@Generated(value="jsii-pacmak/1.71.0 (build f1f58ae)", date="2022-12-07T17:24:44.591Z") @Stability(value=Stable) public class OAuthScope extends software.amazon.jsii.JsiiObject
Example:
UserPool pool = new UserPool(this, "Pool");
ResourceServerScope readOnlyScope = ResourceServerScope.Builder.create().scopeName("read").scopeDescription("Read-only access").build();
ResourceServerScope fullAccessScope = ResourceServerScope.Builder.create().scopeName("*").scopeDescription("Full access").build();
UserPoolResourceServer userServer = pool.addResourceServer("ResourceServer", UserPoolResourceServerOptions.builder()
.identifier("users")
.scopes(List.of(readOnlyScope, fullAccessScope))
.build());
UserPoolClient readOnlyClient = pool.addClient("read-only-client", UserPoolClientOptions.builder()
// ...
.oAuth(OAuthSettings.builder()
// ...
.scopes(List.of(OAuthScope.resourceServer(userServer, readOnlyScope)))
.build())
.build());
UserPoolClient fullAccessClient = pool.addClient("full-access-client", UserPoolClientOptions.builder()
// ...
.oAuth(OAuthSettings.builder()
// ...
.scopes(List.of(OAuthScope.resourceServer(userServer, fullAccessScope)))
.build())
.build());
| Modifier and Type | Field and Description |
|---|---|
static OAuthScope |
COGNITO_ADMIN
Grants access to Amazon Cognito User Pool API operations that require access tokens, such as UpdateUserAttributes and VerifyUserAttribute.
|
static OAuthScope |
EMAIL
Grants access to the 'email' and 'email_verified' claims.
|
static OAuthScope |
OPENID
Returns all user attributes in the ID token that are readable by the client.
|
static OAuthScope |
PHONE
Grants access to the 'phone_number' and 'phone_number_verified' claims.
|
static OAuthScope |
PROFILE
Grants access to all user attributes that are readable by the client Automatically includes access to `OAuthScope.OPENID`.
|
| Modifier | Constructor and Description |
|---|---|
protected |
OAuthScope(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
OAuthScope(software.amazon.jsii.JsiiObjectRef objRef) |
| Modifier and Type | Method and Description |
|---|---|
static OAuthScope |
custom(String name)
Custom scope is one that you define for your own resource server in the Resource Servers.
|
String |
getScopeName()
The name of this scope as recognized by CloudFormation.
|
static OAuthScope |
resourceServer(IUserPoolResourceServer server,
ResourceServerScope scope)
Adds a custom scope that's tied to a resource server in your stack.
|
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet@Stability(value=Stable) public static final OAuthScope COGNITO_ADMIN
@Stability(value=Stable) public static final OAuthScope EMAIL
Automatically includes access to OAuthScope.OPENID.
@Stability(value=Stable) public static final OAuthScope OPENID
@Stability(value=Stable) public static final OAuthScope PHONE
Automatically includes access to OAuthScope.OPENID.
@Stability(value=Stable) public static final OAuthScope PROFILE
protected OAuthScope(software.amazon.jsii.JsiiObjectRef objRef)
protected OAuthScope(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
@Stability(value=Stable) @NotNull public static OAuthScope custom(@NotNull String name)
The format is 'resource-server-identifier/scope'.
name - This parameter is required.@Stability(value=Stable) @NotNull public static OAuthScope resourceServer(@NotNull IUserPoolResourceServer server, @NotNull ResourceServerScope scope)
server - This parameter is required.scope - This parameter is required.@Stability(value=Stable) @NotNull public String getScopeName()
Copyright © 2022. All rights reserved.