Package software.amazon.awscdk.services.cognito

Interface UserPoolClientOptions

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Subinterfaces:

UserPoolClientProps

All Known Implementing Classes:

UserPoolClientOptions.Jsii$Proxy, UserPoolClientProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-06-19T16:30:44.068Z")
@Stability(Stable)
public interface UserPoolClientOptions
extends software.amazon.jsii.JsiiSerializable

Options to create a UserPoolClient.

Example:

 UserPool pool = new UserPool(this, "Pool");
 pool.addClient("app-client", UserPoolClientOptions.builder()
         .oAuth(OAuthSettings.builder()
                 .flows(OAuthFlows.builder()
                         .authorizationCodeGrant(true)
                         .build())
                 .scopes(List.of(OAuthScope.OPENID))
                 .callbackUrls(List.of("https://my-app-domain.com/welcome"))
                 .logoutUrls(List.of("https://my-app-domain.com/signin"))
                 .build())
         .build());
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	UserPoolClientOptions.Builder	A builder for UserPoolClientOptions
static final class	UserPoolClientOptions.Jsii$Proxy	An implementation for UserPoolClientOptions

Method Summary

Modifier and Type	Method	Description
static UserPoolClientOptions.Builder	builder()
default Duration	getAccessTokenValidity()	Validity of the access token.
default AuthFlow	getAuthFlows()	The set of OAuth authentication flows to enable on the client.
default Boolean	getDisableOAuth()	Turns off all OAuth interactions for this client.
default Boolean	getEnableTokenRevocation()	Enable token revocation for this client.
default Boolean	getGenerateSecret()	Whether to generate a client secret.
default Duration	getIdTokenValidity()	Validity of the ID token.
default OAuthSettings	getOAuth()	OAuth settings for this client to interact with the app.
default Boolean	getPreventUserExistenceErrors()	Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
default ClientAttributes	getReadAttributes()	The set of attributes this client will be able to read.
default Duration	getRefreshTokenValidity()	Validity of the refresh token.
default List<UserPoolClientIdentityProvider>	getSupportedIdentityProviders()	The list of identity providers that users should be able to use to sign in using this client.
default String	getUserPoolClientName()	Name of the application client.
default ClientAttributes	getWriteAttributes()	The set of attributes this client will be able to write.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getAccessTokenValidity

@Stability(Stable)
@Nullable
default Duration getAccessTokenValidity()

Validity of the access token.

Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

Default: Duration.minutes(60)

See Also:

• https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token

getAuthFlows

@Stability(Stable)
@Nullable
default AuthFlow getAuthFlows()

The set of OAuth authentication flows to enable on the client.

Default: - all auth flows disabled

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html

getDisableOAuth

@Stability(Stable)
@Nullable
default Boolean getDisableOAuth()

Turns off all OAuth interactions for this client.

Default: false

getEnableTokenRevocation

@Stability(Stable)
@Nullable
default Boolean getEnableTokenRevocation()

Enable token revocation for this client.

Default: true for new user pool clients

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation

getGenerateSecret

@Stability(Stable)
@Nullable
default Boolean getGenerateSecret()

Whether to generate a client secret.

Default: false

getIdTokenValidity

@Stability(Stable)
@Nullable
default Duration getIdTokenValidity()

Validity of the ID token.

Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

Default: Duration.minutes(60)

See Also:

• https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token

getOAuth

@Stability(Stable)
@Nullable
default OAuthSettings getOAuth()

OAuth settings for this client to interact with the app.

An error is thrown when this is specified and disableOAuth is set.

Default: - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.

getPreventUserExistenceErrors

@Stability(Stable)
@Nullable
default Boolean getPreventUserExistenceErrors()

Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.

Default: false

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html

getReadAttributes

@Stability(Stable)
@Nullable
default ClientAttributes getReadAttributes()

The set of attributes this client will be able to read.

Default: - all standard and custom attributes

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes

getRefreshTokenValidity

@Stability(Stable)
@Nullable
default Duration getRefreshTokenValidity()

Validity of the refresh token.

Values between 60 minutes and 10 years are valid.

Default: Duration.days(30)

See Also:

• https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token

getSupportedIdentityProviders

@Stability(Stable)
@Nullable
default List<UserPoolClientIdentityProvider> getSupportedIdentityProviders()

The list of identity providers that users should be able to use to sign in using this client.

Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the `UserPool.registerIdentityProvider()` API.

getUserPoolClientName

@Stability(Stable)
@Nullable
default String getUserPoolClientName()

Name of the application client.

Default: - cloudformation generated name

getWriteAttributes

@Stability(Stable)
@Nullable
default ClientAttributes getWriteAttributes()

The set of attributes this client will be able to write.

Default: - all standard and custom attributes

See Also:

• https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes

builder

@Stability(Stable)
static UserPoolClientOptions.Builder builder()

Returns:

a UserPoolClientOptions.Builder of UserPoolClientOptions