Class: AWSCDK::Cognito::UserPoolClientOptions
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Cognito::UserPoolClientOptions
- Defined in:
- cognito/user_pool_client_options.rb
Overview
Options to create a UserPoolClient.
Direct Known Subclasses
Instance Attribute Summary collapse
-
#access_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the access token.
-
#analytics ⇒ AWSCDK::Cognito::AnalyticsConfiguration?
readonly
The analytics configuration for this client.
-
#auth_flows ⇒ AWSCDK::Cognito::AuthFlow?
readonly
The set of OAuth authentication flows to enable on the client.
-
#auth_session_validity ⇒ AWSCDK::Duration?
readonly
Cognito creates a session token for each API request in an authentication flow.
-
#disable_o_auth ⇒ Boolean?
readonly
Turns off all OAuth interactions for this client.
-
#enable_propagate_additional_user_context_data ⇒ Boolean?
readonly
Enable the propagation of additional user context data.
-
#enable_token_revocation ⇒ Boolean?
readonly
Enable token revocation for this client.
-
#generate_secret ⇒ Boolean?
readonly
Whether to generate a client secret.
-
#id_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the ID token.
-
#o_auth ⇒ AWSCDK::Cognito::OAuthSettings?
readonly
OAuth settings for this client to interact with the app.
-
#prevent_user_existence_errors ⇒ Boolean?
readonly
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
-
#read_attributes ⇒ AWSCDK::Cognito::ClientAttributes?
readonly
The set of attributes this client will be able to read.
-
#refresh_token_rotation_grace_period ⇒ AWSCDK::Duration?
readonly
Enables refresh token rotation when set.
-
#refresh_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the refresh token.
-
#supported_identity_providers ⇒ Array<AWSCDK::Cognito::UserPoolClientIdentityProvider>?
readonly
The list of identity providers that users should be able to use to sign in using this client.
-
#user_pool_client_name ⇒ String?
readonly
Name of the application client.
-
#write_attributes ⇒ AWSCDK::Cognito::ClientAttributes?
readonly
The set of attributes this client will be able to write.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil) ⇒ UserPoolClientOptions
constructor
A new instance of UserPoolClientOptions.
- #to_jsii ⇒ Object
Constructor Details
#initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil) ⇒ UserPoolClientOptions
Returns a new instance of UserPoolClientOptions.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'cognito/user_pool_client_options.rb', line 24 def initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil) @access_token_validity = access_token_validity Jsii::Type.check_type(@access_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "accessTokenValidity") unless @access_token_validity.nil? @analytics = analytics.is_a?(Hash) ? ::AWSCDK::Cognito::AnalyticsConfiguration.new(**analytics.transform_keys(&:to_sym)) : analytics Jsii::Type.check_type(@analytics, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BbmFseXRpY3NDb25maWd1cmF0aW9uIn0=")), "analytics") unless @analytics.nil? @auth_flows = auth_flows.is_a?(Hash) ? ::AWSCDK::Cognito::AuthFlow.new(**auth_flows.transform_keys(&:to_sym)) : auth_flows Jsii::Type.check_type(@auth_flows, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BdXRoRmxvdyJ9")), "authFlows") unless @auth_flows.nil? @auth_session_validity = auth_session_validity Jsii::Type.check_type(@auth_session_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "authSessionValidity") unless @auth_session_validity.nil? @disable_o_auth = disable_o_auth Jsii::Type.check_type(@disable_o_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disableOAuth") unless @disable_o_auth.nil? @enable_propagate_additional_user_context_data = enable_propagate_additional_user_context_data Jsii::Type.check_type(@enable_propagate_additional_user_context_data, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enablePropagateAdditionalUserContextData") unless @enable_propagate_additional_user_context_data.nil? @enable_token_revocation = enable_token_revocation Jsii::Type.check_type(@enable_token_revocation, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableTokenRevocation") unless @enable_token_revocation.nil? @generate_secret = generate_secret Jsii::Type.check_type(@generate_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "generateSecret") unless @generate_secret.nil? @id_token_validity = id_token_validity Jsii::Type.check_type(@id_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "idTokenValidity") unless @id_token_validity.nil? @o_auth = o_auth.is_a?