cognitoidentityprovider/aws.sdk.kotlin.services.cognitoidentityprovider/CognitoIdentityProviderClient/createUserPoolClient

createUserPoolClient

abstract suspend fun createUserPoolClient(input: CreateUserPoolClientRequest): CreateUserPoolClientResponse

Creates an app client in a user pool. This operation sets basic and advanced configuration options.

Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.

If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

Samples

// The following example creates an app client with all configurable properties set to an example
// value. The resulting user pool client connects to an analytics client, allows sign in with username and
// password, and has two external identity providers associated with it.
val resp = cognitoIdentityProviderClient.createUserPoolClient {
    accessTokenValidity = 6
    allowedOAuthFlows = listOf<OAuthFlowType>(
        OAuthFlowType.fromValue("code")
    )
    allowedOAuthFlowsUserPoolClient = true
    allowedOAuthScopes = listOf<String>(
        "aws.cognito.signin.user.admin",
        "openid"
    )
    analyticsConfiguration = AnalyticsConfigurationType {
        applicationId = "d70b2ba36a8c4dc5a04a0451a31a1e12"
        externalId = "my-external-id"
        roleArn = "arn:aws:iam::123456789012:role/test-cognitouserpool-role"
        userDataShared = true
    }
    callbackUrls = listOf<String>(
        "https://example.com",
        "http://localhost",
        "myapp://example"
    )
    clientName = "my-test-app-client"
    defaultRedirectUri = "https://example.com"
    explicitAuthFlows = listOf<ExplicitAuthFlowsType>(
        ExplicitAuthFlowsType.fromValue("ALLOW_ADMIN_USER_PASSWORD_AUTH"),
        ExplicitAuthFlowsType.fromValue("ALLOW_USER_PASSWORD_AUTH"),
        ExplicitAuthFlowsType.fromValue("ALLOW_REFRESH_TOKEN_AUTH")
    )
    generateSecret = true
    idTokenValidity = 6
    logoutUrls = listOf<String>(
        "https://example.com/logout"
    )
    preventUserExistenceErrors = PreventUserExistenceErrorTypes.fromValue("ENABLED")
    readAttributes = listOf<String>(
        "email",
        "address",
        "preferred_username"
    )
    refreshTokenValidity = 6
    supportedIdentityProviders = listOf<String>(
        "SignInWithApple",
        "MySSO"
    )
    tokenValidityUnits = TokenValidityUnitsType {
        accessToken = TimeUnitsType.fromValue("hours")
        idToken = TimeUnitsType.fromValue("minutes")
        refreshToken = TimeUnitsType.fromValue("days")
    }
    userPoolId = "us-east-1_EXAMPLE"
    writeAttributes = listOf<String>(
        "family_name",
        "email"
    )
}