OAuthSettings

class aws_cdk.aws_cognito.OAuthSettings(*, callback_urls=None, flows=None, logout_urls=None, scopes=None)

Bases: object

OAuth settings to configure the interaction between the app and this client.

Parameters

• callback_urls (Optional[Sequence[str]]) – List of allowed redirect URLs for the identity providers. Default: - [’https://example.com’] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.

• flows (Union[OAuthFlows, Dict[str, Any], None]) – OAuth flows that are allowed with this client. Default: {authorizationCodeGrant:true,implicitCodeGrant:true}

• logout_urls (Optional[Sequence[str]]) – List of allowed logout URLs for the identity providers. Default: - no logout URLs

• scopes (Optional[Sequence[OAuthScope]]) – OAuth scopes that are allowed with this client. Default: [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]

ExampleMetadata

infused

Example:

userpool = cognito.UserPool(self, "UserPool")
client = userpool.add_client("Client",
    # ...
    o_auth=cognito.OAuthSettings(
        flows=cognito.OAuthFlows(
            implicit_code_grant=True
        ),
        callback_urls=["https://myapp.com/home", "https://myapp.com/users"
        ]
    )
)
domain = userpool.add_domain("Domain")
sign_in_url = domain.sign_in_url(client,
    redirect_uri="https://myapp.com/home"
)

Attributes

callback_urls

List of allowed redirect URLs for the identity providers.

Default

• [’https://example.com’] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.

Return type

Optional[List[str]]

flows

OAuth flows that are allowed with this client.

Default

{authorizationCodeGrant:true,implicitCodeGrant:true}

See

• the ‘Allowed OAuth Flows’ section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Return type

Optional[OAuthFlows]

logout_urls

List of allowed logout URLs for the identity providers.

Default

• no logout URLs

Return type

Optional[List[str]]

scopes

OAuth scopes that are allowed with this client.

Default

[OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]

See

https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

Return type

Optional[List[OAuthScope]]