Package software.amazon.awscdk.services.cognito

Class CfnUserPoolClient

java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.CfnElement
software.amazon.awscdk.CfnRefElement
software.amazon.awscdk.CfnResource
software.amazon.awscdk.services.cognito.CfnUserPoolClient
All Implemented Interfaces:
IEnvironmentAware, IInspectable, IUserPoolClientRef, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable
@Generated(value="jsii-pacmak/1.118.0 (build 02eec31)", date="2025-11-10T13:40:01.188Z") @Stability(Stable) public class CfnUserPoolClient extends CfnResource implements IInspectable, IUserPoolClientRef
The AWS::Cognito::UserPoolClient resource specifies an Amazon Cognito user pool client.

If you don't specify a value for a parameter, Amazon Cognito sets it to a default value.

Example: 

 import software.amazon.awscdk.services.certificatemanager.*;
 Vpc vpc;
 Certificate certificate;
 ApplicationLoadBalancer lb = ApplicationLoadBalancer.Builder.create(this, "LB")
         .vpc(vpc)
         .internetFacing(true)
         .build();
 UserPool userPool = new UserPool(this, "UserPool");
 UserPoolClient userPoolClient = UserPoolClient.Builder.create(this, "Client")
         .userPool(userPool)
         // Required minimal configuration for use with an ELB
         .generateSecret(true)
         .authFlows(AuthFlow.builder()
                 .userPassword(true)
                 .build())
         .oAuth(OAuthSettings.builder()
                 .flows(OAuthFlows.builder()
                         .authorizationCodeGrant(true)
                         .build())
                 .scopes(List.of(OAuthScope.EMAIL))
                 .callbackUrls(List.of(String.format("https://%s/oauth2/idpresponse", lb.getLoadBalancerDnsName())))
                 .build())
         .build();
 CfnUserPoolClient cfnClient = (CfnUserPoolClient)userPoolClient.getNode().getDefaultChild();
 cfnClient.addPropertyOverride("RefreshTokenValidity", 1);
 cfnClient.addPropertyOverride("SupportedIdentityProviders", List.of("COGNITO"));
 UserPoolDomain userPoolDomain = UserPoolDomain.Builder.create(this, "Domain")
         .userPool(userPool)
         .cognitoDomain(CognitoDomainOptions.builder()
                 .domainPrefix("test-cdk-prefix")
                 .build())
         .build();
 lb.addListener("Listener", BaseApplicationListenerProps.builder()
         .port(443)
         .certificates(List.of(certificate))
         .defaultAction(AuthenticateCognitoAction.Builder.create()
                 .userPool(userPool)
                 .userPoolClient(userPoolClient)
                 .userPoolDomain(userPoolDomain)
                 .next(ListenerAction.fixedResponse(200, FixedResponseOptions.builder()
                         .contentType("text/plain")
                         .messageBody("Authenticated")
                         .build()))
                 .build())
         .build());
 CfnOutput.Builder.create(this, "DNS")
         .value(lb.getLoadBalancerDnsName())
         .build();

See Also:

  • Field Details

    • CFN_RESOURCE_TYPE_NAME

      @Stability(Stable) public static final String CFN_RESOURCE_TYPE_NAME
      The CloudFormation resource type name for this resource class.

  • Constructor Details

    • CfnUserPoolClient

      protected CfnUserPoolClient(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnUserPoolClient

      protected CfnUserPoolClient(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnUserPoolClient

      @Stability(Stable) public CfnUserPoolClient(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull CfnUserPoolClientProps props)
      Parameters:
      scope - Scope in which this resource is defined. This parameter is required.
      id - Construct identifier for this resource (unique in its scope). This parameter is required.
      props - Resource properties. This parameter is required.

  • Method Details

    • inspect

      @Stability(Stable) public void inspect(@NotNull TreeInspector inspector)
      Examines the CloudFormation resource and discloses attributes.

      Specified by:
      inspect in interface IInspectable
      Parameters:
      inspector - tree inspector to collect and process attributes. This parameter is required.

    • renderProperties

      @Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String,Object> props)
      Overrides:
      renderProperties in class CfnResource
      Parameters:
      props - This parameter is required.

    • getAttrClientId

      @Stability(Stable) @NotNull public String getAttrClientId()
      The ID of the app client, for example 1example23456789 .

