Menu
Amazon Cognito Identity Provider
API Reference (API Version 2016-04-18)

CreateUserPoolClient

Creates the user pool client.

Request Syntax

{ "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientName": "string", "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "GenerateSecret": boolean, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

AllowedOAuthFlows

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to token to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 3 items.

Valid Values: code | implicit | client_credentials

Required: No

AllowedOAuthFlowsUserPoolClient

Set to True if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

Type: Boolean

Required: No

AllowedOAuthScopes

A list of allowed OAuth scopes. Currently supported values are "phone", "email", "openid", and "Cognito".

Type: Array of strings

Array Members: Maximum number of 25 items.

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: [\x21\x23-\x5B\x5D-\x7E]+

Required: No

AnalyticsConfiguration

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

Type: AnalyticsConfigurationType object

Required: No

CallbackURLs

A list of allowed callback URLs for the identity providers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: No

ClientName

The client name for the user pool client you would like to create.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w\s+=,.@-]+

Required: Yes

DefaultRedirectURI

The default redirect URI. Must be in the CallbackURLs list.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: No

ExplicitAuthFlows

The explicit authentication flows.

Type: Array of strings

Valid Values: ADMIN_NO_SRP_AUTH | CUSTOM_AUTH_FLOW_ONLY

Required: No

GenerateSecret

Boolean to specify whether you want to generate a secret for the user pool client being created.

Type: Boolean

Required: No

LogoutURLs

A list of allowed logout URLs for the identity providers.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 100 items.

Length Constraints: Minimum length of 1. Maximum length of 1024.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: No

ReadAttributes

The read attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

RefreshTokenValidity

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

Type: Integer

Valid Range: Minimum value of 0. Maximum value of 3650.

Required: No

SupportedIdentityProviders

A list of provider names for the identity providers that are supported on this client.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: [\p{L}\p{M}\p{S}\p{N}\p{P}]+

Required: No

UserPoolId

The user pool ID for the user pool where you want to create a user pool client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

WriteAttributes

The write attributes.

Type: Array of strings

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Response Syntax

{ "UserPoolClient": { "AllowedOAuthFlows": [ "string" ], "AllowedOAuthFlowsUserPoolClient": boolean, "AllowedOAuthScopes": [ "string" ], "AnalyticsConfiguration": { "ApplicationId": "string", "ExternalId": "string", "RoleArn": "string", "UserDataShared": boolean }, "CallbackURLs": [ "string" ], "ClientId": "string", "ClientName": "string", "ClientSecret": "string", "CreationDate": number, "DefaultRedirectURI": "string", "ExplicitAuthFlows": [ "string" ], "LastModifiedDate": number, "LogoutURLs": [ "string" ], "ReadAttributes": [ "string" ], "RefreshTokenValidity": number, "SupportedIdentityProviders": [ "string" ], "UserPoolId": "string", "WriteAttributes": [ "string" ] } }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

UserPoolClient

The user pool client that was just created.

Type: UserPoolClientType object

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalErrorException

This exception is thrown when Amazon Cognito encounters an internal error.

HTTP Status Code: 500

InvalidOAuthFlowException

This exception is thrown when the specified OAuth flow is invalid.

HTTP Status Code: 400

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

HTTP Status Code: 400

LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

HTTP Status Code: 400

NotAuthorizedException

This exception is thrown when a user is not authorized.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service cannot find the requested resource.

HTTP Status Code: 400

ScopeDoesNotExistException

This exception is thrown when the specified scope does not exist.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: