Class: AWSCDK::Cognito::UserPoolClientOptions

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
cognito/user_pool_client_options.rb

Overview

Options to create a UserPoolClient.

Direct Known Subclasses

UserPoolClientProps

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil) ⇒ UserPoolClientOptions

Returns a new instance of UserPoolClientOptions.

Parameters:

  • access_token_validity (AWSCDK::Duration, nil) (defaults to: nil)

    Validity of the access token.

  • analytics (AWSCDK::Cognito::AnalyticsConfiguration, nil) (defaults to: nil)

    The analytics configuration for this client.

  • auth_flows (AWSCDK::Cognito::AuthFlow, nil) (defaults to: nil)

    The set of OAuth authentication flows to enable on the client.

  • auth_session_validity (AWSCDK::Duration, nil) (defaults to: nil)

    Cognito creates a session token for each API request in an authentication flow.

  • disable_o_auth (Boolean, nil) (defaults to: nil)

    Turns off all OAuth interactions for this client.

  • enable_propagate_additional_user_context_data (Boolean, nil) (defaults to: nil)

    Enable the propagation of additional user context data.

  • enable_token_revocation (Boolean, nil) (defaults to: nil)

    Enable token revocation for this client.

  • generate_secret (Boolean, nil) (defaults to: nil)

    Whether to generate a client secret.

  • id_token_validity (AWSCDK::Duration, nil) (defaults to: nil)

    Validity of the ID token.

  • o_auth (AWSCDK::Cognito::OAuthSettings, nil) (defaults to: nil)

    OAuth settings for this client to interact with the app.

  • prevent_user_existence_errors (Boolean, nil) (defaults to: nil)

    Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.

  • read_attributes (AWSCDK::Cognito::ClientAttributes, nil) (defaults to: nil)

    The set of attributes this client will be able to read.

  • refresh_token_rotation_grace_period (AWSCDK::Duration, nil) (defaults to: nil)

    Enables refresh token rotation when set.

  • refresh_token_validity (AWSCDK::Duration, nil) (defaults to: nil)

    Validity of the refresh token.

  • supported_identity_providers (Array<AWSCDK::Cognito::UserPoolClientIdentityProvider>, nil) (defaults to: nil)

    The list of identity providers that users should be able to use to sign in using this client.

  • user_pool_client_name (String, nil) (defaults to: nil)

    Name of the application client.

  • write_attributes (AWSCDK::Cognito::ClientAttributes, nil) (defaults to: nil)

    The set of attributes this client will be able to write.



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
# File 'cognito/user_pool_client_options.rb', line 24

def initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil)
  @access_token_validity = access_token_validity
  Jsii::Type.check_type(@access_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "accessTokenValidity") unless @access_token_validity.nil?
  @analytics = analytics.is_a?(Hash) ? ::AWSCDK::Cognito::AnalyticsConfiguration.new(**analytics.transform_keys(&:to_sym)) : analytics
  Jsii::Type.check_type(@analytics, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BbmFseXRpY3NDb25maWd1cmF0aW9uIn0=")), "analytics") unless @analytics.nil?
  @auth_flows = auth_flows.is_a?(Hash) ? ::AWSCDK::Cognito::AuthFlow.new(**auth_flows.transform_keys(&:to_sym)) : auth_flows
  Jsii::Type.check_type(@auth_flows, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BdXRoRmxvdyJ9")), "authFlows") unless @auth_flows.nil?
  @auth_session_validity = auth_session_validity
  Jsii::Type.check_type(@auth_session_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "authSessionValidity") unless @auth_session_validity.nil?
  @disable_o_auth = disable_o_auth
  Jsii::Type.check_type(@disable_o_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disableOAuth") unless @disable_o_auth.nil?
  @enable_propagate_additional_user_context_data = enable_propagate_additional_user_context_data
  Jsii::Type.check_type(@enable_propagate_additional_user_context_data, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enablePropagateAdditionalUserContextData") unless @enable_propagate_additional_user_context_data.nil?
  @enable_token_revocation = enable_token_revocation
  Jsii::Type.check_type(@enable_token_revocation, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableTokenRevocation") unless @enable_token_revocation.nil?
  @generate_secret = generate_secret
  Jsii::Type.check_type(@generate_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "generateSecret") unless @generate_secret.nil?
  @id_token_validity = id_token_validity
  Jsii::Type.check_type(@id_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "idTokenValidity") unless @id_token_validity.nil?
  @o_auth = o_auth.is_a?(Hash) ? ::AWSCDK::Cognito::OAuthSettings.new(**o_auth.transform_keys(&:to_sym)) : o_auth
  Jsii::Type.check_type(@o_auth, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5PQXV0aFNldHRpbmdzIn0=")), "oAuth") unless @o_auth.nil?
  @prevent_user_existence_errors = prevent_user_existence_errors
  Jsii::Type.check_type(@prevent_user_existence_errors, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "preventUserExistenceErrors") unless @prevent_user_existence_errors.nil?
  @read_attributes = read_attributes
  Jsii::Type.check_type(@read_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "readAttributes") unless @read_attributes.nil?
  @refresh_token_rotation_grace_period = refresh_token_rotation_grace_period
  Jsii::Type.check_type(@refresh_token_rotation_grace_period, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenRotationGracePeriod") unless @refresh_token_rotation_grace_period.nil?
  @refresh_token_validity = refresh_token_validity
  Jsii::Type.check_type(@refresh_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenValidity") unless @refresh_token_validity.nil?
  @supported_identity_providers = supported_identity_providers
  Jsii::Type.check_type(@supported_identity_providers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLlVzZXJQb29sQ2xpZW50SWRlbnRpdHlQcm92aWRlciJ9LCJraW5kIjoiYXJyYXkifX0=")), "supportedIdentityProviders") unless @supported_identity_providers.nil?
  @user_pool_client_name = user_pool_client_name
  Jsii::Type.check_type(@user_pool_client_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolClientName") unless @user_pool_client_name.nil?
  @write_attributes = write_attributes
  Jsii::Type.check_type(@write_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "writeAttributes") unless @write_attributes.nil?
end

