Class: AWSCDK::Cognito::UserPoolClientProps
- Inherits:
-
UserPoolClientOptions
- Object
- UserPoolClientOptions
- AWSCDK::Cognito::UserPoolClientProps
- Defined in:
- cognito/user_pool_client_props.rb
Overview
Properties for the UserPoolClient construct.
Instance Attribute Summary collapse
-
#access_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the access token.
-
#analytics ⇒ AWSCDK::Cognito::AnalyticsConfiguration?
readonly
The analytics configuration for this client.
-
#auth_flows ⇒ AWSCDK::Cognito::AuthFlow?
readonly
The set of OAuth authentication flows to enable on the client.
-
#auth_session_validity ⇒ AWSCDK::Duration?
readonly
Cognito creates a session token for each API request in an authentication flow.
-
#disable_o_auth ⇒ Boolean?
readonly
Turns off all OAuth interactions for this client.
-
#enable_propagate_additional_user_context_data ⇒ Boolean?
readonly
Enable the propagation of additional user context data.
-
#enable_token_revocation ⇒ Boolean?
readonly
Enable token revocation for this client.
-
#generate_secret ⇒ Boolean?
readonly
Whether to generate a client secret.
-
#id_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the ID token.
-
#o_auth ⇒ AWSCDK::Cognito::OAuthSettings?
readonly
OAuth settings for this client to interact with the app.
-
#prevent_user_existence_errors ⇒ Boolean?
readonly
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
-
#read_attributes ⇒ AWSCDK::Cognito::ClientAttributes?
readonly
The set of attributes this client will be able to read.
-
#refresh_token_rotation_grace_period ⇒ AWSCDK::Duration?
readonly
Enables refresh token rotation when set.
-
#refresh_token_validity ⇒ AWSCDK::Duration?
readonly
Validity of the refresh token.
-
#supported_identity_providers ⇒ Array<AWSCDK::Cognito::UserPoolClientIdentityProvider>?
readonly
The list of identity providers that users should be able to use to sign in using this client.
-
#user_pool ⇒ AWSCDK::Interfaces::AWSCognito::IUserPoolRef
readonly
The UserPool resource this client will have access to.
-
#user_pool_client_name ⇒ String?
readonly
Name of the application client.
-
#write_attributes ⇒ AWSCDK::Cognito::ClientAttributes?
readonly
The set of attributes this client will be able to write.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil, user_pool:) ⇒ UserPoolClientProps
constructor
A new instance of UserPoolClientProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil, user_pool:) ⇒ UserPoolClientProps
Returns a new instance of UserPoolClientProps.
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'cognito/user_pool_client_props.rb', line 25 def initialize(access_token_validity: nil, analytics: nil, auth_flows: nil, auth_session_validity: nil, disable_o_auth: nil, enable_propagate_additional_user_context_data: nil, enable_token_revocation: nil, generate_secret: nil, id_token_validity: nil, o_auth: nil, prevent_user_existence_errors: nil, read_attributes: nil, refresh_token_rotation_grace_period: nil, refresh_token_validity: nil, supported_identity_providers: nil, user_pool_client_name: nil, write_attributes: nil, user_pool:) @access_token_validity = access_token_validity Jsii::Type.check_type(@access_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "accessTokenValidity") unless @access_token_validity.nil? @analytics = analytics.is_a?(Hash) ? ::AWSCDK::Cognito::AnalyticsConfiguration.new(**analytics.transform_keys(&:to_sym)) : analytics Jsii::Type.check_type(@analytics, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BbmFseXRpY3NDb25maWd1cmF0aW9uIn0=")), "analytics") unless @analytics.nil? @auth_flows = auth_flows.is_a?(Hash) ? ::AWSCDK::Cognito::AuthFlow.new(**auth_flows.transform_keys(&:to_sym)) : auth_flows Jsii::Type.check_type(@auth_flows, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5BdXRoRmxvdyJ9")), "authFlows") unless @auth_flows.nil? @auth_session_validity = auth_session_validity Jsii::Type.check_type(@auth_session_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "authSessionValidity") unless @auth_session_validity.nil? @disable_o_auth = disable_o_auth Jsii::Type.check_type(@disable_o_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "disableOAuth") unless @disable_o_auth.nil? @enable_propagate_additional_user_context_data = enable_propagate_additional_user_context_data Jsii::Type.check_type(@enable_propagate_additional_user_context_data, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enablePropagateAdditionalUserContextData") unless @enable_propagate_additional_user_context_data.nil? @enable_token_revocation = enable_token_revocation Jsii::Type.check_type(@enable_token_revocation, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "enableTokenRevocation") unless @enable_token_revocation.nil? @generate_secret = generate_secret Jsii::Type.check_type(@generate_secret, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "generateSecret") unless @generate_secret.nil? @id_token_validity = id_token_validity Jsii::Type.check_type(@id_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "idTokenValidity") unless @id_token_validity.nil? @o_auth = o_auth.is_a?