pulumi-aws-kotlin/com.pulumi.aws.cognito.kotlin/UserPoolClientArgs

UserPoolClientArgs

data class UserPoolClientArgs(val accessTokenValidity: Output<Int>? = null, val allowedOauthFlows: Output<List<String>>? = null, val allowedOauthFlowsUserPoolClient: Output<Boolean>? = null, val allowedOauthScopes: Output<List<String>>? = null, val analyticsConfiguration: Output<UserPoolClientAnalyticsConfigurationArgs>? = null, val authSessionValidity: Output<Int>? = null, val callbackUrls: Output<List<String>>? = null, val defaultRedirectUri: Output<String>? = null, val enablePropagateAdditionalUserContextData: Output<Boolean>? = null, val enableTokenRevocation: Output<Boolean>? = null, val explicitAuthFlows: Output<List<String>>? = null, val generateSecret: Output<Boolean>? = null, val idTokenValidity: Output<Int>? = null, val logoutUrls: Output<List<String>>? = null, val name: Output<String>? = null, val preventUserExistenceErrors: Output<String>? = null, val readAttributes: Output<List<String>>? = null, val refreshTokenValidity: Output<Int>? = null, val supportedIdentityProviders: Output<List<String>>? = null, val tokenValidityUnits: Output<UserPoolClientTokenValidityUnitsArgs>? = null, val userPoolId: Output<String>? = null, val writeAttributes: Output<List<String>>? = null) : ConvertibleToJava<UserPoolClientArgs>

Provides a Cognito User Pool Client resource.

Example Usage

Create a basic user pool client

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pool = new UserPool("pool");
        var client = new UserPoolClient("client", UserPoolClientArgs.builder()
            .userPoolId(pool.id())
            .build());
    }
}

Create a user pool client with no SRP authentication

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pool = new UserPool("pool");
        var client = new UserPoolClient("client", UserPoolClientArgs.builder()
            .userPoolId(pool.id())
            .generateSecret(true)
            .explicitAuthFlows("ADMIN_NO_SRP_AUTH")
            .build());
    }
}

Create a user pool client with pinpoint analytics

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.pinpoint.App;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import com.pulumi.aws.cognito.inputs.UserPoolClientAnalyticsConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var current = AwsFunctions.getCallerIdentity();
        var testUserPool = new UserPool("testUserPool");
        var testApp = new App("testApp");
        var testRole = new Role("testRole", RoleArgs.builder()
            .assumeRolePolicy("""
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "cognito-idp.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
            """)
            .build());
        var testRolePolicy = new RolePolicy("testRolePolicy", RolePolicyArgs.builder()
            .role(testRole.id())
            .policy(testApp.applicationId().applyValue(applicationId -> """
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "mobiletargeting:UpdateEndpoint",
        "mobiletargeting:PutItems"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:mobiletargeting:*:%s:apps/%s*"
    }
  ]
}
", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),applicationId)))
            .build());
        var testUserPoolClient = new UserPoolClient("testUserPoolClient", UserPoolClientArgs.builder()
            .userPoolId(testUserPool.id())
            .analyticsConfiguration(UserPoolClientAnalyticsConfigurationArgs.builder()
                .applicationId(testApp.applicationId())
                .externalId("some_id")
                .roleArn(testRole.arn())
                .userDataShared(true)
                .build())
            .build());
    }
}

Create a user pool client with Cognito as the identity provider

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var pool = new UserPool("pool");
        var userpoolClient = new UserPoolClient("userpoolClient", UserPoolClientArgs.builder()
            .userPoolId(pool.id())
            .callbackUrls("https://example.com")
            .allowedOauthFlowsUserPoolClient(true)
            .allowedOauthFlows(
                "code",
                "implicit")
            .allowedOauthScopes(
                "email",
                "openid")
            .supportedIdentityProviders("COGNITO")
            .build());
    }
}