    • getAttrClientSecret

      @Stability(Stable) @NotNull public String getAttrClientSecret()

    • getAttrName

      @Stability(Stable) @NotNull public String getAttrName()

    • getCfnProperties

      @Stability(Stable) @NotNull protected Map<String,Object> getCfnProperties()
      Overrides:
      getCfnProperties in class CfnResource

    • getUserPoolClientRef

      @Stability(Stable) @NotNull public UserPoolClientReference getUserPoolClientRef()
      A reference to a UserPoolClient resource.
      Specified by:
      getUserPoolClientRef in interface IUserPoolClientRef

    • getUserPoolId

      @Stability(Stable) @NotNull public String getUserPoolId()
      The ID of the user pool where you want to create an app client.

    • setUserPoolId

      @Stability(Stable) public void setUserPoolId(@NotNull String value)
      The ID of the user pool where you want to create an app client.

    • getAccessTokenValidity

      @Stability(Stable) @Nullable public Number getAccessTokenValidity()
      The access token time limit.

    • setAccessTokenValidity

      @Stability(Stable) public void setAccessTokenValidity(@Nullable Number value)
      The access token time limit.

    • getAllowedOAuthFlows

      @Stability(Stable) @Nullable public List<String> getAllowedOAuthFlows()
      The OAuth grant types that you want your app client to generate for clients in managed login authentication.

    • setAllowedOAuthFlows

      @Stability(Stable) public void setAllowedOAuthFlows(@Nullable List<String> value)
      The OAuth grant types that you want your app client to generate for clients in managed login authentication.

    • getAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) @Nullable public Object getAllowedOAuthFlowsUserPoolClient()
      Set to true to use OAuth 2.0 authorization server features in your app client.

      Returns union: either Boolean or IResolvable

    • setAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) public void setAllowedOAuthFlowsUserPoolClient(@Nullable Boolean value)
      Set to true to use OAuth 2.0 authorization server features in your app client.

    • setAllowedOAuthFlowsUserPoolClient

      @Stability(Stable) public void setAllowedOAuthFlowsUserPoolClient(@Nullable IResolvable value)
      Set to true to use OAuth 2.0 authorization server features in your app client.

    • getAllowedOAuthScopes

      @Stability(Stable) @Nullable public List<String> getAllowedOAuthScopes()
      The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with.

    • setAllowedOAuthScopes

      @Stability(Stable) public void setAllowedOAuthScopes(@Nullable List<String> value)
      The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with.

    • getAnalyticsConfiguration

      @Stability(Stable) @Nullable public Object getAnalyticsConfiguration()
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

      Returns union: either IResolvable or CfnUserPoolClient.AnalyticsConfigurationProperty

    • setAnalyticsConfiguration

      @Stability(Stable) public void setAnalyticsConfiguration(@Nullable IResolvable value)
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

    • setAnalyticsConfiguration

      @Stability(Stable) public void setAnalyticsConfiguration(@Nullable CfnUserPoolClient.AnalyticsConfigurationProperty value)
      The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign.

    • getAuthSessionValidity

      @Stability(Stable) @Nullable public Number getAuthSessionValidity()
      Amazon Cognito creates a session token for each API request in an authentication flow.

    • setAuthSessionValidity

      @Stability(Stable) public void setAuthSessionValidity(@Nullable Number value)
      Amazon Cognito creates a session token for each API request in an authentication flow.

    • getCallbackUrLs

      @Stability(Stable) @Nullable public List<String> getCallbackUrLs()
      A list of allowed redirect, or callback, URLs for managed login authentication.

    • setCallbackUrLs

      @Stability(Stable) public void setCallbackUrLs(@Nullable List<String> value)
      A list of allowed redirect, or callback, URLs for managed login authentication.

    • getClientName

      @Stability(Stable) @Nullable public String getClientName()
      A friendly name for the app client that you want to create.

    • setClientName

      @Stability(Stable) public void setClientName(@Nullable String value)
      A friendly name for the app client that you want to create.

    • getDefaultRedirectUri

      @Stability(Stable) @Nullable public String getDefaultRedirectUri()
      The default redirect URI.

    • setDefaultRedirectUri

      @Stability(Stable) public void setDefaultRedirectUri(@Nullable String value)
      The default redirect URI.

    • getEnablePropagateAdditionalUserContextData

      @Stability(Stable) @Nullable public Object getEnablePropagateAdditionalUserContextData()
      When true , your application can include additional UserContextData in authentication requests.

      Returns union: either Boolean or IResolvable

    • setEnablePropagateAdditionalUserContextData

      @Stability(Stable) public void setEnablePropagateAdditionalUserContextData(@Nullable Boolean value)
      When true , your application can include additional UserContextData in authentication requests.

    • setEnablePropagateAdditionalUserContextData

      @Stability(Stable) public void setEnablePropagateAdditionalUserContextData(@Nullable IResolvable value)
      When true , your application can include additional UserContextData in authentication requests.

