IUserPool

class aws_cdk.aws_cognito.IUserPool(*args, **kwargs)

Bases: IResource, Protocol

Represents a Cognito UserPool.

Methods

add_client(id, *, access_token_validity=None, auth_flows=None, auth_session_validity=None, disable_o_auth=None, enable_token_revocation=None, generate_secret=None, id_token_validity=None, o_auth=None, prevent_user_existence_errors=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_client_name=None, write_attributes=None)

Add a new app client to this user pool.

Parameters:

• id (str) –

• access_token_validity (Optional[Duration]) – Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)

• auth_flows (Union[AuthFlow, Dict[str, Any], None]) – The set of OAuth authentication flows to enable on the client. Default: - If you don’t specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

• auth_session_validity (Optional[Duration]) – Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes. Default: - Duration.minutes(3)

• disable_o_auth (Optional[bool]) – Turns off all OAuth interactions for this client. Default: false

• enable_token_revocation (Optional[bool]) – Enable token revocation for this client. Default: true for new user pool clients

• generate_secret (Optional[bool]) – Whether to generate a client secret. Default: false

• id_token_validity (Optional[Duration]) – Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)

• o_auth (Union[OAuthSettings, Dict[str, Any], None]) – OAuth settings for this client to interact with the app. An error is thrown when this is specified and disableOAuth is set. Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.

• prevent_user_existence_errors (Optional[bool]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: false

• read_attributes (Optional[ClientAttributes]) – The set of attributes this client will be able to read. Default: - all standard and custom attributes

• refresh_token_validity (Optional[Duration]) – Validity of the refresh token. Values between 60 minutes and 10 years are valid. Default: Duration.days(30)

• supported_identity_providers (Optional[Sequence[UserPoolClientIdentityProvider]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.

• user_pool_client_name (Optional[str]) – Name of the application client. Default: - cloudformation generated name

• write_attributes (Optional[ClientAttributes]) – The set of attributes this client will be able to write. Default: - all standard and custom attributes

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html

Return type:

UserPoolClient

add_domain(id, *, cognito_domain=None, custom_domain=None)

Associate a domain to this user pool.

Parameters:

• id (str) –

• cognito_domain (Union[CognitoDomainOptions, Dict[str, Any], None]) – Associate a cognito prefix domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if customDomain is specified, otherwise, throws an error.

• custom_domain (Union[CustomDomainOptions, Dict[str, Any], None]) – Associate a custom domain with your user pool Either customDomain or cognitoDomain must be specified. Default: - not set if cognitoDomain is specified, otherwise, throws an error.

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html

Return type:

UserPoolDomain

add_resource_server(id, *, identifier, scopes=None, user_pool_resource_server_name=None)

Add a new resource server to this user pool.

Parameters:

• id (str) –

• identifier (str) – A unique resource server identifier for the resource server.

• scopes (Optional[Sequence[ResourceServerScope]]) – Oauth scopes. Default: - No scopes will be added

• user_pool_resource_server_name (Optional[str]) – A friendly name for the resource server. Default: - same as identifier

See:

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-resource-servers.html

Return type:

UserPoolResourceServer

apply_removal_policy(policy)

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:

policy (RemovalPolicy) –

Return type:

None

grant(grantee, *actions)

Adds an IAM policy statement associated with this user pool to an IAM principal’s policy.

Parameters:

• grantee (IGrantable) –

• actions (str) –

Return type:

Grant

register_identity_provider(provider)

Register an identity provider with this user pool.

Parameters:

provider (IUserPoolIdentityProvider) –

Return type:

None

Attributes

env

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

identity_providers

Get all identity providers registered with this user pool.

node

The tree node.

stack

The stack in which this resource is defined.

user_pool_arn

The ARN of this user pool resource.

Attribute:

true

user_pool_id

The physical ID of this user pool resource.

Attribute:

true