Package software.amazon.awscdk.services.cognito

Class OAuthScope

java.lang.Object

software.amazon.jsii.JsiiObject

software.amazon.awscdk.services.cognito.OAuthScope

All Implemented Interfaces:

software.amazon.jsii.JsiiSerializable

@Generated(value="jsii-pacmak/1.97.0 (build 729de35)",
           date="2024-04-24T21:00:27.505Z")
@Stability(Stable)
public class OAuthScope
extends software.amazon.jsii.JsiiObject

OAuth scopes that are allowed with this client.

Example:

 UserPool pool = new UserPool(this, "Pool");
 ResourceServerScope readOnlyScope = ResourceServerScope.Builder.create().scopeName("read").scopeDescription("Read-only access").build();
 ResourceServerScope fullAccessScope = ResourceServerScope.Builder.create().scopeName("*").scopeDescription("Full access").build();
 UserPoolResourceServer userServer = pool.addResourceServer("ResourceServer", UserPoolResourceServerOptions.builder()
         .identifier("users")
         .scopes(List.of(readOnlyScope, fullAccessScope))
         .build());
 UserPoolClient readOnlyClient = pool.addClient("read-only-client", UserPoolClientOptions.builder()
         // ...
         .oAuth(OAuthSettings.builder()
                 // ...
                 .scopes(List.of(OAuthScope.resourceServer(userServer, readOnlyScope)))
                 .build())
         .build());
 UserPoolClient fullAccessClient = pool.addClient("full-access-client", UserPoolClientOptions.builder()
         // ...
         .oAuth(OAuthSettings.builder()
                 // ...
                 .scopes(List.of(OAuthScope.resourceServer(userServer, fullAccessScope)))
                 .build())
         .build());
 

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Field Summary

Fields

Modifier and Type	Field	Description
static final OAuthScope	COGNITO_ADMIN	Grants access to Amazon Cognito User Pool API operations that require access tokens, such as UpdateUserAttributes and VerifyUserAttribute.
static final OAuthScope	EMAIL	Grants access to the 'email' and 'email_verified' claims.
static final OAuthScope	OPENID	Returns all user attributes in the ID token that are readable by the client.
static final OAuthScope	PHONE	Grants access to the 'phone_number' and 'phone_number_verified' claims.
static final OAuthScope	PROFILE	Grants access to all user attributes that are readable by the client Automatically includes access to OAuthScope.OPENID.

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OAuthScope(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	OAuthScope(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method	Description
static OAuthScope	custom(String name)	Custom scope is one that you define for your own resource server in the Resource Servers.
String	getScopeName()	The name of this scope as recognized by CloudFormation.
static OAuthScope	resourceServer(IUserPoolResourceServer server, ResourceServerScope scope)	Adds a custom scope that's tied to a resource server in your stack.

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Details

COGNITO_ADMIN

@Stability(Stable)
public static final OAuthScope COGNITO_ADMIN

Grants access to Amazon Cognito User Pool API operations that require access tokens, such as UpdateUserAttributes and VerifyUserAttribute.

EMAIL

@Stability(Stable)
public static final OAuthScope EMAIL

Grants access to the 'email' and 'email_verified' claims.

Automatically includes access to OAuthScope.OPENID.

OPENID

@Stability(Stable)
public static final OAuthScope OPENID

Returns all user attributes in the ID token that are readable by the client.

PHONE

@Stability(Stable)
public static final OAuthScope PHONE

Grants access to the 'phone_number' and 'phone_number_verified' claims.

Automatically includes access to OAuthScope.OPENID.

PROFILE

@Stability(Stable)
public static final OAuthScope PROFILE

Grants access to all user attributes that are readable by the client Automatically includes access to OAuthScope.OPENID.

Constructor Details

OAuthScope

protected OAuthScope(software.amazon.jsii.JsiiObjectRef objRef)

OAuthScope

protected OAuthScope(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Method Details

custom

@Stability(Stable)
@NotNull
public static OAuthScope custom(@NotNull
 String name)

Custom scope is one that you define for your own resource server in the Resource Servers.

The format is 'resource-server-identifier/scope'.

Parameters:

name - This parameter is required.

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html

resourceServer

@Stability(Stable)
@NotNull
public static OAuthScope resourceServer(@NotNull
 IUserPoolResourceServer server,
 @NotNull
 ResourceServerScope scope)

Adds a custom scope that's tied to a resource server in your stack.

Parameters:

server - This parameter is required.

scope - This parameter is required.

getScopeName

@Stability(Stable)
@NotNull
public String getScopeName()

The name of this scope as recognized by CloudFormation.

See Also:

• https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes