aws-cdk-lib.aws_cognito.UserPoolClientProps

interface UserPoolClientProps

LanguageType name
.NETAmazon.CDK.AWS.Cognito.UserPoolClientProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awscognito#UserPoolClientProps
Javasoftware.amazon.awscdk.services.cognito.UserPoolClientProps
Pythonaws_cdk.aws_cognito.UserPoolClientProps
TypeScript (source)aws-cdk-lib » aws_cognito » UserPoolClientProps

Properties for the UserPoolClient construct.

Example

declare const importedPool: cognito.UserPool;

const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', {
  userPool: importedPool,
  generateSecret: true,
});

// Allows you to pass the generated secret to other pieces of infrastructure
const secret = userPoolClient.userPoolClientSecret;

Properties

NameTypeDescription
userPoolIUserPoolThe UserPool resource this client will have access to.
accessTokenValidity?DurationValidity of the access token.
authFlows?AuthFlowThe set of OAuth authentication flows to enable on the client.
authSessionValidity?DurationCognito creates a session token for each API request in an authentication flow.
disableOAuth?booleanTurns off all OAuth interactions for this client.
enableTokenRevocation?booleanEnable token revocation for this client.
generateSecret?booleanWhether to generate a client secret.
idTokenValidity?DurationValidity of the ID token.
oAuth?OAuthSettingsOAuth settings for this client to interact with the app.
preventUserExistenceErrors?booleanWhether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
readAttributes?ClientAttributesThe set of attributes this client will be able to read.
refreshTokenValidity?DurationValidity of the refresh token.
supportedIdentityProviders?UserPoolClientIdentityProvider[]The list of identity providers that users should be able to use to sign in using this client.
userPoolClientName?stringName of the application client.
writeAttributes?ClientAttributesThe set of attributes this client will be able to write.

userPool

Type: IUserPool

The UserPool resource this client will have access to.


accessTokenValidity?

Type: Duration (optional, default: Duration.minutes(60))

Validity of the access token.

Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

See also: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token


authFlows?

Type: AuthFlow (optional, default: all auth flows disabled)

The set of OAuth authentication flows to enable on the client.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html


authSessionValidity?

Type: Duration (optional, default: Duration.minutes(3))

Cognito creates a session token for each API request in an authentication flow.

AuthSessionValidity is the duration, in minutes, of that session token. see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes.

See also: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity


disableOAuth?

Type: boolean (optional, default: false)

Turns off all OAuth interactions for this client.


enableTokenRevocation?

Type: boolean (optional, default: true for new user pool clients)

Enable token revocation for this client.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation


generateSecret?

Type: boolean (optional, default: false)

Whether to generate a client secret.


idTokenValidity?

Type: Duration (optional, default: Duration.minutes(60))

Validity of the ID token.

Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

See also: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token


oAuth?

Type: OAuthSettings (optional, default: see defaults in OAuthSettings. meaningless if disableOAuth is set.)

OAuth settings for this client to interact with the app.

An error is thrown when this is specified and disableOAuth is set.


preventUserExistenceErrors?

Type: boolean (optional, default: false)

Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html


readAttributes?

Type: ClientAttributes (optional, default: all standard and custom attributes)

The set of attributes this client will be able to read.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes


refreshTokenValidity?

Type: Duration (optional, default: Duration.days(30))

Validity of the refresh token.

Values between 60 minutes and 10 years are valid.

See also: https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token


supportedIdentityProviders?

Type: UserPoolClientIdentityProvider[] (optional, default: supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.)

The list of identity providers that users should be able to use to sign in using this client.


userPoolClientName?

Type: string (optional, default: cloudformation generated name)

Name of the application client.


writeAttributes?

Type: ClientAttributes (optional, default: all standard and custom attributes)

The set of attributes this client will be able to write.

See also: https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes