Class CfnUserPoolIdentityProviderProps.Builder
- All Implemented Interfaces:
software.amazon.jsii.Builder<CfnUserPoolIdentityProviderProps>
- Enclosing interface:
CfnUserPoolIdentityProviderProps
CfnUserPoolIdentityProviderProps
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionattributeMapping
(Object attributeMapping) Sets the value ofCfnUserPoolIdentityProviderProps.getAttributeMapping()
build()
Builds the configured instance.idpIdentifiers
(List<String> idpIdentifiers) Sets the value ofCfnUserPoolIdentityProviderProps.getIdpIdentifiers()
providerDetails
(Object providerDetails) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderDetails()
providerName
(String providerName) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderName()
providerType
(String providerType) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderType()
userPoolId
(String userPoolId) Sets the value ofCfnUserPoolIdentityProviderProps.getUserPoolId()
-
Constructor Details
-
Builder
public Builder()
-
-
Method Details
-
providerDetails
@Stability(Stable) public CfnUserPoolIdentityProviderProps.Builder providerDetails(Object providerDetails) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderDetails()
- Parameters:
providerDetails
- The scopes, URLs, and identifiers for your external identity provider. This parameter is required. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdPauthorize_scopes
values must match the values listed here.- OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer
:attributes_url
,authorize_url
,jwks_uri
,token_url
.
Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }
Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }
- SAML - Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }
Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }
The value of
MetadataFile
must be the plaintext metadata document with all quote (") characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }
- LoginWithAmazon - Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"
Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }
- Google - Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }
Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }
- SignInWithApple - Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }
Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }
- Facebook - Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }
Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
- OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
- Returns:
this
-
providerName
@Stability(Stable) public CfnUserPoolIdentityProviderProps.Builder providerName(String providerName) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderName()
- Parameters:
providerName
- The name that you want to assign to the IdP. This parameter is required. You can pass the identity provider name in theidentity_provider
query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.- Returns:
this
-
providerType
@Stability(Stable) public CfnUserPoolIdentityProviderProps.Builder providerType(String providerType) Sets the value ofCfnUserPoolIdentityProviderProps.getProviderType()
- Parameters:
providerType
- The type of IdP that you want to add. This parameter is required. Amazon Cognito supports OIDC, SAML 2.0, Login With Amazon, Sign In With Apple, Google, and Facebook IdPs.- Returns:
this
-
userPoolId
Sets the value ofCfnUserPoolIdentityProviderProps.getUserPoolId()
- Parameters:
userPoolId
- The Id of the user pool where you want to create an IdP. This parameter is required.- Returns:
this
-
attributeMapping
@Stability(Stable) public CfnUserPoolIdentityProviderProps.Builder attributeMapping(Object attributeMapping) Sets the value ofCfnUserPoolIdentityProviderProps.getAttributeMapping()
- Parameters:
attributeMapping
- A mapping of IdP attributes to standard and custom user pool attributes. Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.- Returns:
this
-
idpIdentifiers
@Stability(Stable) public CfnUserPoolIdentityProviderProps.Builder idpIdentifiers(List<String> idpIdentifiers) Sets the value ofCfnUserPoolIdentityProviderProps.getIdpIdentifiers()
- Parameters:
idpIdentifiers
- An array of IdP identifiers, for example"IdPIdentifiers": [ "MyIdP", "MyIdP2" ]
. Identifiers are friendly names that you can pass in theidp_identifier
query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers .- Returns:
this
-
build
Builds the configured instance.- Specified by:
build
in interfacesoftware.amazon.jsii.Builder<CfnUserPoolIdentityProviderProps>
- Returns:
- a new instance of
CfnUserPoolIdentityProviderProps
- Throws:
NullPointerException
- if any required attribute was not provided
-