UserPoolIdentityProviderOidcProps

class aws_cdk.aws_cognito.UserPoolIdentityProviderOidcProps(*, user_pool, attribute_mapping=None, client_id, client_secret, issuer_url, attribute_request_method=None, endpoints=None, identifiers=None, name=None, scopes=None)

Bases: UserPoolIdentityProviderProps

Properties to initialize UserPoolIdentityProviderOidc.

Parameters
  • user_pool (IUserPool) – The user pool to which this construct provides identities.

  • attribute_mapping (Union[AttributeMapping, Dict[str, Any], None]) – Mapping attributes from the identity provider to standard and custom attributes of the user pool. Default: - no attribute mapping

  • client_id (str) – The client id.

  • client_secret (str) – The client secret.

  • issuer_url (str) – Issuer URL.

  • attribute_request_method (Optional[OidcAttributeRequestMethod]) – The method to use to request attributes. Default: OidcAttributeRequestMethod.GET

  • endpoints (Union[OidcEndpoints, Dict[str, Any], None]) – OpenID connect endpoints. Default: - auto discovered with issuer URL

  • identifiers (Optional[Sequence[str]]) – Identifiers. Identifiers can be used to redirect users to the correct IdP in multitenant apps. Default: - no identifiers used

  • name (Optional[str]) – The name of the provider. Default: - the unique ID of the construct

  • scopes (Optional[Sequence[str]]) – The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app. Default: [‘openid’]

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_cognito as cognito

# provider_attribute: cognito.ProviderAttribute
# user_pool: cognito.UserPool

user_pool_identity_provider_oidc_props = cognito.UserPoolIdentityProviderOidcProps(
    client_id="clientId",
    client_secret="clientSecret",
    issuer_url="issuerUrl",
    user_pool=user_pool,

    # the properties below are optional
    attribute_mapping=cognito.AttributeMapping(
        address=provider_attribute,
        birthdate=provider_attribute,
        custom={
            "custom_key": provider_attribute
        },
        email=provider_attribute,
        family_name=provider_attribute,
        fullname=provider_attribute,
        gender=provider_attribute,
        given_name=provider_attribute,
        last_update_time=provider_attribute,
        locale=provider_attribute,
        middle_name=provider_attribute,
        nickname=provider_attribute,
        phone_number=provider_attribute,
        preferred_username=provider_attribute,
        profile_page=provider_attribute,
        profile_picture=provider_attribute,
        timezone=provider_attribute,
        website=provider_attribute
    ),
    attribute_request_method=cognito.OidcAttributeRequestMethod.GET,
    endpoints=cognito.OidcEndpoints(
        authorization="authorization",
        jwks_uri="jwksUri",
        token="token",
        user_info="userInfo"
    ),
    identifiers=["identifiers"],
    name="name",
    scopes=["scopes"]
)

Attributes

attribute_mapping

Mapping attributes from the identity provider to standard and custom attributes of the user pool.

Default
  • no attribute mapping

Return type

Optional[AttributeMapping]

attribute_request_method

The method to use to request attributes.

Default

OidcAttributeRequestMethod.GET

Return type

Optional[OidcAttributeRequestMethod]

client_id

The client id.

Return type

str

client_secret

The client secret.

Return type

str

endpoints

OpenID connect endpoints.

Default
  • auto discovered with issuer URL

Return type

Optional[OidcEndpoints]

identifiers

Identifiers.

Identifiers can be used to redirect users to the correct IdP in multitenant apps.

Default
  • no identifiers used

Return type

Optional[List[str]]

issuer_url

Issuer URL.

Return type

str

name

The name of the provider.

Default
  • the unique ID of the construct

Return type

Optional[str]

scopes

The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are groups of OpenID Connect user attributes to exchange with your app.

Default

[‘openid’]

Return type

Optional[List[str]]

user_pool

The user pool to which this construct provides identities.

Return type

IUserPool