UserPoolClientProps
- class aws_cdk.aws_cognito.UserPoolClientProps(*, access_token_validity=None, auth_flows=None, auth_session_validity=None, disable_o_auth=None, enable_propagate_additional_user_context_data=None, enable_token_revocation=None, generate_secret=None, id_token_validity=None, o_auth=None, prevent_user_existence_errors=None, read_attributes=None, refresh_token_validity=None, supported_identity_providers=None, user_pool_client_name=None, write_attributes=None, user_pool)
Bases:
UserPoolClientOptions
Properties for the UserPoolClient construct.
- Parameters:
access_token_validity (
Optional
[Duration
]) – Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)auth_flows (
Union
[AuthFlow
,Dict
[str
,Any
],None
]) – The set of OAuth authentication flows to enable on the client. Default: - If you don’t specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.auth_session_validity (
Optional
[Duration
]) – Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. see defaults inAuthSessionValidity
. Valid duration is from 3 to 15 minutes. Default: - Duration.minutes(3)disable_o_auth (
Optional
[bool
]) – Turns off all OAuth interactions for this client. Default: falseenable_propagate_additional_user_context_data (
Optional
[bool
]) – Enable the propagation of additional user context data. You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret. Default: false for new user pool clientsenable_token_revocation (
Optional
[bool
]) – Enable token revocation for this client. Default: true for new user pool clientsgenerate_secret (
Optional
[bool
]) – Whether to generate a client secret. Default: falseid_token_validity (
Optional
[Duration
]) – Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity. Default: Duration.minutes(60)o_auth (
Union
[OAuthSettings
,Dict
[str
,Any
],None
]) – OAuth settings for this client to interact with the app. An error is thrown when this is specified anddisableOAuth
is set. Default: - see defaults inOAuthSettings
. meaningless ifdisableOAuth
is set.prevent_user_existence_errors (
Optional
[bool
]) – Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence. Default: falseread_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to read. Default: - all standard and custom attributesrefresh_token_validity (
Optional
[Duration
]) – Validity of the refresh token. Values between 60 minutes and 10 years are valid. Default: Duration.days(30)supported_identity_providers (
Optional
[Sequence
[UserPoolClientIdentityProvider
]]) – The list of identity providers that users should be able to use to sign in using this client. Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using theUserPool.registerIdentityProvider()
API.user_pool_client_name (
Optional
[str
]) – Name of the application client. Default: - cloudformation generated namewrite_attributes (
Optional
[ClientAttributes
]) – The set of attributes this client will be able to write. Default: - all standard and custom attributesuser_pool (
IUserPool
) – The UserPool resource this client will have access to.
- ExampleMetadata:
infused
Example:
# imported_pool: cognito.UserPool user_pool_client = cognito.UserPoolClient(self, "UserPoolClient", user_pool=imported_pool, generate_secret=True ) # Allows you to pass the generated secret to other pieces of infrastructure secret = user_pool_client.user_pool_client_secret
Attributes
- access_token_validity
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
- auth_flows
The set of OAuth authentication flows to enable on the client.
- Default:
If you don’t specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
- See:
- auth_session_validity
Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity is the duration, in minutes, of that session token. see defaults in
AuthSessionValidity
. Valid duration is from 3 to 15 minutes.
- disable_o_auth
Turns off all OAuth interactions for this client.
- Default:
false
- enable_propagate_additional_user_context_data
Enable the propagation of additional user context data.
You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
- Default:
false for new user pool clients
- See:
- enable_token_revocation
Enable token revocation for this client.
- Default:
true for new user pool clients
- See:
- generate_secret
Whether to generate a client secret.
- Default:
false
- id_token_validity
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
- o_auth
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and
disableOAuth
is set.- Default:
see defaults in
OAuthSettings
. meaningless ifdisableOAuth
is set.
- prevent_user_existence_errors
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn’t reveal the user’s absence.
- read_attributes
The set of attributes this client will be able to read.
- Default:
all standard and custom attributes
- See:
- refresh_token_validity
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
- supported_identity_providers
The list of identity providers that users should be able to use to sign in using this client.
- Default:
supports all identity providers that are registered with the user pool. If the user pool and/or
identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the
UserPool.registerIdentityProvider()
API.
- user_pool
The UserPool resource this client will have access to.
- user_pool_client_name
Name of the application client.
- Default:
cloudformation generated name
- write_attributes
The set of attributes this client will be able to write.
- Default:
all standard and custom attributes
- See: