Package software.amazon.awscdk.services.cognito

Class CfnUserPoolClient

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.cognito.CfnUserPoolClient
All Implemented Interfaces:
IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.104.0 (build e79254c)", date="2024-11-06T23:25:06.342Z") @Stability(Stable) public class CfnUserPoolClient extends CfnResource implements IInspectable
The AWS::Cognito::UserPoolClient resource specifies an Amazon Cognito user pool client.

If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Example: 

 import software.amazon.awscdk.services.certificatemanager.*;
 Vpc vpc;
 Certificate certificate;
 ApplicationLoadBalancer lb = ApplicationLoadBalancer.Builder.create(this, "LB")
         .vpc(vpc)
         .internetFacing(true)
         .build();
 UserPool userPool = new UserPool(this, "UserPool");
 UserPoolClient userPoolClient = UserPoolClient.Builder.create(this, "Client")
         .userPool(userPool)
         // Required minimal configuration for use with an ELB
         .generateSecret(true)
         .authFlows(AuthFlow.builder()
                 .userPassword(true)
                 .build())
         .oAuth(OAuthSettings.builder()
                 .flows(OAuthFlows.builder()
                         .authorizationCodeGrant(true)
                         .build())
                 .scopes(List.of(OAuthScope.EMAIL))
                 .callbackUrls(List.of(String.format("https://%s/oauth2/idpresponse", lb.getLoadBalancerDnsName())))
                 .build())
         .build();
 CfnUserPoolClient cfnClient = (CfnUserPoolClient)userPoolClient.getNode().getDefaultChild();
 cfnClient.addPropertyOverride("RefreshTokenValidity", 1);
 cfnClient.addPropertyOverride("SupportedIdentityProviders", List.of("COGNITO"));
 UserPoolDomain userPoolDomain = UserPoolDomain.Builder.create(this, "Domain")
         .userPool(userPool)
         .cognitoDomain(CognitoDomainOptions.builder()
                 .domainPrefix("test-cdk-prefix")
                 .build())
         .build();
 lb.addListener("Listener", BaseApplicationListenerProps.builder()
         .port(443)
         .certificates(List.of(certificate))
         .defaultAction(AuthenticateCognitoAction.Builder.create()
                 .userPool(userPool)
                 .userPoolClient(userPoolClient)
                 .userPoolDomain(userPoolDomain)
                 .next(ListenerAction.fixedResponse(200, FixedResponseOptions.builder()
                         .contentType("text/plain")
                         .messageBody("Authenticated")
                         .build()))
                 .build())
         .build());
 CfnOutput.Builder.create(this, "DNS")
         .value(lb.getLoadBalancerDnsName())
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnUserPoolClient

      protected CfnUserPoolClient(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnUserPoolClient

      protected CfnUserPoolClient(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnUserPoolClient

      @Stability(Stable) public CfnUserPoolClient(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnUserPoolClientProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrClientId

      @Stability(Stable) @NotNull public String getAttrClientId()
      The ID of the app client, for example 1example23456789 .

    • getAttrClientSecret

      @Stability(Stable) @NotNull public String getAttrClientSecret()

    • getAttrName

      @Stability(Stable) @NotNull public String getAttrName()

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getUserPoolId

      @Stability(Stable) @NotNull public String getUserPoolId()
      The user pool ID for the user pool where you want to create a user pool client.

    • setUserPoolId

      @Stability(Stable) public void setUserPoolId(@NotNull String value)
      The user pool ID for the user pool where you want to create a user pool client.

    • getAccessTokenValidity

      @Stability(Stable) @Nullable public Number getAccessTokenValidity()
      The access token time limit.

    • setAccessTokenValidity

      @Stability(Stable) public void setAccessTokenValidity(@Nullable Number value)
      The access token time limit.

    • getAllowedOAuthFlows

      @Stability(Stable) @Nullable public List<String> getAllowedOAuthFlows()
      The OAuth grant types that you want your app client to generate.

    • setAllowedOAuthFlows

      @Stability(Stable) public void setAllowedOAuthFlows(@Nullable List<String> value)
      The OAuth grant types that you want your app client to generate.

    • getAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) @Nullable public Object getAllowedOAuthFlowsUserPoolClient()
      Set to true to use OAuth 2.0 features in your user pool app client.

    • setAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) public void setAllowedOAuthFlowsUserPoolClient(@Nullable Boolean value)
      Set to true to use OAuth 2.0 features in your user pool app client.

    • setAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) public void setAllowedOAuthFlowsUserPoolClient(@Nullable IResolvable value)
      Set to true to use OAuth 2.0 features in your user pool app client.

    • getAllowedOAuthScopes

      @Stability(Stable) @Nullable public List<String> getAllowedOAuthScopes()
      The allowed OAuth scopes.

    • setAllowedOAuthScopes

      @Stability(Stable) public void setAllowedOAuthScopes(@Nullable List<String> value)
      The allowed OAuth scopes.

    • getAnalyticsConfiguration

      @Stability(Stable) @Nullable public Object getAnalyticsConfiguration()
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

    • setAnalyticsConfiguration

      @Stability(Stable) public void setAnalyticsConfiguration(@Nullable IResolvable value)
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

    • setAnalyticsConfiguration

      @Stability(Stable) public void setAnalyticsConfiguration(@Nullable CfnUserPoolClient.AnalyticsConfigurationProperty value)
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

    • getAuthSessionValidity

      @Stability(Stable) @Nullable public Number getAuthSessionValidity()
      Amazon Cognito creates a session token for each API request in an authentication flow.

    • setAuthSessionValidity

      @Stability(Stable) public void setAuthSessionValidity(@Nullable Number value)
      Amazon Cognito creates a session token for each API request in an authentication flow.

    • getCallbackUrLs

      @Stability(Stable) @Nullable public List<String> getCallbackUrLs()
      A list of allowed redirect (callback) URLs for the IdPs.

    • setCallbackUrLs

      @Stability(Stable) public void setCallbackUrLs(@Nullable List<String> value)
      A list of allowed redirect (callback) URLs for the IdPs.

    • getClientName

      @Stability(Stable) @Nullable public String getClientName()
      The client name for the user pool client you would like to create.

    • setClientName

      @Stability(Stable) public void setClientName(@Nullable String value)
      The client name for the user pool client you would like to create.

    • getDefaultRedirectUri

      @Stability(Stable) @Nullable public String getDefaultRedirectUri()
      The default redirect URI.

    • setDefaultRedirectUri

      @Stability(Stable) public void setDefaultRedirectUri(@Nullable String value)
      The default redirect URI.

    • getEnablePropagateAdditionalUserContextData

      @Stability(Stable) @Nullable public Object getEnablePropagateAdditionalUserContextData()
      Activates the propagation of additional user context data.

    • setEnablePropagateAdditionalUserContextData

      @Stability(Stable) public void setEnablePropagateAdditionalUserContextData(@Nullable Boolean value)
      Activates the propagation of additional user context data.

    • setEnablePropagateAdditionalUserContextData

      @Stability(Stable) public void setEnablePropagateAdditionalUserContextData(@Nullable IResolvable value)
      Activates the propagation of additional user context data.

    • getEnableTokenRevocation

      @Stability(Stable) @Nullable public Object getEnableTokenRevocation()
      Activates or deactivates token revocation.

      For more information about revoking tokens, see RevokeToken .

    • setEnableTokenRevocation

      @Stability(Stable) public void setEnableTokenRevocation(@Nullable Boolean value)
      Activates or deactivates token revocation.

      For more information about revoking tokens, see RevokeToken .

    • setEnableTokenRevocation

      @Stability(Stable) public void setEnableTokenRevocation(@Nullable IResolvable value)
      Activates or deactivates token revocation.

      For more information about revoking tokens, see RevokeToken .

    • getExplicitAuthFlows

      @Stability(Stable) @Nullable public List<String> getExplicitAuthFlows()
      The authentication flows that you want your user pool client to support.

    • setExplicitAuthFlows

      @Stability(Stable) public void setExplicitAuthFlows(@Nullable List<String> value)
      The authentication flows that you want your user pool client to support.

    • getGenerateSecret

      @Stability(Stable) @Nullable public Object getGenerateSecret()
      Boolean to specify whether you want to generate a secret for the user pool client being created.

    • setGenerateSecret

      @Stability(Stable) public void setGenerateSecret(@Nullable Boolean value)
      Boolean to specify whether you want to generate a secret for the user pool client being created.

    • setGenerateSecret

      @Stability(Stable) public void setGenerateSecret(@Nullable IResolvable value)
      Boolean to specify whether you want to generate a secret for the user pool client being created.

    • getIdTokenValidity

      @Stability(Stable) @Nullable public Number getIdTokenValidity()
      The ID token time limit.

    • setIdTokenValidity

      @Stability(Stable) public void setIdTokenValidity(@Nullable Number value)
      The ID token time limit.

    • getLogoutUrLs

      @Stability(Stable) @Nullable public List<String> getLogoutUrLs()
      A list of allowed logout URLs for the IdPs.

    • setLogoutUrLs

      @Stability(Stable) public void setLogoutUrLs(@Nullable List<String> value)
      A list of allowed logout URLs for the IdPs.

    • getPreventUserExistenceErrors

      @Stability(Stable) @Nullable public String getPreventUserExistenceErrors()
      Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.

    • setPreventUserExistenceErrors

      @Stability(Stable) public void setPreventUserExistenceErrors(@Nullable String value)
      Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.

    • getReadAttributes

      @Stability(Stable) @Nullable public List<String> getReadAttributes()
      The list of user attributes that you want your app client to have read access to.

    • setReadAttributes

      @Stability(Stable) public void setReadAttributes(@Nullable List<String> value)
      The list of user attributes that you want your app client to have read access to.

    • getRefreshTokenValidity

      @Stability(Stable) @Nullable public Number getRefreshTokenValidity()
      The refresh token time limit.

    • setRefreshTokenValidity

      @Stability(Stable) public void setRefreshTokenValidity(@Nullable Number value)
      The refresh token time limit.

    • getSupportedIdentityProviders

      @Stability(Stable) @Nullable public List<String> getSupportedIdentityProviders()
      A list of provider names for the identity providers (IdPs) that are supported on this client.

    • setSupportedIdentityProviders

      @Stability(Stable) public void setSupportedIdentityProviders(@Nullable List<String> value)
      A list of provider names for the identity providers (IdPs) that are supported on this client.

    • getTokenValidityUnits

      @Stability(Stable) @Nullable public Object getTokenValidityUnits()
      The units in which the validity times are represented.

    • setTokenValidityUnits

      @Stability(Stable) public void setTokenValidityUnits(@Nullable IResolvable value)
      The units in which the validity times are represented.

    • setTokenValidityUnits

      @Stability(Stable) public void setTokenValidityUnits(@Nullable CfnUserPoolClient.TokenValidityUnitsProperty value)
      The units in which the validity times are represented.

    • getWriteAttributes

      @Stability(Stable) @Nullable public List<String> getWriteAttributes()
      The list of user attributes that you want your app client to have write access to.

    • setWriteAttributes

      @Stability(Stable) public void setWriteAttributes(@Nullable List<String> value)
      The list of user attributes that you want your app client to have write access to.