software.amazon.awssdk.services.cognitoidentityprovider.model

Class UserPoolClientType

java.lang.Object

software.amazon.awssdk.services.cognitoidentityprovider.model.UserPoolClientType

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

@Generated(value="software.amazon.awssdk:codegen")
public final class UserPoolClientType
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

Contains information about a user pool client.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	UserPoolClientType.Builder

Method Summary

Modifier and Type	Method and Description
Integer	accessTokenValidity() The access token time limit.
List<OAuthFlowType>	allowedOAuthFlows() The allowed OAuth flows.
List<String>	allowedOAuthFlowsAsStrings() The allowed OAuth flows.
Boolean	allowedOAuthFlowsUserPoolClient() Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.
List<String>	allowedOAuthScopes() The OAuth scopes that your app client supports.
AnalyticsConfigurationType	analyticsConfiguration() The Amazon Pinpoint analytics configuration for the user pool client.
static UserPoolClientType.Builder	builder()
List<String>	callbackURLs() A list of allowed redirect (callback) URLs for the IdPs.
String	clientId() The ID of the client associated with the user pool.
String	clientName() The client name from the user pool request of the client type.
String	clientSecret() The client secret from the user pool request of the client type.
Instant	creationDate() The date the user pool client was created.
String	defaultRedirectURI() The default redirect URI.
Boolean	enablePropagateAdditionalUserContextData() When EnablePropagateAdditionalUserContextData is true, Amazon Cognito accepts an IpAddress value that you send in the UserContextData parameter.
Boolean	enableTokenRevocation() Indicates whether token revocation is activated for the user pool client.
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
List<ExplicitAuthFlowsType>	explicitAuthFlows() The authentication flows that are supported by the user pool clients.
List<String>	explicitAuthFlowsAsStrings() The authentication flows that are supported by the user pool clients.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasAllowedOAuthFlows() For responses, this returns true if the service returned a value for the AllowedOAuthFlows property.
boolean	hasAllowedOAuthScopes() For responses, this returns true if the service returned a value for the AllowedOAuthScopes property.
boolean	hasCallbackURLs() For responses, this returns true if the service returned a value for the CallbackURLs property.
boolean	hasExplicitAuthFlows() For responses, this returns true if the service returned a value for the ExplicitAuthFlows property.
int	hashCode()
boolean	hasLogoutURLs() For responses, this returns true if the service returned a value for the LogoutURLs property.
boolean	hasReadAttributes() For responses, this returns true if the service returned a value for the ReadAttributes property.
boolean	hasSupportedIdentityProviders() For responses, this returns true if the service returned a value for the SupportedIdentityProviders property.
boolean	hasWriteAttributes() For responses, this returns true if the service returned a value for the WriteAttributes property.
Integer	idTokenValidity() The ID token time limit.
Instant	lastModifiedDate() The date the user pool client was last modified.
List<String>	logoutURLs() A list of allowed logout URLs for the IdPs.
PreventUserExistenceErrorTypes	preventUserExistenceErrors() Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.
String	preventUserExistenceErrorsAsString() Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.
List<String>	readAttributes() The Read-only attributes.
Integer	refreshTokenValidity() The refresh token time limit.
List<SdkField<?>>	sdkFields()
static Class<? extends UserPoolClientType.Builder>	serializableBuilderClass()
List<String>	supportedIdentityProviders() A list of provider names for the IdPs that this client supports.
UserPoolClientType.Builder	toBuilder()
TokenValidityUnitsType	tokenValidityUnits() The time units used to specify the token validity times of each token type: ID, access, and refresh.
String	toString() Returns a string representation of this object.
String	userPoolId() The user pool ID for the user pool client.
List<String>	writeAttributes() The writeable attributes.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

userPoolId

public final String userPoolId()

The user pool ID for the user pool client.

Returns:

The user pool ID for the user pool client.

clientName

public final String clientName()

The client name from the user pool request of the client type.

Returns:

The client name from the user pool request of the client type.

clientId

public final String clientId()

The ID of the client associated with the user pool.

Returns:

The ID of the client associated with the user pool.

clientSecret

public final String clientSecret()

The client secret from the user pool request of the client type.

Returns:

The client secret from the user pool request of the client type.

lastModifiedDate

public final Instant lastModifiedDate()

The date the user pool client was last modified.

Returns:

The date the user pool client was last modified.

creationDate

public final Instant creationDate()

The date the user pool client was created.

Returns:

The date the user pool client was created.

refreshTokenValidity

public final Integer refreshTokenValidity()

The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for RefreshTokenValidity as seconds, minutes, hours , or days, set a TokenValidityUnits value in your API request.

For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits as days, your user can refresh their session and retrieve new access and ID tokens for 10 days.

The default time unit for RefreshTokenValidity in an API request is days. You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.

