Class UserPoolClientOptions
Options to create a UserPoolClient.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.Cognito
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class UserPoolClientOptions : Object, IUserPoolClientOptions
Syntax (vb)
Public Class UserPoolClientOptions
Inherits Object
Implements IUserPoolClientOptions
Remarks
ExampleMetadata: infused
Examples
var pool = new UserPool(this, "Pool");
pool.AddClient("app-client", new UserPoolClientOptions {
OAuth = new OAuthSettings {
Flows = new OAuthFlows {
AuthorizationCodeGrant = true
},
Scopes = new [] { OAuthScope.OPENID },
CallbackUrls = new [] { "https://my-app-domain.com/welcome" },
LogoutUrls = new [] { "https://my-app-domain.com/signin" }
}
});
Synopsis
Constructors
UserPoolClientOptions() |
Properties
AccessTokenValidity | Validity of the access token. |
AuthFlows | The set of OAuth authentication flows to enable on the client. |
AuthSessionValidity | Cognito creates a session token for each API request in an authentication flow. |
DisableOAuth | Turns off all OAuth interactions for this client. |
EnableTokenRevocation | Enable token revocation for this client. |
GenerateSecret | Whether to generate a client secret. |
IdTokenValidity | Validity of the ID token. |
OAuth | OAuth settings for this client to interact with the app. |
PreventUserExistenceErrors | Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence. |
ReadAttributes | The set of attributes this client will be able to read. |
RefreshTokenValidity | Validity of the refresh token. |
SupportedIdentityProviders | The list of identity providers that users should be able to use to sign in using this client. |
UserPoolClientName | Name of the application client. |
WriteAttributes | The set of attributes this client will be able to write. |
Constructors
UserPoolClientOptions()
public UserPoolClientOptions()
Properties
AccessTokenValidity
Validity of the access token.
public Duration AccessTokenValidity { get; set; }
Property Value
Remarks
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
Default: Duration.minutes(60)
AuthFlows
The set of OAuth authentication flows to enable on the client.
public IAuthFlow AuthFlows { get; set; }
Property Value
Remarks
Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
AuthSessionValidity
Cognito creates a session token for each API request in an authentication flow.
public Duration AuthSessionValidity { get; set; }
Property Value
Remarks
AuthSessionValidity is the duration, in minutes, of that session token.
see defaults in AuthSessionValidity
. Valid duration is from 3 to 15 minutes.
Default: - Duration.minutes(3)
DisableOAuth
Turns off all OAuth interactions for this client.
public Nullable<bool> DisableOAuth { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
EnableTokenRevocation
Enable token revocation for this client.
public Nullable<bool> EnableTokenRevocation { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: true for new user pool clients
GenerateSecret
Whether to generate a client secret.
public Nullable<bool> GenerateSecret { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
Default: false
IdTokenValidity
Validity of the ID token.
public Duration IdTokenValidity { get; set; }
Property Value
Remarks
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
Default: Duration.minutes(60)
OAuth
OAuth settings for this client to interact with the app.
public IOAuthSettings OAuth { get; set; }
Property Value
Remarks
An error is thrown when this is specified and disableOAuth
is set.
Default: - see defaults in OAuthSettings
. meaningless if disableOAuth
is set.
PreventUserExistenceErrors
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
public Nullable<bool> PreventUserExistenceErrors { get; set; }
Property Value
System.Nullable<System.Boolean>
Remarks
ReadAttributes
The set of attributes this client will be able to read.
public ClientAttributes ReadAttributes { get; set; }
Property Value
Remarks
Default: - all standard and custom attributes
RefreshTokenValidity
Validity of the refresh token.
public Duration RefreshTokenValidity { get; set; }
Property Value
Remarks
Values between 60 minutes and 10 years are valid.
Default: Duration.days(30)
SupportedIdentityProviders
The list of identity providers that users should be able to use to sign in using this client.
public UserPoolClientIdentityProvider[] SupportedIdentityProviders { get; set; }
Property Value
UserPoolClientIdentityProvider[]
Remarks
Default: - supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are
registered with the user pool using the UserPool.registerIdentityProvider()
API.
UserPoolClientName
Name of the application client.
public string UserPoolClientName { get; set; }
Property Value
System.String
Remarks
Default: - cloudformation generated name
WriteAttributes
The set of attributes this client will be able to write.
public ClientAttributes WriteAttributes { get; set; }
Property Value
Remarks
Default: - all standard and custom attributes