(Hash) ? ::AWSCDK::Cognito::OAuthSettings.new(**o_auth.transform_keys(&:to_sym)) : o_auth Jsii::Type.check_type(@o_auth, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5PQXV0aFNldHRpbmdzIn0=")), "oAuth") unless @o_auth.nil? @prevent_user_existence_errors = prevent_user_existence_errors Jsii::Type.check_type(@prevent_user_existence_errors, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "preventUserExistenceErrors") unless @prevent_user_existence_errors.nil? @read_attributes = read_attributes Jsii::Type.check_type(@read_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "readAttributes") unless @read_attributes.nil? @refresh_token_rotation_grace_period = refresh_token_rotation_grace_period Jsii::Type.check_type(@refresh_token_rotation_grace_period, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenRotationGracePeriod") unless @refresh_token_rotation_grace_period.nil? @refresh_token_validity = refresh_token_validity Jsii::Type.check_type(@refresh_token_validity, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "refreshTokenValidity") unless @refresh_token_validity.nil? @supported_identity_providers = supported_identity_providers Jsii::Type.check_type(@supported_identity_providers, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLmF3c19jb2duaXRvLlVzZXJQb29sQ2xpZW50SWRlbnRpdHlQcm92aWRlciJ9LCJraW5kIjoiYXJyYXkifX0=")), "supportedIdentityProviders") unless @supported_identity_providers.nil? @user_pool_client_name = user_pool_client_name Jsii::Type.check_type(@user_pool_client_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolClientName") unless @user_pool_client_name.nil? @write_attributes = write_attributes Jsii::Type.check_type(@write_attributes, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfY29nbml0by5DbGllbnRBdHRyaWJ1dGVzIn0=")), "writeAttributes") unless @write_attributes.nil? @user_pool = user_pool Jsii::Type.check_type(@user_pool, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19jb2duaXRvLklVc2VyUG9vbFJlZiJ9")), "userPool") end |
Instance Attribute Details
#access_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.minutes(60)
Validity of the access token.
Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.
71 72 73 |
# File 'cognito/user_pool_client_props.rb', line 71 def access_token_validity @access_token_validity end |
#analytics ⇒ AWSCDK::Cognito::AnalyticsConfiguration? (readonly)
Default: - no analytics configuration
The analytics configuration for this client.
76 77 78 |
# File 'cognito/user_pool_client_props.rb', line 76 def analytics @analytics end |
#auth_flows ⇒ AWSCDK::Cognito::AuthFlow? (readonly)
Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
The set of OAuth authentication flows to enable on the client.
82 83 84 |
# File 'cognito/user_pool_client_props.rb', line 82 def auth_flows @auth_flows end |
#auth_session_validity ⇒ AWSCDK::Duration? (readonly)
Default: - Duration.minutes(3)
Cognito creates a session token for each API request in an authentication flow.
AuthSessionValidity is the duration, in minutes, of that session token.
see defaults in AuthSessionValidity. Valid duration is from 3 to 15 minutes.
91 92 93 |
# File 'cognito/user_pool_client_props.rb', line 91 def auth_session_validity @auth_session_validity end |
#disable_o_auth ⇒ Boolean? (readonly)
Default: false
Turns off all OAuth interactions for this client.
96 97 98 |
# File 'cognito/user_pool_client_props.rb', line 96 def disable_o_auth @disable_o_auth end |
#enable_propagate_additional_user_context_data ⇒ Boolean? (readonly)
Default: false for new user pool clients
Enable the propagation of additional user context data.
You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
104 105 106 |
# File 'cognito/user_pool_client_props.rb', line 104 def enable_propagate_additional_user_context_data @enable_propagate_additional_user_context_data end |
#enable_token_revocation ⇒ Boolean? (readonly)
Default: true for new user pool clients
Enable token revocation for this client.
110 111 112 |
# File 'cognito/user_pool_client_props.rb', line 110 def enable_token_revocation @enable_token_revocation end |
#generate_secret ⇒ Boolean? (readonly)
Default: false
Whether to generate a client secret.
115 116 117 |
# File 'cognito/user_pool_client_props.rb', line 115 def generate_secret @generate_secret end |
#id_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.minutes(60)
Validity of the ID token.
Values between 5 minutes and 1 day are valid. The duration cannot be longer than the refresh token validity.
123 124 125 |
# File 'cognito/user_pool_client_props.rb', line 123 def id_token_validity @id_token_validity end |
#o_auth ⇒ AWSCDK::Cognito::OAuthSettings? (readonly)
Default: - see defaults in OAuthSettings. meaningless if disableOAuth is set.
