UserPoolIdentityProviderOidcProps

class aws_cdk.aws_cognito.UserPoolIdentityProviderOidcProps(*, user_pool, attribute_mapping=None, client_id, client_secret, issuer_url, attribute_request_method=None, endpoints=None, identifiers=None, name=None, scopes=None)

Bases: UserPoolIdentityProviderProps

Properties to initialize UserPoolIdentityProviderOidc.

Parameters:

user_pool (IUserPool) – The user pool to which this construct provides identities.
attribute_mapping (Union[AttributeMapping, Dict[str, Any], None]) – Mapping attributes from the identity provider to standard and custom attributes of the user pool. Default: - no attribute mapping
client_id (str) – The client id.
client_secret (str) – The client secret.
issuer_url (str) – Issuer URL.
attribute_request_method (Optional[OidcAttributeRequestMethod]) – The method to use to request attributes. Default: OidcAttributeRequestMethod.GET
endpoints (Union[OidcEndpoints, Dict[str, Any], None]) – OpenID connect endpoints. Default: - auto discovered with issuer URL
identifiers (Optional[Sequence[str]]) – Identifiers. Identifiers can be used to redirect users to the correct IdP in multitenant apps. Default: - no identifiers used
name (Optional[str]) – The name of the provider. Default: - the unique ID of the construct
scopes (Optional[Sequence[str]]) – The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app. Default: [‘openid’]

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_cognito as cognito

# provider_attribute: cognito.ProviderAttribute
# user_pool: cognito.UserPool

user_pool_identity_provider_oidc_props = cognito.UserPoolIdentityProviderOidcProps(
    client_id="clientId",
    client_secret="clientSecret",
    issuer_url="issuerUrl",
    user_pool=user_pool,

    # the properties below are optional
    attribute_mapping=cognito.AttributeMapping(
        address=provider_attribute,
        birthdate=provider_attribute,
        custom={
            "custom_key": provider_attribute
        },
        email=provider_attribute,
        email_verified=provider_attribute,
        family_name=provider_attribute,
        fullname=provider_attribute,
        gender=provider_attribute,
        given_name=provider_attribute,
        last_update_time=provider_attribute,
        locale=provider_attribute,
        middle_name=provider_attribute,
        nickname=provider_attribute,
        phone_number=provider_attribute,
        preferred_username=provider_attribute,
        profile_page=provider_attribute,
        profile_picture=provider_attribute,
        timezone=provider_attribute,
        website=provider_attribute
    ),
    attribute_request_method=cognito.OidcAttributeRequestMethod.GET,
    endpoints=cognito.OidcEndpoints(
        authorization="authorization",
        jwks_uri="jwksUri",
        token="token",
        user_info="userInfo"
    ),
    identifiers=["identifiers"],
    name="name",
    scopes=["scopes"]
)

Attributes

attribute_mapping

Mapping attributes from the identity provider to standard and custom attributes of the user pool.

Default:

no attribute mapping

attribute_request_method

The method to use to request attributes.

Default:: OidcAttributeRequestMethod.GET

client_id: The client id.

client_secret: The client secret.

endpoints

OpenID connect endpoints.

Default:

auto discovered with issuer URL

identifiers

Identifiers.

Identifiers can be used to redirect users to the correct IdP in multitenant apps.

Default:

no identifiers used

issuer_url: Issuer URL.

name

The name of the provider.

Default:

the unique ID of the construct

scopes

The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app.

Default:: [‘openid’]

user_pool: The user pool to which this construct provides identities.