AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
Creates the user pool client.
When you create a new user pool client, token revocation is automatically activated. For more information about revoking tokens, see RevokeToken.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
For .NET Core this operation is only available in asynchronous form. Please refer to CreateUserPoolClientAsync.
Namespace: Amazon.CognitoIdentityProvider
Assembly: AWSSDK.CognitoIdentityProvider.dll
Version: 3.x.y.z
public virtual CreateUserPoolClientResponse CreateUserPoolClient( CreateUserPoolClientRequest request )
Container for the necessary parameters to execute the CreateUserPoolClient service method.
| Exception | Condition |
|---|---|
| InternalErrorException | This exception is thrown when Amazon Cognito encounters an internal error. |
| InvalidOAuthFlowException | This exception is thrown when the specified OAuth flow is not valid. |
| InvalidParameterException | This exception is thrown when the Amazon Cognito service encounters an invalid parameter. |
| LimitExceededException | This exception is thrown when a user exceeds the limit for a requested Amazon Web Services resource. |
| NotAuthorizedException | This exception is thrown when a user isn't authorized. |
| ResourceNotFoundException | This exception is thrown when the Amazon Cognito service can't find the requested resource. |
| ScopeDoesNotExistException | This exception is thrown when the specified scope doesn't exist. |
| TooManyRequestsException | This exception is thrown when the user has made too many requests for a given operation. |
The following example creates an app client with all configurable properties set to an example value. The resulting user pool client connects to an analytics client, allows sign-in with username and password, and has two external identity providers associated with it.
var client = new AmazonCognitoIdentityProviderClient();
var response = client.CreateUserPoolClient(new CreateUserPoolClientRequest
{
AccessTokenValidity = 6,
AllowedOAuthFlows = new List<string> {
"code"
},
AllowedOAuthFlowsUserPoolClient = true,
AllowedOAuthScopes = new List<string> {
"aws.cognito.signin.user.admin",
"openid"
},
AnalyticsConfiguration = new AnalyticsConfigurationType {
ApplicationId = "d70b2ba36a8c4dc5a04a0451a31a1e12",
ExternalId = "my-external-id",
RoleArn = "arn:aws:iam::123456789012:role/test-cognitouserpool-role",
UserDataShared = true
},
CallbackURLs = new List<string> {
"https://example.com",
"http://localhost",
"myapp://example"
},
ClientName = "my-test-app-client",
DefaultRedirectURI = "https://example.com",
ExplicitAuthFlows = new List<string> {
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
},
GenerateSecret = true,
IdTokenValidity = 6,
LogoutURLs = new List<string> {
"https://example.com/logout"
},
PreventUserExistenceErrors = "ENABLED",
ReadAttributes = new List<string> {
"email",
"address",
"preferred_username"
},
RefreshTokenValidity = 6,
SupportedIdentityProviders = new List<string> {
"SignInWithApple",
"MySSO"
},
TokenValidityUnits = new TokenValidityUnitsType {
AccessToken = "hours",
IdToken = "minutes",
RefreshToken = "days"
},
UserPoolId = "us-east-1_EXAMPLE",
WriteAttributes = new List<string> {
"family_name",
"email"
}
});
UserPoolClientType userPoolClient = response.UserPoolClient;
.NET Framework:
Supported in: 4.5, 4.0, 3.5