UserPoolClientOptions¶
-
class
aws_cdk.aws_cognito.
UserPoolClientOptions
(*, access_token_validity=None, auth_flows=None, disable_o_auth=None, enable_token_revocation=None, generate_secret=None, id_token_validity=None, o_auth=None, prevent_user_existence_errors=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_client_name=None, write_attributes=None)¶ Bases:
object
Options to create a UserPoolClient.
- Parameters
access_token_validity (
Optional
[Duration
]) – Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)auth_flows (
Optional
[AuthFlow
]) – The set of OAuth authentication flows to enable on the client. Default: - all auth flows disableddisable_o_auth (
Optional
[bool
]) – Turns off all OAuth interactions for this client. Default: falseenable_token_revocation (
Optional
[bool
]) – Enable token revocation for this client. Default: true for new user pool clientsgenerate_secret (
Optional
[bool
]) – Whether to generate a client secret. Default: falseid_token_validity (
Optional
[Duration
]) – Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)o_auth (
Optional
[OAuthSettings
]) – OAuth settings for this client to interact with the app. An error is thrown when this is specified anddisableOAuth
is set. Default: - see defaults inOAuthSettings
. meaningless ifdisableOAuth
is set.prevent_user_existence_errors (
Optional
[bool
]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: falseread_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to read. Default: - all standard and custom attributesrefresh_token_validity (
Optional
[Duration
]) – Validity of the refresh token. Values between 60 minutes and 10 years are valid. Default: Duration.days(30)supported_identity_providers (
Optional
[Sequence
[UserPoolClientIdentityProvider
]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using theUserPool.registerIdentityProvider()
API.user_pool_client_name (
Optional
[str
]) – Name of the application client. Default: - cloudformation generated namewrite_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to write. Default: - all standard and custom attributes
- ExampleMetadata
infused
Example:
pool = cognito.UserPool(self, "Pool") pool.add_client("app-client", o_auth=cognito.OAuthSettings( flows=cognito.OAuthFlows( authorization_code_grant=True ), scopes=[cognito.OAuthScope.OPENID], callback_urls=["https://my-app-domain.com/welcome"], logout_urls=["https://my-app-domain.com/signin"] ) )
Attributes
-
access_token_validity
¶ Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
- Default
Duration.minutes(60)
- See
- Return type
Optional
[Duration
]
-
auth_flows
¶ The set of OAuth authentication flows to enable on the client.
- Default
all auth flows disabled
- See
- Return type
Optional
[AuthFlow
]
-
disable_o_auth
¶ Turns off all OAuth interactions for this client.
- Default
false
- Return type
Optional
[bool
]
-
enable_token_revocation
¶ Enable token revocation for this client.
- Default
true for new user pool clients
- See
- Return type
Optional
[bool
]
-
generate_secret
¶ Whether to generate a client secret.
- Default
false
- Return type
Optional
[bool
]
-
id_token_validity
¶ Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
- Default
Duration.minutes(60)
- See
- Return type
Optional
[Duration
]
-
o_auth
¶ OAuth settings for this client to interact with the app.
An error is thrown when this is specified and
disableOAuth
is set.- Default
see defaults in
OAuthSettings
. meaningless ifdisableOAuth
is set.
- Return type
Optional
[OAuthSettings
]
-
prevent_user_existence_errors
¶ Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence.
- Default
false
- See
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
- Return type
Optional
[bool
]
-
read_attributes
¶ The set of attributes this client will be able to read.
- Default
all standard and custom attributes
- See
- Return type
Optional
[ClientAttributes
]
-
refresh_token_validity
¶ Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
- Default
Duration.days(30)
- See
- Return type
Optional
[Duration
]
-
supported_identity_providers
¶ The list of identity providers that users should be able to use to sign in using this client.
- Default
supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the
UserPool.registerIdentityProvider()
API.- Return type
Optional
[List
[UserPoolClientIdentityProvider
]]
-
user_pool_client_name
¶ Name of the application client.
- Default
cloudformation generated name
- Return type
Optional
[str
]
-
write_attributes
¶ The set of attributes this client will be able to write.
- Default
all standard and custom attributes
- See
- Return type
Optional
[ClientAttributes
]