Returns:

The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for RefreshTokenValidity as seconds, minutes , hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set RefreshTokenValidity as 10 and TokenValidityUnits as days, your user can refresh their session and retrieve new access and ID tokens for 10 days.

The default time unit for RefreshTokenValidity in an API request is days. You can't set RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. Valid range is displayed below in seconds.

accessTokenValidity

public final Integer accessTokenValidity()

The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for AccessTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set AccessTokenValidity to 10 and TokenValidityUnits to hours, your user can authorize access with their access token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

Returns:

The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for AccessTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set AccessTokenValidity to 10 and TokenValidityUnits to hours, your user can authorize access with their access token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

idTokenValidity

public final Integer idTokenValidity()

The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for IdTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set IdTokenValidity as 10 and TokenValidityUnits as hours, your user can authenticate their session with their ID token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

Returns:

The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for IdTokenValidity as seconds, minutes, hours, or days, set a TokenValidityUnits value in your API request.

For example, when you set IdTokenValidity as 10 and TokenValidityUnits as hours, your user can authenticate their session with their ID token for 10 hours.

The default time unit for AccessTokenValidity in an API request is hours. Valid range is displayed below in seconds.

tokenValidityUnits

public final TokenValidityUnitsType tokenValidityUnits()

The time units used to specify the token validity times of each token type: ID, access, and refresh.

Returns:

The time units used to specify the token validity times of each token type: ID, access, and refresh.

hasReadAttributes

public final boolean hasReadAttributes()

For responses, this returns true if the service returned a value for the ReadAttributes property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

readAttributes

public final List<String> readAttributes()

The Read-only attributes.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasReadAttributes() method.

Returns:

The Read-only attributes.

hasWriteAttributes

public final boolean hasWriteAttributes()

For responses, this returns true if the service returned a value for the WriteAttributes property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

writeAttributes

public final List<String> writeAttributes()

The writeable attributes.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasWriteAttributes() method.

Returns:

The writeable attributes.

explicitAuthFlows

public final List<ExplicitAuthFlowsType> explicitAuthFlows()

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values including the ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasExplicitAuthFlows() method.

Returns:

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values including the ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

hasExplicitAuthFlows

public final boolean hasExplicitAuthFlows()

For responses, this returns true if the service returned a value for the ExplicitAuthFlows property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

explicitAuthFlowsAsStrings

public final List<String> explicitAuthFlowsAsStrings()

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values including the ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasExplicitAuthFlows() method.

Returns:

The authentication flows that are supported by the user pool clients. Flow names without the ALLOW_ prefix are no longer supported in favor of new names with the ALLOW_ prefix. Note that values with ALLOW_ prefix must be used only along with values including the ALLOW_ prefix.

Valid values include:

• ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Amazon Cognito receives the password in the request instead of using the Secure Remote Password (SRP) protocol to verify passwords.

• ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.

• ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito receives the password in the request instead of using the SRP protocol to verify passwords.

• ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

• ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.

hasSupportedIdentityProviders

public final boolean hasSupportedIdentityProviders()

For responses, this returns true if the service returned a value for the SupportedIdentityProviders property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

supportedIdentityProviders

public final List<String> supportedIdentityProviders()

A list of provider names for the IdPs that this client supports. The following are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of your own SAML and OIDC providers.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasSupportedIdentityProviders() method.

Returns:

A list of provider names for the IdPs that this client supports. The following are supported: COGNITO, Facebook, Google LoginWithAmazon, and the names of your own SAML and OIDC providers.

hasCallbackURLs

public final boolean hasCallbackURLs()

For responses, this returns true if the service returned a value for the CallbackURLs property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

callbackURLs

public final List<String> callbackURLs()

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasCallbackURLs() method.

Returns:

A list of allowed redirect (callback) URLs for the IdPs.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

hasLogoutURLs

public final boolean hasLogoutURLs()

For responses, this returns true if the service returned a value for the LogoutURLs property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

logoutURLs

public final List<String> logoutURLs()

A list of allowed logout URLs for the IdPs.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasLogoutURLs() method.

Returns:

A list of allowed logout URLs for the IdPs.

defaultRedirectURI

public final String defaultRedirectURI()

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

Returns:

The default redirect URI. Must be in the CallbackURLs list.

A redirect URI must:

• Be an absolute URI.

• Be registered with the authorization server.

• Not include a fragment component.

See OAuth 2.0 - Redirection Endpoint.

Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.

App callback URLs such as myapp://example are also supported.

allowedOAuthFlows

public final List<OAuthFlowType> allowedOAuthFlows()

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAllowedOAuthFlows() method.

Returns:

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

hasAllowedOAuthFlows

public final boolean hasAllowedOAuthFlows()

For responses, this returns true if the service returned a value for the AllowedOAuthFlows property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

allowedOAuthFlowsAsStrings

public final List<String> allowedOAuthFlowsAsStrings()

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAllowedOAuthFlows() method.

