Package software.amazon.awscdk.services.cognito

Class CfnUserPoolIdentityProvider.Builder

java.lang.Object
software.amazon.awscdk.services.cognito.CfnUserPoolIdentityProvider.Builder
All Implemented Interfaces:
software.amazon.jsii.Builder<CfnUserPoolIdentityProvider>
Enclosing class:
CfnUserPoolIdentityProvider
@Stability(Stable) public static final class CfnUserPoolIdentityProvider.Builder extends Object implements software.amazon.jsii.Builder<CfnUserPoolIdentityProvider>
A fluent builder for CfnUserPoolIdentityProvider.

  • Method Details

    • create

      @Stability(Stable) public static CfnUserPoolIdentityProvider.Builder create(software.constructs.Construct scope, String id)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      Returns:
      a new instance of CfnUserPoolIdentityProvider.Builder.

    • providerDetails

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder providerDetails(Object providerDetails)
      The scopes, URLs, and identifiers for your external identity provider.

      The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP authorize_scopes values must match the values listed here.

      • OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

      Create or update request: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

      Describe response: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

      • SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

      Create or update request with Metadata file: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }

      The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

      Describe response: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }

      • LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

      Describe response: "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }

      • Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

      Describe response: "ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }

      • SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

      Describe response: "ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }

      • Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

      Describe response: "ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }

      Parameters:
      providerDetails - The scopes, URLs, and identifiers for your external identity provider. This parameter is required.
      Returns:
      this
      See Also:

    • providerName

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder providerName(String providerName)
      The IdP name.

      Parameters:
      providerName - The IdP name. This parameter is required.
      Returns:
      this
      See Also:

    • providerType

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder providerType(String providerType)
      The IdP type.

      Parameters:
      providerType - The IdP type. This parameter is required.
      Returns:
      this
      See Also:

    • userPoolId

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder userPoolId(String userPoolId)
      The user pool ID.

      Parameters:
      userPoolId - The user pool ID. This parameter is required.
      Returns:
      this
      See Also:

    • attributeMapping

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder attributeMapping(Object attributeMapping)
      A mapping of IdP attributes to standard and custom user pool attributes.

      Parameters:
      attributeMapping - A mapping of IdP attributes to standard and custom user pool attributes. This parameter is required.
      Returns:
      this
      See Also:

    • idpIdentifiers

      @Stability(Stable) public CfnUserPoolIdentityProvider.Builder idpIdentifiers(List<String> idpIdentifiers)
      A list of IdP identifiers.

      Parameters:
      idpIdentifiers - A list of IdP identifiers. This parameter is required.
      Returns:
      this
      See Also:

    • build

      @Stability(Stable) public CfnUserPoolIdentityProvider build()
      Specified by:
      build in interface software.amazon.jsii.Builder<CfnUserPoolIdentityProvider>
      Returns:
      a newly built instance of CfnUserPoolIdentityProvider.