Instance Attribute Details

#access_token_validityAWSCDK::Duration? (readonly)

Note:

Default: Duration.minutes(60)

Validity of the access token.

Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.



68
69
70
# File 'cognito/user_pool_client_options.rb', line 68

def access_token_validity
  @access_token_validity
end

#analyticsAWSCDK::Cognito::AnalyticsConfiguration? (readonly)

Note:

Default: - no analytics configuration

The analytics configuration for this client.



73
74
75
# File 'cognito/user_pool_client_options.rb', line 73

def analytics
  @analytics
end

#auth_flowsAWSCDK::Cognito::AuthFlow? (readonly)

Note:

Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

The set of OAuth authentication flows to enable on the client.



79
80
81
# File 'cognito/user_pool_client_options.rb', line 79

def auth_flows
  @auth_flows
end

#auth_session_validityAWSCDK::Duration? (readonly)

Note:

Default: - Duration.minutes(3)

Cognito creates a session token for each API request in an authentication flow.

AuthSessionValidity is the duration, in minutes, of that session token. see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes.



88
89
90
# File 'cognito/user_pool_client_options.rb', line 88

def auth_session_validity
  @auth_session_validity
end

#disable_o_authBoolean? (readonly)

Note:

Default: false

Turns off all OAuth interactions for this client.

Returns:

  • (Boolean, nil)


93
94
95
# File 'cognito/user_pool_client_options.rb', line 93

def disable_o_auth
  @disable_o_auth
end

#enable_propagate_additional_user_context_dataBoolean? (readonly)

Note:

Default: false for new user pool clients

Enable the propagation of additional user context data.

You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.



101
102
103
# File 'cognito/user_pool_client_options.rb', line 101

def enable_propagate_additional_user_context_data
  @enable_propagate_additional_user_context_data
end

#enable_token_revocationBoolean? (readonly)

Note:

Default: true for new user pool clients

Enable token revocation for this client.



107
108
109
# File 'cognito/user_pool_client_options.rb', line 107

def enable_token_revocation
  @enable_token_revocation
end

#generate_secretBoolean? (readonly)

Note:

Default: false

Whether to generate a client secret.

Returns:

  • (Boolean, nil)


112
113
114
# File 'cognito/user_pool_client_options.rb', line 112

def generate_secret
  @generate_secret
end

#id_token_validityAWSCDK::Duration? (readonly)

Note:

Default: Duration.minutes(60)

Validity of the ID token.

Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.



120
121
122
# File 'cognito/user_pool_client_options.rb', line 120

def id_token_validity
  @id_token_validity
end

#o_authAWSCDK::Cognito::OAuthSettings? (readonly)

Note:

Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.

OAuth settings for this client to interact with the app.

An error is thrown when this is specified and disable_o_auth is set.