(Hash) ? ::AWSCDK::Cognito::OAuthSettings.new(**o_auth.transform_keys(&:to_sym)) : o_auth Jsii::Type.check_type(@o_auth, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5PQXV0aFNldHRpbmdzIn0=")), "oAuth") unless @o_auth.nil? @prevent_user_existence_errors = prevent_user_existence_errors Jsii::Type.check_type(@prevent_user_existence_errors, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "preventUserExistenceErrors") unless @prevent_user_existence_errors.nil? @read_attributes = read_attributes Jsii::Type.check_type(@read_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "readAttributes") unless @read_attributes.nil? @refresh_token_rotation_grace_period = refresh_token_rotation_grace_period Jsii::Type.check_type(@refresh_token_rotation_grace_period, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenRotationGracePeriod") unless @refresh_token_rotation_grace_period.nil? @refresh_token_validity = refresh_token_validity Jsii::Type.check_type(@refresh_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenValidity") unless @refresh_token_validity.nil? @supported_identity_providers = supported_identity_providers Jsii::Type.check_type(@supported_identity_providers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLlVzZXJQb29sQ2xpZW50SWRlbnRpdHlQcm92aWRlciJ9LCJraW5kIjoiYXJyYXkifX0=")), "supportedIdentityProviders") unless @supported_identity_providers.nil? @user_pool_client_name = user_pool_client_name Jsii::Type.check_type(@user_pool_client_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolClientName") unless @user_pool_client_name.nil? @write_attributes = write_attributes Jsii::Type.check_type(@write_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "writeAttributes") unless @write_attributes.nil? end |
Instance Attribute Details
#access_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.minutes(60)
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.
68 69 70 |
# File 'cognito/user_pool_client_options.rb', line 68 def access_token_validity @access_token_validity end |
#analytics ⇒ AWSCDK::Cognito::AnalyticsConfiguration? (readonly)
Default: - no analytics configuration
The analytics configuration for this client.
73 74 75 |
# File 'cognito/user_pool_client_options.rb', line 73 def analytics @analytics end |
#auth_flows ⇒ AWSCDK::Cognito::AuthFlow? (readonly)
Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
The set of OAuth authentication flows to enable on the client.
79 80 81 |
# File 'cognito/user_pool_client_options.rb', line 79 def auth_flows @auth_flows end |
#auth_session_validity ⇒ AWSCDK::Duration? (readonly)
Default: - Duration.minutes(3)
Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity is the duration, in minutes, of that session token.
see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes.
88 89 90 |
# File 'cognito/user_pool_client_options.rb', line 88 def auth_session_validity @auth_session_validity end |
#disable_o_auth ⇒ Boolean? (readonly)
Default: false
Turns off all OAuth interactions for this client.
93 94 95 |
# File 'cognito/user_pool_client_options.rb', line 93 def disable_o_auth @disable_o_auth end |
#enable_propagate_additional_user_context_data ⇒ Boolean? (readonly)
Default: false for new user pool clients
Enable the propagation of additional user context data.
You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
101 102 103 |
# File 'cognito/user_pool_client_options.rb', line 101 def enable_propagate_additional_user_context_data @enable_propagate_additional_user_context_data end |
#enable_token_revocation ⇒ Boolean? (readonly)
Default: true for new user pool clients
Enable token revocation for this client.
107 108 109 |
# File 'cognito/user_pool_client_options.rb', line 107 def enable_token_revocation @enable_token_revocation end |
#generate_secret ⇒ Boolean? (readonly)
Default: false
Whether to generate a client secret.
112 113 114 |
# File 'cognito/user_pool_client_options.rb', line 112 def generate_secret @generate_secret end |
#id_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.minutes(60)
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.
120 121 122 |
# File 'cognito/user_pool_client_options.rb', line 120 def id_token_validity @id_token_validity end |
#o_auth ⇒ AWSCDK::Cognito::OAuthSettings? (readonly)
Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and disable_o_auth is set.
