software.amazon.awssdk.services.cognitoidentityprovider.model

Class UserPoolClientType

java.lang.Object

software.amazon.awssdk.services.cognitoidentityprovider.model.UserPoolClientType

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

@Generated(value="software.amazon.awssdk:codegen")
public final class UserPoolClientType
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

Contains information about a user pool client.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	UserPoolClientType.Builder

Method Summary

Modifier and Type	Method and Description
Integer	accessTokenValidity() The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and cannot be used.
List<OAuthFlowType>	allowedOAuthFlows() The allowed OAuth flows.
List<String>	allowedOAuthFlowsAsStrings() The allowed OAuth flows.
Boolean	allowedOAuthFlowsUserPoolClient() Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.
List<String>	allowedOAuthScopes() The allowed OAuth scopes.
AnalyticsConfigurationType	analyticsConfiguration() The Amazon Pinpoint analytics configuration for the user pool client.
static UserPoolClientType.Builder	builder()
List<String>	callbackURLs() A list of allowed redirect (callback) URLs for the identity providers.
String	clientId() The ID of the client associated with the user pool.
String	clientName() The client name from the user pool request of the client type.
String	clientSecret() The client secret from the user pool request of the client type.
Instant	creationDate() The date the user pool client was created.
String	defaultRedirectURI() The default redirect URI.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
List<ExplicitAuthFlowsType>	explicitAuthFlows() The authentication flows that are supported by the user pool clients.
List<String>	explicitAuthFlowsAsStrings() The authentication flows that are supported by the user pool clients.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasAllowedOAuthFlows() Returns true if the AllowedOAuthFlows property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasAllowedOAuthScopes() Returns true if the AllowedOAuthScopes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasCallbackURLs() Returns true if the CallbackURLs property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasExplicitAuthFlows() Returns true if the ExplicitAuthFlows property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
int	hashCode()
boolean	hasLogoutURLs() Returns true if the LogoutURLs property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasReadAttributes() Returns true if the ReadAttributes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasSupportedIdentityProviders() Returns true if the SupportedIdentityProviders property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
boolean	hasWriteAttributes() Returns true if the WriteAttributes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty).
Integer	idTokenValidity() The time limit, specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and cannot be used.
Instant	lastModifiedDate() The date the user pool client was last modified.
List<String>	logoutURLs() A list of allowed logout URLs for the identity providers.
PreventUserExistenceErrorTypes	preventUserExistenceErrors() Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.
String	preventUserExistenceErrorsAsString() Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool.
List<String>	readAttributes() The Read-only attributes.
Integer	refreshTokenValidity() The time limit, in days, after which the refresh token is no longer valid and cannot be used.
List<SdkField<?>>	sdkFields()
static Class<? extends UserPoolClientType.Builder>	serializableBuilderClass()
List<String>	supportedIdentityProviders() A list of provider names for the identity providers that are supported on this client.
UserPoolClientType.Builder	toBuilder()
TokenValidityUnitsType	tokenValidityUnits() The time units used to specify the token validity times of their respective token.
String	toString() Returns a string representation of this object.
String	userPoolId() The user pool ID for the user pool client.
List<String>	writeAttributes() The writeable attributes.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

userPoolId

public String userPoolId()

The user pool ID for the user pool client.

Returns:

The user pool ID for the user pool client.

clientName

public String clientName()

The client name from the user pool request of the client type.

Returns:

The client name from the user pool request of the client type.

clientId

public String clientId()

The ID of the client associated with the user pool.

Returns:

The ID of the client associated with the user pool.

clientSecret

public String clientSecret()

The client secret from the user pool request of the client type.

Returns:

The client secret from the user pool request of the client type.

lastModifiedDate

public Instant lastModifiedDate()

The date the user pool client was last modified.

Returns:

The date the user pool client was last modified.

creationDate

public Instant creationDate()

The date the user pool client was created.

Returns:

The date the user pool client was created.

refreshTokenValidity

public Integer refreshTokenValidity()

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

Returns:

The time limit, in days, after which the refresh token is no longer valid and cannot be used.

accessTokenValidity

public Integer accessTokenValidity()

The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and cannot be used.

Returns:

The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and cannot be used.

idTokenValidity

public Integer idTokenValidity()

The time limit, specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and cannot be used.

Returns:

The time limit, specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and cannot be used.

tokenValidityUnits

public TokenValidityUnitsType tokenValidityUnits()

The time units used to specify the token validity times of their respective token.

Returns:

The time units used to specify the token validity times of their respective token.

hasReadAttributes

public boolean hasReadAttributes()

Returns true if the ReadAttributes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

readAttributes

public List<String> readAttributes()

The Read-only attributes.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasReadAttributes() to see if a value was sent in this field.

Returns:

The Read-only attributes.

hasWriteAttributes

public boolean hasWriteAttributes()

Returns true if the WriteAttributes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

writeAttributes

public List<String> writeAttributes()

The writeable attributes.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasWriteAttributes() to see if a value was sent in this field.

