Class OAuthScope
OAuth scopes that are allowed with this client.
Inheritance
Namespace: Amazon.CDK.AWS.Cognito
Assembly: Amazon.CDK.AWS.Cognito.dll
Syntax (csharp)
public class OAuthScope : DeputyBase
Syntax (vb)
Public Class OAuthScope
Inherits DeputyBase
Remarks
See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
ExampleMetadata: infused
Examples
var pool = new UserPool(this, "Pool");
var readOnlyScope = new ResourceServerScope(new ResourceServerScopeProps { ScopeName = "read", ScopeDescription = "Read-only access" });
var fullAccessScope = new ResourceServerScope(new ResourceServerScopeProps { ScopeName = "*", ScopeDescription = "Full access" });
var userServer = pool.AddResourceServer("ResourceServer", new UserPoolResourceServerOptions {
Identifier = "users",
Scopes = new [] { readOnlyScope, fullAccessScope }
});
var readOnlyClient = pool.AddClient("read-only-client", new UserPoolClientOptions {
// ...
OAuth = new OAuthSettings {
// ...
Scopes = new [] { OAuthScope.ResourceServer(userServer, readOnlyScope) }
}
});
var fullAccessClient = pool.AddClient("full-access-client", new UserPoolClientOptions {
// ...
OAuth = new OAuthSettings {
// ...
Scopes = new [] { OAuthScope.ResourceServer(userServer, fullAccessScope) }
}
});
Synopsis
Constructors
OAuthScope(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
OAuthScope(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
Properties
COGNITO_ADMIN | Grants access to Amazon Cognito User Pool API operations that require access tokens, such as UpdateUserAttributes and VerifyUserAttribute. |
Grants access to the 'email' and 'email_verified' claims. |
|
OPENID | Returns all user attributes in the ID token that are readable by the client. |
PHONE | Grants access to the 'phone_number' and 'phone_number_verified' claims. |
PROFILE | Grants access to all user attributes that are readable by the client Automatically includes access to |
ScopeName | The name of this scope as recognized by CloudFormation. |
Methods
Custom(String) | Custom scope is one that you define for your own resource server in the Resource Servers. |
ResourceServer(IUserPoolResourceServer, ResourceServerScope) | Adds a custom scope that's tied to a resource server in your stack. |
Constructors
OAuthScope(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected OAuthScope(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
OAuthScope(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected OAuthScope(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
Properties
COGNITO_ADMIN
Grants access to Amazon Cognito User Pool API operations that require access tokens, such as UpdateUserAttributes and VerifyUserAttribute.
public static OAuthScope COGNITO_ADMIN { get; }
Property Value
Grants access to the 'email' and 'email_verified' claims.
public static OAuthScope EMAIL { get; }
Property Value
Remarks
Automatically includes access to OAuthScope.OPENID
.
OPENID
Returns all user attributes in the ID token that are readable by the client.
public static OAuthScope OPENID { get; }
Property Value
PHONE
Grants access to the 'phone_number' and 'phone_number_verified' claims.
public static OAuthScope PHONE { get; }
Property Value
Remarks
Automatically includes access to OAuthScope.OPENID
.
PROFILE
Grants access to all user attributes that are readable by the client Automatically includes access to OAuthScope.OPENID
.
public static OAuthScope PROFILE { get; }
Property Value
ScopeName
The name of this scope as recognized by CloudFormation.
public virtual string ScopeName { get; }
Property Value
System.String
Remarks
Methods
Custom(String)
Custom scope is one that you define for your own resource server in the Resource Servers.
public static OAuthScope Custom(string name)
Parameters
- name System.String
Returns
Remarks
The format is 'resource-server-identifier/scope'.
ResourceServer(IUserPoolResourceServer, ResourceServerScope)
Adds a custom scope that's tied to a resource server in your stack.
public static OAuthScope ResourceServer(IUserPoolResourceServer server, ResourceServerScope scope)
Parameters
- server IUserPoolResourceServer
- scope ResourceServerScope
Returns