IUserPool

class aws_cdk.aws_cognito.IUserPool(*args, **kwds)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

Represents a Cognito UserPool.

Methods

add_client(id, *, access_token_validity=None, auth_flows=None, disable_o_auth=None, generate_secret=None, id_token_validity=None, o_auth=None, prevent_user_existence_errors=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_client_name=None, write_attributes=None)

Add a new app client to this user pool.

Parameters
  • id (str) –

  • access_token_validity (Optional[Duration]) – Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)

  • auth_flows (Optional[AuthFlow]) – The set of OAuth authentication flows to enable on the client. Default: - all auth flows disabled

  • disable_o_auth (Optional[bool]) – Turns off all OAuth interactions for this client. Default: false

  • generate_secret (Optional[bool]) – Whether to generate a client secret. Default: false

  • id_token_validity (Optional[Duration]) – Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)

  • o_auth (Optional[OAuthSettings]) – OAuth settings for this to client to interact with the app. An error is thrown when this is specified and disableOAuth is set. Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.

  • prevent_user_existence_errors (Optional[bool]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: true for new stacks

  • read_attributes (Optional[ClientAttributes]) – The set of attributes this client will be able to read. Default: - all standard and custom attributes

  • refresh_token_validity (Optional[Duration]) – Validity of the refresh token. Values between 60 minutes and 10 years are valid. Default: Duration.days(30)

  • supported_identity_providers (Optional[List[UserPoolClientIdentityProvider]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.

  • user_pool_client_name (Optional[str]) – Name of the application client. Default: - cloudformation generated name

  • write_attributes (Optional[ClientAttributes]) – The set of attributes this client will be able to write. Default: - all standard and custom attributes

See

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html

Return type

UserPoolClient

add_domain(id, *, cognito_domain=None, custom_domain=None)

Associate a domain to this user pool.

Parameters
  • id (str) –

  • cognito_domain (Optional[CognitoDomainOptions]) – Associate a cognito prefix domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if customDomain is specified, otherwise, throws an error.

  • custom_domain (Optional[CustomDomainOptions]) – Associate a custom domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if cognitoDomain is specified, otherwise, throws an error.

See

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html

Return type

UserPoolDomain

add_resource_server(id, *, identifier, scopes=None, user_pool_resource_server_name=None)

Add a new resource server to this user pool.

Parameters
  • id (str) –

  • identifier (str) – A unique resource server identifier for the resource server.

  • scopes (Optional[List[ResourceServerScope]]) – Oauth scopes. Default: - No scopes will be added

  • user_pool_resource_server_name (Optional[str]) – A friendly name for the resource server. Default: - same as identifier

See

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-resource-servers.html

Return type

UserPoolResourceServer

register_identity_provider(provider)

Register an identity provider with this user pool.

Parameters

provider (IUserPoolIdentityProvider) –

Return type

None

Attributes

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

Return type

ResourceEnvironment

identity_providers

Get all identity providers registered with this user pool.

Return type

List[IUserPoolIdentityProvider]

node

The construct tree node for this construct.

Return type

ConstructNode

stack

The stack in which this resource is defined.

Return type

Stack

user_pool_arn

The ARN of this user pool resource.

Attribute

true

Return type

str

user_pool_id

The physical ID of this user pool resource.

Attribute

true

Return type

str