    • getEnableTokenRevocation

      @Stability(Stable) @Nullable public Object getEnableTokenRevocation()
      Activates or deactivates token revocation.

      Returns union: either Boolean or IResolvable

    • setEnableTokenRevocation

      @Stability(Stable) public void setEnableTokenRevocation(@Nullable Boolean value)
      Activates or deactivates token revocation.

    • setEnableTokenRevocation

      @Stability(Stable) public void setEnableTokenRevocation(@Nullable IResolvable value)
      Activates or deactivates token revocation.

    • getExplicitAuthFlows

      @Stability(Stable) @Nullable public List<String> getExplicitAuthFlows()
      The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

    • setExplicitAuthFlows

      @Stability(Stable) public void setExplicitAuthFlows(@Nullable List<String> value)
      The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions.

    • getGenerateSecret

      @Stability(Stable) @Nullable public Object getGenerateSecret()
      When true , generates a client secret for the app client.

      Returns union: either Boolean or IResolvable

    • setGenerateSecret

      @Stability(Stable) public void setGenerateSecret(@Nullable Boolean value)
      When true , generates a client secret for the app client.

    • setGenerateSecret

      @Stability(Stable) public void setGenerateSecret(@Nullable IResolvable value)
      When true , generates a client secret for the app client.

    • getIdTokenValidity

      @Stability(Stable) @Nullable public Number getIdTokenValidity()
      The ID token time limit.

    • setIdTokenValidity

      @Stability(Stable) public void setIdTokenValidity(@Nullable Number value)
      The ID token time limit.

    • getLogoutUrLs

      @Stability(Stable) @Nullable public List<String> getLogoutUrLs()
      A list of allowed logout URLs for managed login authentication.

    • setLogoutUrLs

      @Stability(Stable) public void setLogoutUrLs(@Nullable List<String> value)
      A list of allowed logout URLs for managed login authentication.

    • getPreventUserExistenceErrors

      @Stability(Stable) @Nullable public String getPreventUserExistenceErrors()
      Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.

    • setPreventUserExistenceErrors

      @Stability(Stable) public void setPreventUserExistenceErrors(@Nullable String value)
      Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool.

    • getReadAttributes

      @Stability(Stable) @Nullable public List<String> getReadAttributes()
      The list of user attributes that you want your app client to have read access to.

    • setReadAttributes

      @Stability(Stable) public void setReadAttributes(@Nullable List<String> value)
      The list of user attributes that you want your app client to have read access to.

    • getRefreshTokenRotation

      @Stability(Stable) @Nullable public Object getRefreshTokenRotation()
      The configuration of your app client for refresh token rotation.

      Returns union: either IResolvable or CfnUserPoolClient.RefreshTokenRotationProperty

    • setRefreshTokenRotation

      @Stability(Stable) public void setRefreshTokenRotation(@Nullable IResolvable value)
      The configuration of your app client for refresh token rotation.

    • setRefreshTokenRotation

      @Stability(Stable) public void setRefreshTokenRotation(@Nullable CfnUserPoolClient.RefreshTokenRotationProperty value)
      The configuration of your app client for refresh token rotation.

    • getRefreshTokenValidity

      @Stability(Stable) @Nullable public Number getRefreshTokenValidity()
      The refresh token time limit.

    • setRefreshTokenValidity

      @Stability(Stable) public void setRefreshTokenValidity(@Nullable Number value)
      The refresh token time limit.

    • getSupportedIdentityProviders

      @Stability(Stable) @Nullable public List<String> getSupportedIdentityProviders()
      A list of provider names for the identity providers (IdPs) that are supported on this client.

    • setSupportedIdentityProviders

      @Stability(Stable) public void setSupportedIdentityProviders(@Nullable List<String> value)
      A list of provider names for the identity providers (IdPs) that are supported on this client.

    • getTokenValidityUnits

      @Stability(Stable) @Nullable public Object getTokenValidityUnits()
      The units that validity times are represented in.

      Returns union: either IResolvable or CfnUserPoolClient.TokenValidityUnitsProperty

    • setTokenValidityUnits

      @Stability(Stable) public void setTokenValidityUnits(@Nullable IResolvable value)
      The units that validity times are represented in.

    • setTokenValidityUnits

      @Stability(Stable) public void setTokenValidityUnits(@Nullable CfnUserPoolClient.TokenValidityUnitsProperty value)
      The units that validity times are represented in.

    • getWriteAttributes

      @Stability(Stable) @Nullable public List<String> getWriteAttributes()
      The list of user attributes that you want your app client to have write access to.

    • setWriteAttributes

      @Stability(Stable) public void setWriteAttributes(@Nullable List<String> value)
      The list of user attributes that you want your app client to have write access to.