AddUserPoolClientSecret - Amazon Cognito User Pools
Request SyntaxRequest ParametersResponse SyntaxResponse ElementsErrorsSee Also

AddUserPoolClientSecret

Creates a new client secret for an existing confidential user pool app client. Supports up to 2 active secrets per app client for zero-downtime credential rotation workflows.

Request Syntax

{
   "ClientId": "string",
   "ClientSecret": "string",
   "UserPoolId": "string"
}

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

ClientId

The ID of the app client for which you want to create a new secret.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+]+

Required: Yes

ClientSecret

The client secret value you want to use. If you don't provide this parameter, Amazon Cognito generates a secure secret for you.

Type: String

Length Constraints: Minimum length of 24. Maximum length of 64.

Pattern: [\w+]+

Required: No

UserPoolId

The ID of the user pool that contains the app client.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 55.

Pattern: [\w-]+_[0-9a-zA-Z]+

Required: Yes

Response Syntax

{
   "ClientSecretDescriptor": { 
      "ClientSecretCreateDate": number,
      "ClientSecretId": "string",
      "ClientSecretValue": "string"
   }
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

ClientSecretDescriptor

The details of the newly created client secret, including its unique identifier and creation timestamp. The ClientSecretValue is only returned when Amazon Cognito generates the secret. For custom secrets that you provide, the ClientSecretValue is not included in the response.

Type: ClientSecretDescriptorType object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

This exception is thrown when you don't have sufficient permissions to perform the requested operation.

HTTP Status Code: 400

InternalServerException

This exception is thrown when Amazon Cognito encounters an internal server error.

HTTP Status Code: 500

InvalidParameterException

This exception is thrown when the Amazon Cognito service encounters an invalid parameter.

message

The message returned when the Amazon Cognito service throws an invalid parameter exception.

reasonCode

The reason code of the exception.

HTTP Status Code: 400

LimitExceededException

This exception is thrown when a user exceeds the limit for a requested AWS resource.

message

The message returned when Amazon Cognito throws a limit exceeded exception.

HTTP Status Code: 400

ResourceNotFoundException

This exception is thrown when the Amazon Cognito service can't find the requested resource.

message

The message returned when the Amazon Cognito service returns a resource not found exception.

HTTP Status Code: 400

TooManyRequestsException

This exception is thrown when the user has made too many requests for a given operation.

message

The message returned when the Amazon Cognito service returns a too many requests exception.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: