventUserExistenceErrors
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. -
setPreventUserExistenceErrors
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. -
getReadAttributes
The list of user attributes that you want your app client to have read-only access to. -
setReadAttributes
The list of user attributes that you want your app client to have read-only access to. -
getRefreshTokenValidity
The refresh token time limit. -
setRefreshTokenValidity
The refresh token time limit. -
getSupportedIdentityProviders
A list of provider names for the identity providers (IdPs) that are supported on this client. -
setSupportedIdentityProviders
A list of provider names for the identity providers (IdPs) that are supported on this client. -
getTokenValidityUnits
The units in which the validity times are represented. -
setTokenValidityUnits
The units in which the validity times are represented. -
setTokenValidityUnits
@Stability(Stable) public void setTokenValidityUnits(@Nullable CfnUserPoolClient.TokenValidityUnitsProperty value) The units in which the validity times are represented. -
getWriteAttributes
The list of user attributes that you want your app client to have write access to. -
setWriteAttributes
The list of user attributes that you want your app client to have write access to.
-