Import

Cognito User Pool Clients can be imported using the id of the Cognito User Pool, and the id of the Cognito User Pool Client, e.g.,

$ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko

Constructors

UserPoolClientArgs

fun UserPoolClientArgs(accessTokenValidity: Output<Int>? = null, allowedOauthFlows: Output<List<String>>? = null, allowedOauthFlowsUserPoolClient: Output<Boolean>? = null, allowedOauthScopes: Output<List<String>>? = null, analyticsConfiguration: Output<UserPoolClientAnalyticsConfigurationArgs>? = null, authSessionValidity: Output<Int>? = null, callbackUrls: Output<List<String>>? = null, defaultRedirectUri: Output<String>? = null, enablePropagateAdditionalUserContextData: Output<Boolean>? = null, enableTokenRevocation: Output<Boolean>? = null, explicitAuthFlows: Output<List<String>>? = null, generateSecret: Output<Boolean>? = null, idTokenValidity: Output<Int>? = null, logoutUrls: Output<List<String>>? = null, name: Output<String>? = null, preventUserExistenceErrors: Output<String>? = null, readAttributes: Output<List<String>>? = null, refreshTokenValidity: Output<Int>? = null, supportedIdentityProviders: Output<List<String>>? = null, tokenValidityUnits: Output<UserPoolClientTokenValidityUnitsArgs>? = null, userPoolId: Output<String>? = null, writeAttributes: Output<List<String>>? = null)

Functions

toJava

open override fun toJava(): UserPoolClientArgs

Properties

accessTokenValidity

val accessTokenValidity: Output<Int>? = null

Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token_validity_units.

allowedOauthFlows

val allowedOauthFlows: Output<List<String>>? = null

List of allowed OAuth flows (code, implicit, client_credentials).

allowedOauthFlowsUserPoolClient

val allowedOauthFlowsUserPoolClient: Output<Boolean>? = null

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

allowedOauthScopes

val allowedOauthScopes: Output<List<String>>? = null

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

analyticsConfiguration

val analyticsConfiguration: Output<UserPoolClientAnalyticsConfigurationArgs>? = null

Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

authSessionValidity

val authSessionValidity: Output<Int>? = null

Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

callbackUrls

val callbackUrls: Output<List<String>>? = null

List of allowed callback URLs for the identity providers.

defaultRedirectUri

val defaultRedirectUri: Output<String>? = null

Default redirect URI. Must be in the list of callback URLs.

enablePropagateAdditionalUserContextData

val enablePropagateAdditionalUserContextData: Output<Boolean>? = null

Activates the propagation of additional user context data.

enableTokenRevocation

val enableTokenRevocation: Output<Boolean>? = null

Enables or disables token revocation.

explicitAuthFlows

val explicitAuthFlows: Output<List<String>>? = null

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

generateSecret

val generateSecret: Output<Boolean>? = null

Should an application secret be generated.

idTokenValidity

val idTokenValidity: Output<Int>? = null

Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in token_validity_units.

logoutUrls

val logoutUrls: Output<List<String>>? = null

List of allowed logout URLs for the identity providers.

name

val name: Output<String>? = null

Name of the application client.

preventUserExistenceErrors

val preventUserExistenceErrors: Output<String>? = null

Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

readAttributes

val readAttributes: Output<List<String>>? = null

List of user pool attributes the application client can read from.

refreshTokenValidity

val refreshTokenValidity: Output<Int>? = null

Time limit in days refresh tokens are valid for.

supportedIdentityProviders

val supportedIdentityProviders: Output<List<String>>? = null

List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

tokenValidityUnits

val tokenValidityUnits: Output<UserPoolClientTokenValidityUnitsArgs>? = null

Configuration block for units in which the validity times are represented in. Detailed below.

userPoolId

val userPoolId: Output<String>? = null

User pool the client belongs to.

writeAttributes

val writeAttributes: Output<List<String>>? = null

List of user pool attributes the application client can write to.