本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# `CreateUserPoolClient` 搭配 AWS SDK 或 CLI 使用
下列程式碼範例示範如何使用 `CreateUserPoolClient`。
------
#### [ CLI ]
**AWS CLI**
**建立使用者集區用戶端**
下列 `create-user-pool-client` 範例會透過下列各項來建立新的使用者集區用戶端:用戶端私密、明確的讀取和寫入屬性、具使用者名稱密碼和 SRP 流程的登入、具三個 IdP 的登入、OAuth 範圍的子集存取權、PinPoint 分析,以及延伸的身分驗證工作階段有效性。
```
aws cognito-idp create-user-pool-client \
--user-pool-id us-west-2_EXAMPLE \
--client-name MyTestClient \
--generate-secret \
--refresh-token-validity 10 \
--access-token-validity 60 \
--id-token-validity 60 \
--token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \
--read-attributes email phone_number email_verified phone_number_verified \
--write-attributes email phone_number \
--explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \
--supported-identity-providers Google Facebook MyOIDC \
--callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \
--allowed-o-auth-flows code implicit \
--allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \
--allowed-o-auth-flows-user-pool-client \
--analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \
--prevent-user-existence-errors ENABLED \
--enable-token-revocation \
--enable-propagate-additional-user-context-data \
--auth-session-validity 4
```
輸出:
```
{
"UserPoolClient": {
"UserPoolId": "us-west-2_EXAMPLE",
"ClientName": "MyTestClient",
"ClientId": "123abc456defEXAMPLE",
"ClientSecret": "this1234is5678my91011example1213client1415secret",
"LastModifiedDate": 1726788459.464,
"CreationDate": 1726788459.464,
"RefreshTokenValidity": 10,
"AccessTokenValidity": 60,
"IdTokenValidity": 60,
"TokenValidityUnits": {
"AccessToken": "minutes",
"IdToken": "minutes",
"RefreshToken": "days"
},
"ReadAttributes": [
"email_verified",
"phone_number_verified",
"phone_number",
"email"
],
"WriteAttributes": [
"phone_number",
"email"
],
"ExplicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"SupportedIdentityProviders": [
"Google",
"MyOIDC",
"Facebook"
],
"CallbackURLs": [
"https://example.com",
"https://www.amazon.com",
"myapp://example",
"http://localhost:8001"
],
"AllowedOAuthFlows": [
"implicit",
"code"
],
"AllowedOAuthScopes": [
"aws.cognito.signin.user.admin",
"openid",
"profile",
"solar-system-data/asteroids.add"
],
"AllowedOAuthFlowsUserPoolClient": true,
"AnalyticsConfiguration": {
"ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid",
"RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp",
"UserDataShared": true
},
"PreventUserExistenceErrors": "ENABLED",
"EnableTokenRevocation": true,
"EnablePropagateAdditionalUserContextData": true,
"AuthSessionValidity": 4
}
}
```
如需詳細資訊,請參閱《*Amazon Cognito 開發人員指南*》中的[使用應用程式用戶端的特定應用程式設定](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html)。
+ 如需 API 詳細資訊,請參閱《AWS CLI 命令參考》**中的 [CreateUserPoolClient](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cognito-idp/create-user-pool-client.html)。
------
#### [ Java ]
**SDK for Java 2.x**
GitHub 上提供更多範例。尋找完整範例,並了解如何在 [AWS 程式碼範例儲存庫](https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/cognito#code-examples)中設定和執行。
```
import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.cognitoidentityprovider.CognitoIdentityProviderClient;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CognitoIdentityProviderException;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientRequest;
import software.amazon.awssdk.services.cognitoidentityprovider.model.CreateUserPoolClientResponse;
/**
* A user pool client app is an application that authenticates with Amazon
* Cognito user pools.
* When you create a user pool, you can configure app clients that allow mobile
* or web applications
* to call API operations to authenticate users, manage user attributes and
* profiles,
* and implement sign-up and sign-in flows.
*
* Before running this Java V2 code example, set up your development
* environment, including your credentials.
*
* For more information, see the following documentation topic:
* https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/get-started.html
*/
public class CreateUserPoolClient {
public static void main(String[] args) {
final String usage = """
Usage:
\s
Where:
clientName - The name for the user pool client to create.
userPoolId - The ID for the user pool.
""";
if (args.length != 2) {
System.out.println(usage);
System.exit(1);
}
String clientName = args[0];
String userPoolId = args[1];
CognitoIdentityProviderClient cognitoClient = CognitoIdentityProviderClient.builder()
.region(Region.US_EAST_1)
.build();
createPoolClient(cognitoClient, clientName, userPoolId);
cognitoClient.close();
}
public static void createPoolClient(CognitoIdentityProviderClient cognitoClient, String clientName,
String userPoolId) {
try {
CreateUserPoolClientRequest request = CreateUserPoolClientRequest.builder()
.clientName(clientName)
.userPoolId(userPoolId)
.build();
CreateUserPoolClientResponse response = cognitoClient.createUserPoolClient(request);
System.out.println("User pool " + response.userPoolClient().clientName() + " created. ID: "
+ response.userPoolClient().clientId());
} catch (CognitoIdentityProviderException e) {
System.err.println(e.awsErrorDetails().errorMessage());
System.exit(1);
}
}
}
```
+ 如需 API 詳細資訊,請參閱《AWS SDK for Java 2.x API 參考》**中的 [CreateUserPoolClient](https://docs.aws.amazon.com/goto/SdkForJavaV2/cognito-idp-2016-04-18/CreateUserPoolClient)。
------
如需 AWS SDK 開發人員指南和程式碼範例的完整清單,請參閱 [搭配 AWS SDK 使用此服務](sdk-general-information-section.md)。此主題也包含有關入門的資訊和舊版 SDK 的詳細資訊。