OAuthScope
- class aws_cdk.aws_cognito.OAuthScope(*args: Any, **kwargs)
Bases:
objectOAuth scopes that are allowed with this client.
- See:
- ExampleMetadata:
infused
Example:
pool = cognito.UserPool(self, "Pool") read_only_scope = cognito.ResourceServerScope(scope_name="read", scope_description="Read-only access") full_access_scope = cognito.ResourceServerScope(scope_name="*", scope_description="Full access") user_server = pool.add_resource_server("ResourceServer", identifier="users", scopes=[read_only_scope, full_access_scope] ) read_only_client = pool.add_client("read-only-client", # ... o_auth=cognito.OAuthSettings( # ... scopes=[cognito.OAuthScope.resource_server(user_server, read_only_scope)] ) ) full_access_client = pool.add_client("full-access-client", # ... o_auth=cognito.OAuthSettings( # ... scopes=[cognito.OAuthScope.resource_server(user_server, full_access_scope)] ) )
Attributes
- COGNITO_ADMIN = <aws_cdk.aws_cognito.OAuthScope object>
- EMAIL = <aws_cdk.aws_cognito.OAuthScope object>
- OPENID = <aws_cdk.aws_cognito.OAuthScope object>
- PHONE = <aws_cdk.aws_cognito.OAuthScope object>
- PROFILE = <aws_cdk.aws_cognito.OAuthScope object>
- scope_name
The name of this scope as recognized by CloudFormation.
Static Methods
- classmethod custom(name)
Custom scope is one that you define for your own resource server in the Resource Servers.
The format is ‘resource-server-identifier/scope’.
- Parameters:
name (
str) –- See:
- Return type:
- classmethod resource_server(server, scope)
Adds a custom scope that’s tied to a resource server in your stack.
- Parameters:
server (
IUserPoolResourceServer) –scope (
ResourceServerScope) –
- Return type: