OAuthSettings¶
-
class
aws_cdk.aws_cognito.
OAuthSettings
(*, callback_urls=None, flows=None, logout_urls=None, scopes=None)¶ Bases:
object
OAuth settings to configure the interaction between the app and this client.
- Parameters
callback_urls (
Optional
[Sequence
[str
]]) – List of allowed redirect URLs for the identity providers. Default: - [‘https://example.com’] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.flows (
Optional
[OAuthFlows
]) – OAuth flows that are allowed with this client. Default: {authorizationCodeGrant:true,implicitCodeGrant:true}logout_urls (
Optional
[Sequence
[str
]]) – List of allowed logout URLs for the identity providers. Default: - no logout URLsscopes (
Optional
[Sequence
[OAuthScope
]]) – OAuth scopes that are allowed with this client. Default: [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
- ExampleMetadata
infused
Example:
pool = cognito.UserPool(self, "Pool") read_only_scope = cognito.ResourceServerScope(scope_name="read", scope_description="Read-only access") full_access_scope = cognito.ResourceServerScope(scope_name="*", scope_description="Full access") user_server = pool.add_resource_server("ResourceServer", identifier="users", scopes=[read_only_scope, full_access_scope] ) read_only_client = pool.add_client("read-only-client", # ... o_auth=cognito.OAuthSettings( # ... scopes=[cognito.OAuthScope.resource_server(user_server, read_only_scope)] ) ) full_access_client = pool.add_client("full-access-client", # ... o_auth=cognito.OAuthSettings( # ... scopes=[cognito.OAuthScope.resource_server(user_server, full_access_scope)] ) )
Attributes
-
callback_urls
¶ List of allowed redirect URLs for the identity providers.
- Default
[‘https://example.com’] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.
- Return type
Optional
[List
[str
]]
-
flows
¶ OAuth flows that are allowed with this client.
- Default
{authorizationCodeGrant:true,implicitCodeGrant:true}
- See
the ‘Allowed OAuth Flows’ section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
- Return type
Optional
[OAuthFlows
]
-
logout_urls
¶ List of allowed logout URLs for the identity providers.
- Default
no logout URLs
- Return type
Optional
[List
[str
]]
-
scopes
¶ OAuth scopes that are allowed with this client.
- Default
[OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
- See
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
- Return type
Optional
[List
[OAuthScope
]]