CfnUserPoolClientPropsMixin

class aws_cdk.mixins_preview.aws_cognito.mixins.CfnUserPoolClientPropsMixin(props, *, strategy=None)

Bases: Mixin

The AWS::Cognito::UserPoolClient resource specifies an Amazon Cognito user pool client.

If you don’t specify a value for a parameter, Amazon Cognito sets it to a default value.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html

CloudformationResource:

AWS::Cognito::UserPoolClient

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

cfn_user_pool_client_props_mixin = cognito_mixins.CfnUserPoolClientPropsMixin(cognito_mixins.CfnUserPoolClientMixinProps(
    access_token_validity=123,
    allowed_oAuth_flows=["allowedOAuthFlows"],
    allowed_oAuth_flows_user_pool_client=False,
    allowed_oAuth_scopes=["allowedOAuthScopes"],
    analytics_configuration=cognito_mixins.CfnUserPoolClientPropsMixin.AnalyticsConfigurationProperty(
        application_arn="applicationArn",
        application_id="applicationId",
        external_id="externalId",
        role_arn="roleArn",
        user_data_shared=False
    ),
    auth_session_validity=123,
    callback_ur_ls=["callbackUrLs"],
    client_name="clientName",
    default_redirect_uri="defaultRedirectUri",
    enable_propagate_additional_user_context_data=False,
    enable_token_revocation=False,
    explicit_auth_flows=["explicitAuthFlows"],
    generate_secret=False,
    id_token_validity=123,
    logout_ur_ls=["logoutUrLs"],
    prevent_user_existence_errors="preventUserExistenceErrors",
    read_attributes=["readAttributes"],
    refresh_token_rotation=cognito_mixins.CfnUserPoolClientPropsMixin.RefreshTokenRotationProperty(
        feature="feature",
        retry_grace_period_seconds=123
    ),
    refresh_token_validity=123,
    supported_identity_providers=["supportedIdentityProviders"],
    token_validity_units=cognito_mixins.CfnUserPoolClientPropsMixin.TokenValidityUnitsProperty(
        access_token="accessToken",
        id_token="idToken",
        refresh_token="refreshToken"
    ),
    user_pool_id="userPoolId",
    write_attributes=["writeAttributes"]
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::Cognito::UserPoolClient.

Parameters:

• props (Union[CfnUserPoolClientMixinProps, Dict[str, Any]]) – L1 properties to apply.

• strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['accessTokenValidity', 'allowedOAuthFlows', 'allowedOAuthFlowsUserPoolClient', 'allowedOAuthScopes', 'analyticsConfiguration', 'authSessionValidity', 'callbackUrLs', 'clientName', 'defaultRedirectUri', 'enablePropagateAdditionalUserContextData', 'enableTokenRevocation', 'explicitAuthFlows', 'generateSecret', 'idTokenValidity', 'logoutUrLs', 'preventUserExistenceErrors', 'readAttributes', 'refreshTokenRotation', 'refreshTokenValidity', 'supportedIdentityProviders', 'tokenValidityUnits', 'userPoolId', 'writeAttributes']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

AnalyticsConfigurationProperty

class CfnUserPoolClientPropsMixin.AnalyticsConfigurationProperty(*, application_arn=None, application_id=None, external_id=None, role_arn=None, user_data_shared=None)

Bases: object

The settings for Amazon Pinpoint analytics configuration.

With an analytics configuration, your application can collect user-activity metrics for user notifications with a Amazon Pinpoint campaign.

Amazon Pinpoint isn’t available in all AWS Regions. For a list of available Regions, see Amazon Cognito and Amazon Pinpoint Region availability .

Parameters:

• application_arn (Optional[str]) – The Amazon Resource Name (ARN) of an Amazon Pinpoint project that you want to connect to your user pool app client. Amazon Cognito publishes events to the Amazon Pinpoint project that ApplicationArn declares. You can also configure your application to pass an endpoint ID in the AnalyticsMetadata parameter of sign-in operations. The endpoint ID is information about the destination for push notifications

• application_id (Optional[str]) – Your Amazon Pinpoint project ID.

• external_id (Optional[str]) – The external ID of the role that Amazon Cognito assumes to send analytics data to Amazon Pinpoint.

• role_arn (Optional[str]) – The ARN of an AWS Identity and Access Management role that has the permissions required for Amazon Cognito to publish events to Amazon Pinpoint analytics.

• user_data_shared (Union[bool, IResolvable, None]) – If UserDataShared is true , Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

analytics_configuration_property = cognito_mixins.CfnUserPoolClientPropsMixin.AnalyticsConfigurationProperty(
    application_arn="applicationArn",
    application_id="applicationId",
    external_id="externalId",
    role_arn="roleArn",
    user_data_shared=False
)

Attributes

application_arn

The Amazon Resource Name (ARN) of an Amazon Pinpoint project that you want to connect to your user pool app client.

Amazon Cognito publishes events to the Amazon Pinpoint project that ApplicationArn declares. You can also configure your application to pass an endpoint ID in the AnalyticsMetadata parameter of sign-in operations. The endpoint ID is information about the destination for push notifications

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-applicationarn

application_id

Your Amazon Pinpoint project ID.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-applicationid

external_id

The external ID of the role that Amazon Cognito assumes to send analytics data to Amazon Pinpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-externalid

role_arn

The ARN of an AWS Identity and Access Management role that has the permissions required for Amazon Cognito to publish events to Amazon Pinpoint analytics.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-rolearn

user_data_shared

If UserDataShared is true , Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-analyticsconfiguration.html#cfn-cognito-userpoolclient-analyticsconfiguration-userdatashared

RefreshTokenRotationProperty

class CfnUserPoolClientPropsMixin.RefreshTokenRotationProperty(*, feature=None, retry_grace_period_seconds=None)

Bases: object

The configuration of your app client for refresh token rotation.

When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens.

Parameters:

• feature (Optional[str]) – The state of refresh token rotation for the current app client.

• retry_grace_period_seconds (Union[int, float, None]) – When you request a token refresh with GetTokensFromRefreshToken , the original refresh token that you’re rotating out can remain valid for a period of time of up to 60 seconds. This allows for client-side retries. When RetryGracePeriodSeconds is 0 , the grace period is disabled and a successful request immediately invalidates the submitted refresh token.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-refreshtokenrotation.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

refresh_token_rotation_property = cognito_mixins.CfnUserPoolClientPropsMixin.RefreshTokenRotationProperty(
    feature="feature",
    retry_grace_period_seconds=123
)

Attributes

feature

The state of refresh token rotation for the current app client.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-refreshtokenrotation.html#cfn-cognito-userpoolclient-refreshtokenrotation-feature

retry_grace_period_seconds

When you request a token refresh with GetTokensFromRefreshToken , the original refresh token that you’re rotating out can remain valid for a period of time of up to 60 seconds.

This allows for client-side retries. When RetryGracePeriodSeconds is 0 , the grace period is disabled and a successful request immediately invalidates the submitted refresh token.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-refreshtokenrotation.html#cfn-cognito-userpoolclient-refreshtokenrotation-retrygraceperiodseconds

TokenValidityUnitsProperty

class CfnUserPoolClientPropsMixin.TokenValidityUnitsProperty(*, access_token=None, id_token=None, refresh_token=None)

Bases: object

The units that validity times are represented in.

The default unit for refresh tokens is days, and the default for ID and access tokens are hours.

Parameters:

• access_token (Optional[str]) – A time unit for the value that you set in the AccessTokenValidity parameter. The default AccessTokenValidity time unit is hours . AccessTokenValidity duration can range from five minutes to one day.

• id_token (Optional[str]) – A time unit for the value that you set in the IdTokenValidity parameter. The default IdTokenValidity time unit is hours . IdTokenValidity duration can range from five minutes to one day.

• refresh_token (Optional[str]) – A time unit for the value that you set in the RefreshTokenValidity parameter. The default RefreshTokenValidity time unit is days . RefreshTokenValidity duration can range from 60 minutes to 10 years.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_cognito import mixins as cognito_mixins

token_validity_units_property = cognito_mixins.CfnUserPoolClientPropsMixin.TokenValidityUnitsProperty(
    access_token="accessToken",
    id_token="idToken",
    refresh_token="refreshToken"
)

Attributes

access_token

A time unit for the value that you set in the AccessTokenValidity parameter.

The default AccessTokenValidity time unit is hours . AccessTokenValidity duration can range from five minutes to one day.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-accesstoken

id_token

A time unit for the value that you set in the IdTokenValidity parameter.

The default IdTokenValidity time unit is hours . IdTokenValidity duration can range from five minutes to one day.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-idtoken

refresh_token

A time unit for the value that you set in the RefreshTokenValidity parameter.

The default RefreshTokenValidity time unit is days . RefreshTokenValidity duration can range from 60 minutes to 10 years.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpoolclient-tokenvalidityunits.html#cfn-cognito-userpoolclient-tokenvalidityunits-refreshtoken