Interface CfnUserPoolIdentityProviderMixinProps
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnUserPoolIdentityProviderMixinProps.Jsii$Proxy
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.cfnpropertymixins.services.cognito.*;
Object attributeMapping;
Object providerDetails;
CfnUserPoolIdentityProviderMixinProps cfnUserPoolIdentityProviderMixinProps = CfnUserPoolIdentityProviderMixinProps.builder()
.attributeMapping(attributeMapping)
.idpIdentifiers(List.of("idpIdentifiers"))
.providerDetails(providerDetails)
.providerName("providerName")
.providerType("providerType")
.userPoolId("userPoolId")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnUserPoolIdentityProviderMixinPropsstatic final classAn implementation forCfnUserPoolIdentityProviderMixinProps -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default ObjectA mapping of IdP attributes to standard and custom user pool attributes.An array of IdP identifiers, for example"IdPIdentifiers": [ "MyIdP", "MyIdP2" ].default ObjectThe scopes, URLs, and identifiers for your external identity provider.default StringThe name that you want to assign to the IdP.default StringThe type of IdP that you want to add.default StringThe Id of the user pool where you want to create an IdP.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAttributeMapping
A mapping of IdP attributes to standard and custom user pool attributes.Specify a user pool attribute as the key of the key-value pair, and the IdP attribute claim name as the value.
- See Also:
-
getIdpIdentifiers
An array of IdP identifiers, for example"IdPIdentifiers": [ "MyIdP", "MyIdP2" ].Identifiers are friendly names that you can pass in the
idp_identifierquery parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP. Identifiers in a domain format also enable the use of email-address matching with SAML providers .- See Also:
-
getProviderDetails
The scopes, URLs, and identifiers for your external identity provider.The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopesvalues must match the values listed here.- OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.
Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }- SAML - Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }
Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }The value of
MetadataFilemust be the plaintext metadata document with all quote (") characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }- LoginWithAmazon - Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"
Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }- Google - Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }
Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }- SignInWithApple - Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }
Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }- Facebook - Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }
Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }- See Also:
- OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from
-
getProviderName
The name that you want to assign to the IdP.You can pass the identity provider name in the
identity_providerquery parameter of requests to the Authorize endpoint to silently redirect to sign-in with the associated IdP.- See Also:
-
getProviderType
The type of IdP that you want to add.Amazon Cognito supports OIDC, SAML 2.0, Login With Amazon, Sign In With Apple, Google, and Facebook IdPs.
- See Also:
-
getUserPoolId
The Id of the user pool where you want to create an IdP.- See Also:
-
builder
-