/AWS1/CL_CGPIDENTITYPVDRTYPE¶
A container for information about an IdP.
CONSTRUCTOR¶
IMPORTING¶
Optional arguments:¶
IV_USERPOOLID TYPE /AWS1/CGPUSERPOOLIDTYPE /AWS1/CGPUSERPOOLIDTYPE¶
The user pool ID.
IV_PROVIDERNAME TYPE /AWS1/CGPPROVIDERNAMETYPE /AWS1/CGPPROVIDERNAMETYPE¶
The IdP name.
IV_PROVIDERTYPE TYPE /AWS1/CGPIDENTITYPVDRTYPETYPE /AWS1/CGPIDENTITYPVDRTYPETYPE¶
The IdP type.
IT_PROVIDERDETAILS TYPE /AWS1/CL_CGPPVDRDETAILSTYPE_W=>TT_PROVIDERDETAILSTYPE TT_PROVIDERDETAILSTYPE¶
The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopesvalues must match the values listed here.
- OpenID Connect (OIDC)
Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }- SAML
Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
"MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }The value of
MetadataFilemust be the plaintext metadata document with all quote (") characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }- LoginWithAmazon
Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }- SignInWithApple
Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
IT_ATTRIBUTEMAPPING TYPE /AWS1/CL_CGPATTRMAPPINGTYPE_W=>TT_ATTRIBUTEMAPPINGTYPE TT_ATTRIBUTEMAPPINGTYPE¶
A mapping of IdP attributes to standard and custom user pool attributes.
IT_IDPIDENTIFIERS TYPE /AWS1/CL_CGPIDPIDSLISTTYPE_W=>TT_IDPIDENTIFIERSLISTTYPE TT_IDPIDENTIFIERSLISTTYPE¶
A list of IdP identifiers.
IV_LASTMODIFIEDDATE TYPE /AWS1/CGPDATETYPE /AWS1/CGPDATETYPE¶
The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.
IV_CREATIONDATE TYPE /AWS1/CGPDATETYPE /AWS1/CGPDATETYPE¶
The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.
Queryable Attributes¶
UserPoolId¶
The user pool ID.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_USERPOOLID() |
Getter for USERPOOLID, with configurable default |
ASK_USERPOOLID() |
Getter for USERPOOLID w/ exceptions if field has no value |
HAS_USERPOOLID() |
Determine if USERPOOLID has a value |
ProviderName¶
The IdP name.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PROVIDERNAME() |
Getter for PROVIDERNAME, with configurable default |
ASK_PROVIDERNAME() |
Getter for PROVIDERNAME w/ exceptions if field has no value |
HAS_PROVIDERNAME() |
Determine if PROVIDERNAME has a value |
ProviderType¶
The IdP type.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PROVIDERTYPE() |
Getter for PROVIDERTYPE, with configurable default |
ASK_PROVIDERTYPE() |
Getter for PROVIDERTYPE w/ exceptions if field has no value |
HAS_PROVIDERTYPE() |
Determine if PROVIDERTYPE has a value |
ProviderDetails¶
The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopesvalues must match the values listed here.
- OpenID Connect (OIDC)
Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }- SAML
Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true",
"MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }The value of
MetadataFilemust be the plaintext metadata document with all quote (") characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }- LoginWithAmazon
Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }- SignInWithApple
Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_PROVIDERDETAILS() |
Getter for PROVIDERDETAILS, with configurable default |
ASK_PROVIDERDETAILS() |
Getter for PROVIDERDETAILS w/ exceptions if field has no val |
HAS_PROVIDERDETAILS() |
Determine if PROVIDERDETAILS has a value |
AttributeMapping¶
A mapping of IdP attributes to standard and custom user pool attributes.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_ATTRIBUTEMAPPING() |
Getter for ATTRIBUTEMAPPING, with configurable default |
ASK_ATTRIBUTEMAPPING() |
Getter for ATTRIBUTEMAPPING w/ exceptions if field has no va |
HAS_ATTRIBUTEMAPPING() |
Determine if ATTRIBUTEMAPPING has a value |
IdpIdentifiers¶
A list of IdP identifiers.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_IDPIDENTIFIERS() |
Getter for IDPIDENTIFIERS, with configurable default |
ASK_IDPIDENTIFIERS() |
Getter for IDPIDENTIFIERS w/ exceptions if field has no valu |
HAS_IDPIDENTIFIERS() |
Determine if IDPIDENTIFIERS has a value |
LastModifiedDate¶
The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_LASTMODIFIEDDATE() |
Getter for LASTMODIFIEDDATE, with configurable default |
ASK_LASTMODIFIEDDATE() |
Getter for LASTMODIFIEDDATE w/ exceptions if field has no va |
HAS_LASTMODIFIEDDATE() |
Determine if LASTMODIFIEDDATE has a value |
CreationDate¶
The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.
Accessible with the following methods¶
| Method | Description |
|---|---|
GET_CREATIONDATE() |
Getter for CREATIONDATE, with configurable default |
ASK_CREATIONDATE() |
Getter for CREATIONDATE w/ exceptions if field has no value |
HAS_CREATIONDATE() |
Determine if CREATIONDATE has a value |