Returns:

The allowed OAuth flows.

code

Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the /oauth2/token endpoint.

implicit

Issue the access token (and, optionally, ID token, based on scopes) directly to your user.

client_credentials

Issue the access token from the /oauth2/token endpoint directly to a non-person user using a combination of the client ID and client secret.

hasAllowedOAuthScopes

public final boolean hasAllowedOAuthScopes()

For responses, this returns true if the service returned a value for the AllowedOAuthScopes property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

allowedOAuthScopes

public final List<String> allowedOAuthScopes()

The OAuth scopes that your app client supports. Possible values that OAuth provides are phone, email, openid, and profile. Possible values that Amazon Web Services provides are aws.cognito.signin.user.admin. Amazon Cognito also supports custom scopes that you create in Resource Servers.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasAllowedOAuthScopes() method.

Returns:

The OAuth scopes that your app client supports. Possible values that OAuth provides are phone, email, openid, and profile. Possible values that Amazon Web Services provides are aws.cognito.signin.user.admin. Amazon Cognito also supports custom scopes that you create in Resource Servers.

allowedOAuthFlowsUserPoolClient

public final Boolean allowedOAuthFlowsUserPoolClient()

Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.

Returns:

Set to true if the client is allowed to follow the OAuth protocol when interacting with Amazon Cognito user pools.

analyticsConfiguration

public final AnalyticsConfigurationType analyticsConfiguration()

The Amazon Pinpoint analytics configuration for the user pool client.

Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.

Returns:

The Amazon Pinpoint analytics configuration for the user pool client.

Amazon Cognito user pools only support sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the Region where the user pool resides.

preventUserExistenceErrors

public final PreventUserExistenceErrorTypes preventUserExistenceErrors()

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.

If the service returns an enum value that is not available in the current SDK version, preventUserExistenceErrors will return PreventUserExistenceErrorTypes.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from preventUserExistenceErrorsAsString().

Returns:

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.

See Also:

PreventUserExistenceErrorTypes

preventUserExistenceErrorsAsString

public final String preventUserExistenceErrorsAsString()

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.

If the service returns an enum value that is not available in the current SDK version, preventUserExistenceErrors will return PreventUserExistenceErrorTypes.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from preventUserExistenceErrorsAsString().

Returns:

Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't exist in the user pool.

Valid values include:

• ENABLED - This prevents user existence-related errors.

• LEGACY - This represents the old behavior of Amazon Cognito where user existence related errors aren't prevented.

See Also:

PreventUserExistenceErrorTypes

enableTokenRevocation

public final Boolean enableTokenRevocation()

Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.

Returns:

Indicates whether token revocation is activated for the user pool client. When you create a new user pool client, token revocation is activated by default. For more information about revoking tokens, see RevokeToken.

enablePropagateAdditionalUserContextData

public final Boolean enablePropagateAdditionalUserContextData()

When EnablePropagateAdditionalUserContextData is true, Amazon Cognito accepts an IpAddress value that you send in the UserContextData parameter. The UserContextData parameter sends information to Amazon Cognito advanced security for risk analysis. You can send UserContextData when you sign in Amazon Cognito native users with the InitiateAuth and RespondToAuthChallenge API operations.

When EnablePropagateAdditionalUserContextData is false, you can't send your user's source IP address to Amazon Cognito advanced security with unauthenticated API operations. EnablePropagateAdditionalUserContextData doesn't affect whether you can send a source IP address in a ContextData parameter with the authenticated API operations AdminInitiateAuth and AdminRespondToAuthChallenge.

You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret. For more information about propagation of user context data, see Adding user device and session data to API requests.

Returns:

When EnablePropagateAdditionalUserContextData is true, Amazon Cognito accepts an IpAddress value that you send in the UserContextData parameter. The UserContextData parameter sends information to Amazon Cognito advanced security for risk analysis. You can send UserContextData when you sign in Amazon Cognito native users with the InitiateAuth and RespondToAuthChallenge API operations.

When EnablePropagateAdditionalUserContextData is false, you can't send your user's source IP address to Amazon Cognito advanced security with unauthenticated API operations. EnablePropagateAdditionalUserContextData doesn't affect whether you can send a source IP address in a ContextData parameter with the authenticated API operations AdminInitiateAuth and AdminRespondToAuthChallenge.

You can only activate EnablePropagateAdditionalUserContextData in an app client that has a client secret. For more information about propagation of user context data, see Adding user device and session data to API requests.

toBuilder

public UserPoolClientType.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<UserPoolClientType.Builder,UserPoolClientType>

builder

public static UserPoolClientType.Builder builder()

serializableBuilderClass

public static Class<? extends UserPoolClientType.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo