# IdentityProviderType
<a name="API_IdentityProviderType"></a>

A user pool identity provider (IdP). Contains information about a third-party IdP to a user pool, the attributes that it populates to user profiles, and the trust relationship between the IdP and your user pool.

This data type is a response parameter of [CreateIdentityProvider](API_CreateIdentityProvider.md), [DescribeIdentityProvider](API_DescribeIdentityProvider.md), [GetIdentityProviderByIdentifier](API_GetIdentityProviderByIdentifier.md), and [UpdateIdentityProvider](API_UpdateIdentityProvider.md).

## Contents
<a name="API_IdentityProviderType_Contents"></a>

 ** AttributeMapping **   <a name="CognitoUserPools-Type-IdentityProviderType-AttributeMapping"></a>
A mapping of IdP attributes to standard and custom user pool attributes.  
Type: String to string map  
Key Length Constraints: Minimum length of 1. Maximum length of 32.  
Value Length Constraints: Minimum length of 0. Maximum length of 131072.  
Required: No

 ** CreationDate **   <a name="CognitoUserPools-Type-IdentityProviderType-CreationDate"></a>
The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java `Date` object.  
Type: Timestamp  
Required: No

 ** IdpIdentifiers **   <a name="CognitoUserPools-Type-IdentityProviderType-IdpIdentifiers"></a>
A list of IdP identifiers. IdP identifiers are strings that represent friendly names or domain names of IdPs, for example `MyIdP` or `auth.example.com`. You can choose to route user authorization requests to the right IdP with either IdP identifiers or IdP names. For more information, see `identity_provider` and `idp_identifier` at [Authorize endpoint](https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html#get-authorize-request-parameters).  
Type: Array of strings  
Array Members: Minimum number of 0 items. Maximum number of 50 items.  
Length Constraints: Minimum length of 1. Maximum length of 40.  
Pattern: `[\w\s+=.@-]+`   
Required: No

 ** LastModifiedDate **   <a name="CognitoUserPools-Type-IdentityProviderType-LastModifiedDate"></a>
The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java `Date` object.  
Type: Timestamp  
Required: No

 ** ProviderDetails **   <a name="CognitoUserPools-Type-IdentityProviderType-ProviderDetails"></a>
The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP `authorize_scopes` values must match the values listed here.    
OpenID Connect (OIDC)  
Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer`: `attributes_url`, `authorize_url`, `jwks_uri`, `token_url`.  
Create or update request: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }`   
Describe response: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }`   
SAML  
Create or update request with Metadata URL: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }`   
Create or update request with Metadata file: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }`   
The value of `MetadataFile` must be the plaintext metadata document with all quote (") characters escaped by backslashes.  
Describe response: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }`   
LoginWithAmazon  
Create or update request: `"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"`   
Describe response: `"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }`   
Google  
Create or update request: `"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }`   
Describe response: `"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }`   
SignInWithApple  
Create or update request: `"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }`   
Describe response: `"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }`   
Facebook  
Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }`   
Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` 
Type: String to string map  
Key Length Constraints: Minimum length of 0. Maximum length of 131072.  
Value Length Constraints: Minimum length of 0. Maximum length of 131072.  
Required: No

 ** ProviderName **   <a name="CognitoUserPools-Type-IdentityProviderType-ProviderName"></a>
A friendly name for the IdP.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 32.  
Pattern: `[\p{L}\p{M}\p{S}\p{N}\p{P}\p{Z}]+`   
Required: No

 ** ProviderType **   <a name="CognitoUserPools-Type-IdentityProviderType-ProviderType"></a>
The type of IdP. Either SAML, OIDC, or a named social identity provider.  
Type: String  
Valid Values: `SAML | Facebook | Google | LoginWithAmazon | SignInWithApple | OIDC`   
Required: No

 ** UserPoolId **   <a name="CognitoUserPools-Type-IdentityProviderType-UserPoolId"></a>
The ID of the user pool associated with the IdP.  
Type: String  
Length Constraints: Minimum length of 1. Maximum length of 55.  
Pattern: `[\w-]+_[0-9a-zA-Z]+`   
Required: No

## See Also
<a name="API_IdentityProviderType_SeeAlso"></a>

For more information about using this API in one of the language-specific AWS SDKs, see the following:
+  [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/cognito-idp-2016-04-18/IdentityProviderType) 
+  [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/IdentityProviderType) 
+  [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/cognito-idp-2016-04-18/IdentityProviderType)