127 128 129 |
# File 'cognito/user_pool_client_options.rb', line 127 def o_auth @o_auth end |
#prevent_user_existence_errors ⇒ Boolean? (readonly)
Default: false
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
133 134 135 |
# File 'cognito/user_pool_client_options.rb', line 133 def prevent_user_existence_errors @prevent_user_existence_errors end |
#read_attributes ⇒ AWSCDK::Cognito::ClientAttributes? (readonly)
Default: - all standard and custom attributes
The set of attributes this client will be able to read.
139 140 141 |
# File 'cognito/user_pool_client_options.rb', line 139 def read_attributes @read_attributes end |
#refresh_token_rotation_grace_period ⇒ AWSCDK::Duration? (readonly)
Default: - undefined (refresh token rotation is disabled)
Enables refresh token rotation when set.
Defines the grace period for the original refresh token (0-60 seconds).
147 148 149 |
# File 'cognito/user_pool_client_options.rb', line 147 def refresh_token_rotation_grace_period @refresh_token_rotation_grace_period end |
#refresh_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.days(30)
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
155 156 157 |
# File 'cognito/user_pool_client_options.rb', line 155 def refresh_token_validity @refresh_token_validity end |
#supported_identity_providers ⇒ Array<AWSCDK::Cognito::UserPoolClientIdentityProvider>? (readonly)
Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.
The list of identity providers that users should be able to use to sign in using this client.
160 161 162 |
# File 'cognito/user_pool_client_options.rb', line 160 def supported_identity_providers @supported_identity_providers end |
#user_pool_client_name ⇒ String? (readonly)
Default: - cloudformation generated name
Name of the application client.
165 166 167 |
# File 'cognito/user_pool_client_options.rb', line 165 def user_pool_client_name @user_pool_client_name end |
#write_attributes ⇒ AWSCDK::Cognito::ClientAttributes? (readonly)
Default: - all standard and custom attributes
The set of attributes this client will be able to write.
171 172 173 |
# File 'cognito/user_pool_client_options.rb', line 171 def write_attributes @write_attributes end |
Class Method Details
.jsii_properties ⇒ Object
173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 |
# File 'cognito/user_pool_client_options.rb', line 173 def self.jsii_properties { :access_token_validity => "accessTokenValidity", :analytics => "analytics", :auth_flows => "authFlows", :auth_session_validity => "authSessionValidity", :disable_o_auth => "disableOAuth", :enable_propagate_additional_user_context_data => "enablePropagateAdditionalUserContextData", :enable_token_revocation => "enableTokenRevocation", :generate_secret => "generateSecret", :id_token_validity => "idTokenValidity", :o_auth => "oAuth", :prevent_user_existence_errors => "preventUserExistenceErrors", :read_attributes => "readAttributes", :refresh_token_rotation_grace_period => "refreshTokenRotationGracePeriod", :refresh_token_validity => "refreshTokenValidity", :supported_identity_providers => "supportedIdentityProviders", :user_pool_client_name => "userPoolClientName", :write_attributes => "writeAttributes", } end |
Instance Method Details
#to_jsii ⇒ Object
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 |
# File 'cognito/user_pool_client_options.rb', line 195 def to_jsii result = {} result.merge!({ "accessTokenValidity" => @access_token_validity, "analytics" => @analytics, "authFlows" => @auth_flows, "authSessionValidity" => @auth_session_validity, "disableOAuth" => @disable_o_auth, "enablePropagateAdditionalUserContextData" => @enable_propagate_additional_user_context_data, "enableTokenRevocation" => @enable_token_revocation, "generateSecret" => @generate_secret, "idTokenValidity" => @id_token_validity, "oAuth" => @o_auth, "preventUserExistenceErrors" => @prevent_user_existence_errors, "readAttributes" => @read_attributes, "refreshTokenRotationGracePeriod" => @refresh_token_rotation_grace_period, "refreshTokenValidity" => @refresh_token_validity, "supportedIdentityProviders" => @supported_identity_providers, "userPoolClientName" => @user_pool_client_name, "writeAttributes" => @write_attributes, }) result.compact end |