OAuth settings for this client to interact with the app.
An error is thrown when this is specified and disable_o_auth is set.
130 131 132 |
# File 'cognito/user_pool_client_props.rb', line 130 def o_auth @o_auth end |
#prevent_user_existence_errors ⇒ Boolean? (readonly)
Default: false
Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.
136 137 138 |
# File 'cognito/user_pool_client_props.rb', line 136 def prevent_user_existence_errors @prevent_user_existence_errors end |
#read_attributes ⇒ AWSCDK::Cognito::ClientAttributes? (readonly)
Default: - all standard and custom attributes
The set of attributes this client will be able to read.
142 143 144 |
# File 'cognito/user_pool_client_props.rb', line 142 def read_attributes @read_attributes end |
#refresh_token_rotation_grace_period ⇒ AWSCDK::Duration? (readonly)
Default: - undefined (refresh token rotation is disabled)
Enables refresh token rotation when set.
Defines the grace period for the original refresh token (0-60 seconds).
150 151 152 |
# File 'cognito/user_pool_client_props.rb', line 150 def refresh_token_rotation_grace_period @refresh_token_rotation_grace_period end |
#refresh_token_validity ⇒ AWSCDK::Duration? (readonly)
Default: Duration.days(30)
Validity of the refresh token.
Values between 60 minutes and 10 years are valid.
158 159 160 |
# File 'cognito/user_pool_client_props.rb', line 158 def refresh_token_validity @refresh_token_validity end |
#supported_identity_providers ⇒ Array<AWSCDK::Cognito::UserPoolClientIdentityProvider>? (readonly)
Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the UserPool.registerIdentityProvider() API.
The list of identity providers that users should be able to use to sign in using this client.
163 164 165 |
# File 'cognito/user_pool_client_props.rb', line 163 def supported_identity_providers @supported_identity_providers end |
#user_pool ⇒ AWSCDK::Interfaces::AWSCognito::IUserPoolRef (readonly)
The UserPool resource this client will have access to.
178 179 180 |
# File 'cognito/user_pool_client_props.rb', line 178 def user_pool @user_pool end |
#user_pool_client_name ⇒ String? (readonly)
Default: - cloudformation generated name
Name of the application client.
168 169 170 |
# File 'cognito/user_pool_client_props.rb', line 168 def user_pool_client_name @user_pool_client_name end |
#write_attributes ⇒ AWSCDK::Cognito::ClientAttributes? (readonly)
Default: - all standard and custom attributes
The set of attributes this client will be able to write.
174 175 176 |
# File 'cognito/user_pool_client_props.rb', line 174 def write_attributes @write_attributes end |
Class Method Details
.jsii_properties ⇒ Object
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'cognito/user_pool_client_props.rb', line 180 def self.jsii_properties { :access_token_validity => "accessTokenValidity", :analytics => "analytics", :auth_flows => "authFlows", :auth_session_validity => "authSessionValidity", :disable_o_auth => "disableOAuth", :enable_propagate_additional_user_context_data => "enablePropagateAdditionalUserContextData", :enable_token_revocation => "enableTokenRevocation", :generate_secret => "generateSecret", :id_token_validity => "idTokenValidity", :o_auth => "oAuth", :prevent_user_existence_errors => "preventUserExistenceErrors", :read_attributes => "readAttributes", :refresh_token_rotation_grace_period => "refreshTokenRotationGracePeriod", :refresh_token_validity => "refreshTokenValidity", :supported_identity_providers => "supportedIdentityProviders", :user_pool_client_name => "userPoolClientName", :write_attributes => "writeAttributes", :user_pool => "userPool", } end |
Instance Method Details
#to_jsii ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 |
# File 'cognito/user_pool_client_props.rb', line 203 def to_jsii result = {} result.merge!(super) result.merge!({ "accessTokenValidity" => @access_token_validity, "analytics" => @analytics, "authFlows" => @auth_flows, "authSessionValidity" => @auth_session_validity, "disableOAuth" => @disable_o_auth, "enablePropagateAdditionalUserContextData" => @enable_propagate_additional_user_context_data, "enableTokenRevocation" => @enable_token_revocation, "generateSecret" => @generate_secret, "idTokenValidity" => @id_token_validity, "oAuth" => @o_auth, "preventUserExistenceErrors" => @prevent_user_existence_errors, "readAttributes" => @read_attributes, "refreshTokenRotationGracePeriod" => @refresh_token_rotation_grace_period, "refreshTokenValidity" => @refresh_token_validity, "supportedIdentityProviders" => @supported_identity_providers, "userPoolClientName" => @user_pool_client_name, "writeAttributes" => @write_attributes, "userPool" => @user_pool, }) result.compact end |