Class: AWSCDK::Cognito::CfnUserPoolIdentityProviderProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Cognito::CfnUserPoolIdentityProviderProps
- Defined in:
- cognito/cfn_user_pool_identity_provider_props.rb
Overview
Properties for defining a CfnUserPoolIdentityProvider.
Instance Attribute Summary collapse
-
#attribute_mapping ⇒ Object?
readonly
A mapping of IdP attributes to standard and custom user pool attributes.
-
#idp_identifiers ⇒ Array<String>?
readonly
An array of IdP identifiers, for example
"IdPIdentifiers": [ "MyIdP", "MyIdP2" ]. -
#provider_details ⇒ Object
readonly
The scopes, URLs, and identifiers for your external identity provider.
-
#provider_name ⇒ String
readonly
The name that you want to assign to the IdP.
-
#provider_type ⇒ String
readonly
The type of IdP that you want to add.
-
#user_pool_id ⇒ String
readonly
The Id of the user pool where you want to create an IdP.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(provider_details:, provider_name:, provider_type:, user_pool_id:, attribute_mapping: nil, idp_identifiers: nil) ⇒ CfnUserPoolIdentityProviderProps
constructor
A new instance of CfnUserPoolIdentityProviderProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(provider_details:, provider_name:, provider_type:, user_pool_id:, attribute_mapping: nil, idp_identifiers: nil) ⇒ CfnUserPoolIdentityProviderProps
Returns a new instance of CfnUserPoolIdentityProviderProps.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 15 def initialize(provider_details:, provider_name:, provider_type:, user_pool_id:, attribute_mapping: nil, idp_identifiers: nil) @provider_details = provider_details Jsii::Type.check_type(@provider_details, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "providerDetails") @provider_name = provider_name Jsii::Type.check_type(@provider_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "providerName") @provider_type = provider_type Jsii::Type.check_type(@provider_type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "providerType") @user_pool_id = user_pool_id Jsii::Type.check_type(@user_pool_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolId") @attribute_mapping = attribute_mapping Jsii::Type.check_type(@attribute_mapping, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "attributeMapping") unless @attribute_mapping.nil? @idp_identifiers = idp_identifiers Jsii::Type.check_type(@idp_identifiers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "idpIdentifiers") unless @idp_identifiers.nil? end |
Instance Attribute Details
#attribute_mapping ⇒ Object? (readonly)
A mapping of IdP attributes to standard and custom user pool attributes.
Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.
95 96 97 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 95 def attribute_mapping @attribute_mapping end |
#idp_identifiers ⇒ Array<String>? (readonly)
An array of IdP identifiers, for example "IdPIdentifiers": [ "MyIdP", "MyIdP2" ] .
Identifiers are friendly names that you can pass in the idp_identifier query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers .
102 103 104 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 102 def idp_identifiers @idp_identifiers end |
#provider_details ⇒ Object (readonly)
The scopes, URLs, and identifiers for your external identity provider.
The following
examples describe the provider detail keys for each IdP type. These values and their
schema are subject to change. Social IdP authorize_scopes values must match
the values listed here.
- OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.
Create or update request: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }
Describe response: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }
- SAML - Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }
Create or update request with Metadata file: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }
The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.
Describe response: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }
- LoginWithAmazon - Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"
Describe response: "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }
- Google - Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }
Describe response: "ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }
- SignInWithApple - Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }
Describe response: "ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }
- Facebook - Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }
Describe response: "ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }
69 70 71 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 69 def provider_details @provider_details end |
#provider_name ⇒ String (readonly)
The name that you want to assign to the IdP.
You can pass the identity provider name in the identity_provider query parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.
76 77 78 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 76 def provider_name @provider_name end |
#provider_type ⇒ String (readonly)
The type of IdP that you want to add.
Amazon Cognito supports OIDC, SAML 2.0, Login With Amazon, Sign In With Apple, Google, and Facebook IdPs.
83 84 85 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 83 def provider_type @provider_type end |
#user_pool_id ⇒ String (readonly)
The Id of the user pool where you want to create an IdP.
88 89 90 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 88 def user_pool_id @user_pool_id end |
Class Method Details
.jsii_properties ⇒ Object
104 105 106 107 108 109 110 111 112 113 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 104 def self.jsii_properties { :provider_details => "providerDetails", :provider_name => "providerName", :provider_type => "providerType", :user_pool_id => "userPoolId", :attribute_mapping => "attributeMapping", :idp_identifiers => "idpIdentifiers", } end |
Instance Method Details
#to_jsii ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'cognito/cfn_user_pool_identity_provider_props.rb', line 115 def to_jsii result = {} result.merge!({ "providerDetails" => @provider_details, "providerName" => @provider_name, "providerType" => @provider_type, "userPoolId" => @user_pool_id, "attributeMapping" => @attribute_mapping, "idpIdentifiers" => @idp_identifiers, }) result.compact end |