UserPoolIdentityProviderGoogleProps

class aws_cdk.aws_cognito.UserPoolIdentityProviderGoogleProps(*, user_pool, attribute_mapping=None, client_id, client_secret=None, client_secret_value=None, scopes=None)

Bases: UserPoolIdentityProviderProps

Properties to initialize UserPoolGoogleIdentityProvider.

Parameters:

  • user_pool (IUserPool) – The user pool to which this construct provides identities.

  • attribute_mapping (Union[AttributeMapping, Dict[str, Any], None]) – Mapping attributes from the identity provider to standard and custom attributes of the user pool. Default: - no attribute mapping

  • client_id (str) – The client id recognized by Google APIs.

  • client_secret (Optional[str]) – (deprecated) The client secret to be accompanied with clientId for Google APIs to authenticate the client. Default: none

  • client_secret_value (Optional[SecretValue]) – The client secret to be accompanied with clientId for Google APIs to authenticate the client as SecretValue. Default: none

  • scopes (Optional[Sequence[str]]) – The list of Google permissions to obtain for getting access to the Google profile. Default: [ profile ]

ExampleMetadata:

infused

Example:

userpool = cognito.UserPool(self, "Pool")
secret = secretsmanager.Secret.from_secret_attributes(self, "CognitoClientSecret",
    secret_complete_arn="arn:aws:secretsmanager:xxx:xxx:secret:xxx-xxx"
).secret_value

provider = cognito.UserPoolIdentityProviderGoogle(self, "Google",
    client_id="amzn-client-id",
    client_secret_value=secret,
    user_pool=userpool
)

Attributes

attribute_mapping

Mapping attributes from the identity provider to standard and custom attributes of the user pool.

Default:

  • no attribute mapping

client_id

The client id recognized by Google APIs.

See:

https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id

client_secret

(deprecated) The client secret to be accompanied with clientId for Google APIs to authenticate the client.

Default:

none

Deprecated:

use clientSecretValue instead

See:

https://developers.google.com/identity/sign-in/web/sign-in

Stability:

deprecated

client_secret_value

The client secret to be accompanied with clientId for Google APIs to authenticate the client as SecretValue.

Default:

none

See:

https://developers.google.com/identity/sign-in/web/sign-in

scopes

The list of Google permissions to obtain for getting access to the Google profile.

Default:

[ profile ]

See:

https://developers.google.com/identity/sign-in/web/sign-in

user_pool

The user pool to which this construct provides identities.