Class: AWSCDK::Cognito::CfnUserPoolIdentityProviderProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
cognito/cfn_user_pool_identity_provider_props.rb

Overview

Properties for defining a CfnUserPoolIdentityProvider.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(provider_details:, provider_name:, provider_type:, user_pool_id:, attribute_mapping: nil, idp_identifiers: nil) ⇒ CfnUserPoolIdentityProviderProps

Returns a new instance of CfnUserPoolIdentityProviderProps.

Parameters:

  • provider_details (Object)

    The scopes, URLs, and identifiers for your external identity provider.

  • provider_name (String)

    The name that you want to assign to the IdP.

  • provider_type (String)

    The type of IdP that you want to add.

  • user_pool_id (String)

    The Id of the user pool where you want to create an IdP.

  • attribute_mapping (Object, nil) (defaults to: nil)

    A mapping of IdP attributes to standard and custom user pool attributes.

  • idp_identifiers (Array<String>, nil) (defaults to: nil)

    An array of IdP identifiers, for example "IdPIdentifiers": [ "MyIdP", "MyIdP2" ] .



15
16
17
18
19
20
21
22
23
24
25
26
27
28
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 15

def initialize(provider_details:, provider_name:, provider_type:, user_pool_id:, attribute_mapping: nil, idp_identifiers: nil)
  @provider_details = provider_details
  Jsii::Type.check_type(@provider_details, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "providerDetails")
  @provider_name = provider_name
  Jsii::Type.check_type(@provider_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "providerName")
  @provider_type = provider_type
  Jsii::Type.check_type(@provider_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "providerType")
  @user_pool_id = user_pool_id
  Jsii::Type.check_type(@user_pool_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolId")
  @attribute_mapping = attribute_mapping
  Jsii::Type.check_type(@attribute_mapping, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "attributeMapping") unless @attribute_mapping.nil?
  @idp_identifiers = idp_identifiers
  Jsii::Type.check_type(@idp_identifiers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "idpIdentifiers") unless @idp_identifiers.nil?
end

Instance Attribute Details

#attribute_mappingObject? (readonly)

A mapping of IdP attributes to standard and custom user pool attributes.

Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.



95
96
97
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 95

def attribute_mapping
  @attribute_mapping
end

#idp_identifiersArray<String>? (readonly)

An array of IdP identifiers, for example "IdPIdentifiers": [ "MyIdP", "MyIdP2" ] .

Identifiers are friendly names that you can pass in the idp_identifier query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers .



102
103
104
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 102

def idp_identifiers
  @idp_identifiers
end

#provider_detailsObject (readonly)

The scopes, URLs, and identifiers for your external identity provider.

The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP authorize_scopes values must match the values listed here.

  • OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

Create or update request: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

Describe response: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

  • SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

Create or update request with Metadata file: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

Describe response: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }

  • LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Describe response: "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }

  • Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

Describe response: "ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }

  • SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Describe response: "ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }

  • Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Describe response: "ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }



69
70
71
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 69

def provider_details
  @provider_details
end

#provider_nameString (readonly)

The name that you want to assign to the IdP.

You can pass the identity provider name in the identity_provider query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.



76
77
78
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 76

def provider_name
  @provider_name
end

#provider_typeString (readonly)

The type of IdP that you want to add.

Amazon Cognito supports OIDC, SAML 2.0, Login With Amazon, Sign In With Apple, Google, and Facebook IdPs.



83
84
85
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 83

def provider_type
  @provider_type
end

#user_pool_idString (readonly)

The Id of the user pool where you want to create an IdP.



88
89
90
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 88

def user_pool_id
  @user_pool_id
end

Class Method Details

.jsii_propertiesObject



104
105
106
107
108
109
110
111
112
113
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 104

def self.jsii_properties
  {
    :provider_details => "providerDetails",
    :provider_name => "providerName",
    :provider_type => "providerType",
    :user_pool_id => "userPoolId",
    :attribute_mapping => "attributeMapping",
    :idp_identifiers => "idpIdentifiers",
  }
end

Instance Method Details

#to_jsiiObject



115
116
117
118
119
120
121
122
123
124
125
126
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 115

def to_jsii
  result = {}
  result.merge!({
    "providerDetails" => @provider_details,
    "providerName" => @provider_name,
    "providerType" => @provider_type,
    "userPoolId" => @user_pool_id,
    "attributeMapping" => @attribute_mapping,
    "idpIdentifiers" => @idp_identifiers,
  })
  result.compact
end