Returns:

The writeable attributes.

explicitAuthFlows

public List<ExplicitAuthFlowsType> explicitAuthFlows()

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are deprecated in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix cannot be used along with values without ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasExplicitAuthFlows() to see if a value was sent in this field.

Returns:

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are deprecated in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix cannot be used along with values without ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

hasExplicitAuthFlows

public boolean hasExplicitAuthFlows()

Returns true if the ExplicitAuthFlows property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

explicitAuthFlowsAsStrings

public List<String> explicitAuthFlowsAsStrings()

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are deprecated in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix cannot be used along with values without ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasExplicitAuthFlows() to see if a value was sent in this field.

Returns:

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are deprecated in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix cannot be used along with values without ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

hasSupportedIdentityProviders

public boolean hasSupportedIdentityProviders()

Returns true if the SupportedIdentityProviders property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

supportedIdentityProviders

public List<String> supportedIdentityProviders()

A list of provider names for the identity providers that are supported on this client.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasSupportedIdentityProviders() to see if a value was sent in this field.

Returns:

A list of provider names for the identity providers that are supported on this client.

hasCallbackURLs

public boolean hasCallbackURLs()

Returns true if the CallbackURLs property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

callbackURLs

public List<String> callbackURLs()

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasCallbackURLs() to see if a value was sent in this field.

Returns:

A list of allowed redirect (callback) URLs for the identity providers.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

hasLogoutURLs

public boolean hasLogoutURLs()

Returns true if the LogoutURLs property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

logoutURLs

public List<String> logoutURLs()

A list of allowed logout URLs for the identity providers.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasLogoutURLs() to see if a value was sent in this field.

Returns:

A list of allowed logout URLs for the identity providers.

defaultRedirectURI

public String defaultRedirectURI()

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Returns:

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

allowedOAuthFlows

public List<OAuthFlowType> allowedOAuthFlows()

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasAllowedOAuthFlows() to see if a value was sent in this field.

Returns:

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

hasAllowedOAuthFlows

public boolean hasAllowedOAuthFlows()

Returns true if the AllowedOAuthFlows property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

allowedOAuthFlowsAsStrings

public List<String> allowedOAuthFlowsAsStrings()

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasAllowedOAuthFlows() to see if a value was sent in this field.

Returns:

The allowed OAuth flows.

Set to code to initiate a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the token endpoint.

Set to implicit to specify that the client should get the access token (and, optionally, ID token, based on scopes) directly.

Set to client_credentials to specify that the client should get the access token (and, optionally, ID token, based on scopes) from the token endpoint using a combination of client and client_secret.

hasAllowedOAuthScopes

public boolean hasAllowedOAuthScopes()

Returns true if the AllowedOAuthScopes property was specified by the sender (it may be empty), or false if the sender did not specify the value (it will be empty). For responses returned by the SDK, the sender is the AWS service.

allowedOAuthScopes

public List<String> allowedOAuthScopes()

The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, openid, and profile. Possible values provided by AWS are: aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

You can use hasAllowedOAuthScopes() to see if a value was sent in this field.

Returns:

The allowed OAuth scopes. Possible values provided by OAuth are: phone, email, openid, and profile. Possible values provided by AWS are: aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.

allowedOAuthFlowsUserPoolClient

public Boolean allowedOAuthFlowsUserPoolClient()

Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

Returns:

Set to true if the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

analyticsConfiguration

public AnalyticsConfigurationType analyticsConfiguration()

The Amazon Pinpoint analytics configuration for the user pool client.

Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.

Returns:

The Amazon Pinpoint analytics configuration for the user pool client.

Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.

preventUserExistenceErrors

public PreventUserExistenceErrorTypes preventUserExistenceErrors()

Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Cognito where user existence related errors are not prevented.

After February 15th 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created user pool clients if no value is provided.

If the service returns an enum value that is not available in the current SDK version, preventUserExistenceErrors will return PreventUserExistenceErrorTypes.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from preventUserExistenceErrorsAsString().

Returns:

Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Cognito where user existence related errors are not prevented.

After February 15th 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created user pool clients if no value is provided.

See Also:

PreventUserExistenceErrorTypes

preventUserExistenceErrorsAsString

public String preventUserExistenceErrorsAsString()

Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Cognito where user existence related errors are not prevented.

After February 15th 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created user pool clients if no value is provided.

If the service returns an enum value that is not available in the current SDK version, preventUserExistenceErrors will return PreventUserExistenceErrorTypes.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from preventUserExistenceErrorsAsString().

Returns:

Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Cognito where user existence related errors are not prevented.

After February 15th 2020, the value of PreventUserExistenceErrors will default to ENABLED for newly created user pool clients if no value is provided.

See Also:

PreventUserExistenceErrorTypes

toBuilder

public UserPoolClientType.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

builder

public static UserPoolClientType.Builder builder()

serializableBuilderClass

public static Class<? extends UserPoolClientType.Builder> serializableBuilderClass()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public <T> Optional<T> getValueForField(String fieldName,
                                        Class<T> clazz)

sdkFields

public List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo