CreateIdentityPool
Creates a new identity pool. The identity pool is a store of user identity
information that is specific to your AWS account. The keys for
SupportedLoginProviders
are as follows:
-
Facebook:
graph.facebook.com
-
Google:
accounts.google.com
-
Sign in With Apple:
appleid.apple.com
-
Amazon:
www.amazon.com
-
Twitter:
api.twitter.com
-
Digits:
www.digits.com
You must use AWS developer credentials to call this operation.
Request Syntax
{
"AllowClassicFlow": boolean
,
"AllowUnauthenticatedIdentities": boolean
,
"CognitoIdentityProviders": [
{
"ClientId": "string
",
"ProviderName": "string
",
"ServerSideTokenCheck": boolean
}
],
"DeveloperProviderName": "string
",
"IdentityPoolName": "string
",
"IdentityPoolTags": {
"string
" : "string
"
},
"OpenIdConnectProviderARNs": [ "string
" ],
"SamlProviderARNs": [ "string
" ],
"SupportedLoginProviders": {
"string
" : "string
"
}
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AllowClassicFlow
-
Enables or disables the Basic (Classic) authentication flow. For more information, see Identity Pools (Federated Identities) Authentication Flow in the Amazon Cognito Developer Guide.
Type: Boolean
Required: No
- AllowUnauthenticatedIdentities
-
TRUE if the identity pool supports unauthenticated logins.
Type: Boolean
Required: Yes
- CognitoIdentityProviders
-
An array of Amazon Cognito user pools and their client IDs.
Type: Array of CognitoIdentityProvider objects
Required: No
- DeveloperProviderName
-
The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. For the
DeveloperProviderName
, you can use letters as well as period (.
), underscore (_
), and dash (-
).Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w._-]+
Required: No
- IdentityPoolName
-
A string that you provide.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w\s+=,.@-]+
Required: Yes
- IdentityPoolTags
-
Tags to assign to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
Type: String to string map
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Required: No
- OpenIdConnectProviderARNs
-
The Amazon Resource Names (ARN) of the OpenID Connect providers.
Type: Array of strings
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: No
- SamlProviderARNs
-
An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
Type: Array of strings
Length Constraints: Minimum length of 20. Maximum length of 2048.
Required: No
- SupportedLoginProviders
-
Optional key:value pairs mapping provider names to provider app IDs.
Type: String to string map
Map Entries: Maximum number of 10 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 1. Maximum length of 128.
Value Pattern:
[\w.;_/-]+
Required: No
Response Syntax
{
"AllowClassicFlow": boolean,
"AllowUnauthenticatedIdentities": boolean,
"CognitoIdentityProviders": [
{
"ClientId": "string",
"ProviderName": "string",
"ServerSideTokenCheck": boolean
}
],
"DeveloperProviderName": "string",
"IdentityPoolId": "string",
"IdentityPoolName": "string",
"IdentityPoolTags": {
"string" : "string"
},
"OpenIdConnectProviderARNs": [ "string" ],
"SamlProviderARNs": [ "string" ],
"SupportedLoginProviders": {
"string" : "string"
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- AllowClassicFlow
-
Enables or disables the Basic (Classic) authentication flow. For more information, see Identity Pools (Federated Identities) Authentication Flow in the Amazon Cognito Developer Guide.
Type: Boolean
- AllowUnauthenticatedIdentities
-
TRUE if the identity pool supports unauthenticated logins.
Type: Boolean
- CognitoIdentityProviders
-
A list representing an Amazon Cognito user pool and its client ID.
Type: Array of CognitoIdentityProvider objects
- DeveloperProviderName
-
The "domain" by which Cognito will refer to your users.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w._-]+
- IdentityPoolId
-
An identity pool ID in the format REGION:GUID.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 55.
Pattern:
[\w-]+:[0-9a-f-]+
- IdentityPoolName
-
A string that you provide.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w\s+=,.@-]+
- IdentityPoolTags
-
The tags that are assigned to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
Type: String to string map
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
- OpenIdConnectProviderARNs
-
The ARNs of the OpenID Connect providers.
Type: Array of strings
Length Constraints: Minimum length of 20. Maximum length of 2048.
- SamlProviderARNs
-
An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
Type: Array of strings
Length Constraints: Minimum length of 20. Maximum length of 2048.
- SupportedLoginProviders
-
Optional key:value pairs mapping provider names to provider app IDs.
Type: String to string map
Map Entries: Maximum number of 10 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 1. Maximum length of 128.
Value Pattern:
[\w.;_/-]+
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalErrorException
-
Thrown when the service encounters an error during processing the request.
HTTP Status Code: 500
- InvalidParameterException
-
Thrown for missing or bad input parameter(s).
HTTP Status Code: 400
- LimitExceededException
-
Thrown when the total number of user pools has exceeded a preset limit.
HTTP Status Code: 400
- NotAuthorizedException
-
Thrown when a user is not authorized to access the requested resource.
HTTP Status Code: 400
- ResourceConflictException
-
Thrown when a user tries to use a login which is already linked to another account.
HTTP Status Code: 400
- TooManyRequestsException
-
Thrown when a request is throttled.
HTTP Status Code: 400
Examples
CreateIdentityPool
The following examples show a request and response for
CreateIdentityPool
. The request and response bodies have been edited
for readability and may not match the stated Content-Length
values.
Note: For the key "api.twitter.com" and "www.digits.com" the value to be set in the
dictionary is a concatenation of the consumer key and consumer secret strings
separated by a semicolon.
Sample Request
POST / HTTP/1.1
CONTENT-TYPE: application/json
CONTENT-LENGTH: 369
X-AMZ-TARGET: com.amazonaws.cognito.identity.model.AWSCognitoIdentityService.CreateIdentityPool
HOST: <endpoint>
X-AMZ-DATE: 20140804T205551Z
AUTHORIZATION: AWS4-HMAC-SHA256 Credential=<credential>, SignedHeaders=content-type;content-length;host;x-amz-date;x-amz-target, Signature=<signature>
{
"IdentityPoolName": "MyIdentityPool",
"AllowUnauthenticatedIdentities": true,
"SupportedLoginProviders":
{
"graph.facebook.com": "7346241598935555",
"accounts.google.com": "123456789012.apps.googleusercontent.com",
"www.amazon.com": "amzn1.application-oa2-client.188a56d827a7d6555a8b67a5d",
"api.twitter.com": "xvz1evFS4wEEPTGEFPHBog;kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
"www.digits.com": "xvz1evFS4wEEPTGEFPHBog;kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw"
}
}
Sample Response
1.1 200 OK
x-amzn-requestid: 15cc73a1-0780-460c-91e8-e12ef034e116
date: Mon, 04 Aug 2014 20:55:52 GMT
content-type: application/json
content-length: 1091
{
"AllowUnauthenticatedIdentities": true,
"IdentityPoolId": "us-east-1:1cf667a2-49a6-454b-9e45-23199EXAMPLE",
"IdentityPoolName": "MyIdentityPool",
"SupportedLoginProviders":
{
"accounts.google.com": "123456789012.apps.googleusercontent.com",
"graph.facebook.com": "7346241598935555",
"www.amazon.com": "amzn1.application-oa2-client.188a56d827a7d6555a8b67a5d",
"api.twitter.com": "xvz1evFS4wEEPTGEFPHBog;kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw",
"www.digits.com": "xvz1evFS4wEEPTGEFPHBog;kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw"
}
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: