UserPoolResourceServerOptions

class aws_cdk.aws_cognito.UserPoolResourceServerOptions(*, identifier, scopes=None, user_pool_resource_server_name=None)

Bases: object

Options to create a UserPoolResourceServer.

Parameters
  • identifier (str) – A unique resource server identifier for the resource server.

  • scopes (Optional[Sequence[ResourceServerScope]]) – Oauth scopes. Default: - No scopes will be added

  • user_pool_resource_server_name (Optional[str]) – A friendly name for the resource server. Default: - same as identifier

ExampleMetadata

infused

Example:

pool = cognito.UserPool(self, "Pool")

read_only_scope = cognito.ResourceServerScope(scope_name="read", scope_description="Read-only access")
full_access_scope = cognito.ResourceServerScope(scope_name="*", scope_description="Full access")

user_server = pool.add_resource_server("ResourceServer",
    identifier="users",
    scopes=[read_only_scope, full_access_scope]
)

read_only_client = pool.add_client("read-only-client",
    # ...
    o_auth=cognito.OAuthSettings(
        # ...
        scopes=[cognito.OAuthScope.resource_server(user_server, read_only_scope)]
    )
)

full_access_client = pool.add_client("full-access-client",
    # ...
    o_auth=cognito.OAuthSettings(
        # ...
        scopes=[cognito.OAuthScope.resource_server(user_server, full_access_scope)]
    )
)

Attributes

identifier

A unique resource server identifier for the resource server.

Return type

str

scopes

Oauth scopes.

Default
  • No scopes will be added

Return type

Optional[List[ResourceServerScope]]

user_pool_resource_server_name

A friendly name for the resource server.

Default
  • same as identifier

Return type

Optional[str]