explicit
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.
If you don't specify a value for
ExplicitAuthFlows, your user client supportsALLOW_REFRESH_TOKEN_AUTH,ALLOW_USER_SRP_AUTH, andALLOW_CUSTOM_AUTH. Valid values include:
ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flowADMIN_USER_PASSWORD_AUTH. This setting replaces theADMIN_NO_SRP_AUTHsetting. With this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens. In some environments, you will see the valuesADMIN_NO_SRP_AUTH,CUSTOM_AUTH_FLOW_ONLY, orUSER_PASSWORD_AUTH. You can't assign these legacyExplicitAuthFlowsvalues to user pool clients at the same time as values that begin withALLOW_, likeALLOW_USER_SRP_AUTH.