127
128
129
# File 'cognito/user_pool_client_options.rb', line 127

def o_auth
  @o_auth
end

#prevent_user_existence_errorsBoolean? (readonly)

Note:

Default: false

Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.



133
134
135
# File 'cognito/user_pool_client_options.rb', line 133

def prevent_user_existence_errors
  @prevent_user_existence_errors
end

#read_attributesAWSCDK::Cognito::ClientAttributes? (readonly)

Note:

Default: - all standard and custom attributes

The set of attributes this client will be able to read.



139
140
141
# File 'cognito/user_pool_client_options.rb', line 139

def read_attributes
  @read_attributes
end

#refresh_token_rotation_grace_periodAWSCDK::Duration? (readonly)

Note:

Default: - undefined (refresh token rotation is disabled)

Enables refresh token rotation when set.

Defines the grace period for the original refresh token (0-60 seconds).



147
148
149
# File 'cognito/user_pool_client_options.rb', line 147

def refresh_token_rotation_grace_period
  @refresh_token_rotation_grace_period
end

#refresh_token_validityAWSCDK::Duration? (readonly)

Note:

Default: Duration.days(30)

Validity of the refresh token.

Values between 60 minutes and 10 years are valid.



155
156
157
# File 'cognito/user_pool_client_options.rb', line 155

def refresh_token_validity
  @refresh_token_validity
end

#supported_identity_providersArray<AWSCDK::Cognito::UserPoolClientIdentityProvider>? (readonly)

Note:

Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.

The list of identity providers that users should be able to use to sign in using this client.



160
161
162
# File 'cognito/user_pool_client_options.rb', line 160

def supported_identity_providers
  @supported_identity_providers
end

#user_pool_client_nameString? (readonly)

Note:

Default: - cloudformation generated name

Name of the application client.

Returns:

  • (String, nil)


165
166
167
# File 'cognito/user_pool_client_options.rb', line 165

def user_pool_client_name
  @user_pool_client_name
end

#write_attributesAWSCDK::Cognito::ClientAttributes? (readonly)

Note:

Default: - all standard and custom attributes

The set of attributes this client will be able to write.



171
172
173
# File 'cognito/user_pool_client_options.rb', line 171

def write_attributes
  @write_attributes
end

Class Method Details

.jsii_propertiesObject



173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
# File 'cognito/user_pool_client_options.rb', line 173

def self.jsii_properties
  {
    :access_token_validity => "accessTokenValidity",
    :analytics => "analytics",
    :auth_flows => "authFlows",
    :auth_session_validity => "authSessionValidity",
    :disable_o_auth => "disableOAuth",
    :enable_propagate_additional_user_context_data => "enablePropagateAdditionalUserContextData",
    :enable_token_revocation => "enableTokenRevocation",
    :generate_secret => "generateSecret",
    :id_token_validity => "idTokenValidity",
    :o_auth => "oAuth",
    :prevent_user_existence_errors => "preventUserExistenceErrors",
    :read_attributes => "readAttributes",
    :refresh_token_rotation_grace_period => "refreshTokenRotationGracePeriod",
    :refresh_token_validity => "refreshTokenValidity",
    :supported_identity_providers => "supportedIdentityProviders",
    :user_pool_client_name => "userPoolClientName",
    :write_attributes => "writeAttributes",
  }
end

Instance Method Details

#to_jsiiObject



195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
# File 'cognito/user_pool_client_options.rb', line 195

def to_jsii
  result = {}
  result.merge!({
    "accessTokenValidity" => @access_token_validity,
    "analytics" => @analytics,
    "authFlows" => @auth_flows,
    "authSessionValidity" => @auth_session_validity,
    "disableOAuth" => @disable_o_auth,
    "enablePropagateAdditionalUserContextData" => @enable_propagate_additional_user_context_data,
    "enableTokenRevocation" => @enable_token_revocation,
    "generateSecret" => @generate_secret,
    "idTokenValidity" => @id_token_validity,
    "oAuth" => @o_auth,
    "preventUserExistenceErrors" => @prevent_user_existence_errors,
    "readAttributes" => @read_attributes,
    "refreshTokenRotationGracePeriod" => @refresh_token_rotation_grace_period,
    "refreshTokenValidity" => @refresh_token_validity,
    "supportedIdentityProviders" => @supported_identity_providers,
    "userPoolClientName" => @user_pool_client_name,
    "writeAttributes" => @write_attributes,
  })
  result.compact
end