IUserPool
- class aws_cdk.aws_cognito.IUserPool(*args, **kwargs)
Bases:
IResource
,Protocol
Represents a Cognito UserPool.
Methods
- add_client(id, *, access_token_validity=None, auth_flows=None, auth_session_validity=None, disable_o_auth=None, enable_propagate_additional_user_context_data=None, enable_token_revocation=None, generate_secret=None, id_token_validity=None, o_auth=None, prevent_user_existence_errors=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_client_name=None, write_attributes=None)
Add a new app client to this user pool.
- Parameters:
id (
str
) –access_token_validity (
Optional
[Duration
]) – Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)auth_flows (
Union
[AuthFlow
,Dict
[str
,Any
],None
]) – The set of OAuth authentication flows to enable on the client. Default: - If you don’t specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.auth_session_validity (
Optional
[Duration
]) – Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. see defaults inAuthSessionValidity
. Valid duration is from 3 to 15 minutes. Default: - Duration.minutes(3)disable_o_auth (
Optional
[bool
]) – Turns off all OAuth interactions for this client. Default: falseenable_propagate_additional_user_context_data (
Optional
[bool
]) – Enable the propagation of additional user context data. You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret. Default: false for new user pool clientsenable_token_revocation (
Optional
[bool
]) – Enable token revocation for this client. Default: true for new user pool clientsgenerate_secret (
Optional
[bool
]) – Whether to generate a client secret. Default: falseid_token_validity (
Optional
[Duration
]) – Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)o_auth (
Union
[OAuthSettings
,Dict
[str
,Any
],None
]) – OAuth settings for this client to interact with the app. An error is thrown when this is specified anddisableOAuth
is set. Default: - see defaults inOAuthSettings
. meaningless ifdisableOAuth
is set.prevent_user_existence_errors (
Optional
[bool
]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: falseread_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to read. Default: - all standard and custom attributesrefresh_token_validity (
Optional
[Duration
]) – Validity of the refresh token. Values between 60 minutes and 10 years are valid. Default: Duration.days(30)supported_identity_providers (
Optional
[Sequence
[UserPoolClientIdentityProvider
]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using theUserPool.registerIdentityProvider()
API.user_pool_client_name (
Optional
[str
]) – Name of the application client. Default: - cloudformation generated namewrite_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to write. Default: - all standard and custom attributes
- See:
https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
- Return type:
- add_domain(id, *, cognito_domain=None, custom_domain=None)
Associate a domain to this user pool.
- Parameters:
id (
str
) –cognito_domain (
Union
[CognitoDomainOptions
,Dict
[str
,Any
],None
]) – Associate a cognito prefix domain with your user pool EithercustomDomain
orcognitoDomain
must be specified. Default: - not set ifcustomDomain
is specified, otherwise, throws an error.custom_domain (
Union
[CustomDomainOptions
,Dict
[str
,Any
],None
]) – Associate a custom domain with your user pool EithercustomDomain
orcognitoDomain
must be specified. Default: - not set ifcognitoDomain
is specified, otherwise, throws an error.
- See:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html
- Return type:
- add_resource_server(id, *, identifier, scopes=None, user_pool_resource_server_name=None)
Add a new resource server to this user pool.
- Parameters:
id (
str
) –identifier (
str
) – A unique resource server identifier for the resource server.scopes (
Optional
[Sequence
[ResourceServerScope
]]) – Oauth scopes. Default: - No scopes will be addeduser_pool_resource_server_name (
Optional
[str
]) – A friendly name for the resource server. Default: - same asidentifier
- See:
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-resource-servers.html
- Return type:
- apply_removal_policy(policy)
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you’ve removed it from the CDK application or because you’ve made a change that requires the resource to be replaced.
The resource can be deleted (
RemovalPolicy.DESTROY
), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN
).- Parameters:
policy (
RemovalPolicy
) –- Return type:
None
- grant(grantee, *actions)
Adds an IAM policy statement associated with this user pool to an IAM principal’s policy.
- Parameters:
grantee (
IGrantable
) –actions (
str
) –
- Return type:
- register_identity_provider(provider)
Register an identity provider with this user pool.
- Parameters:
provider (
IUserPoolIdentityProvider
) –- Return type:
None
Attributes
- env
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- identity_providers
Get all identity providers registered with this user pool.
- node
The tree node.
- stack
The stack in which this resource is defined.
- user_pool_arn
The ARN of this user pool resource.
- Attribute:
true
- user_pool_id
The physical ID of this user pool resource.
- Attribute:
true
- user_pool_provider_name
The provider name of this user pool resource.
- Attribute:
true