Class UserPoolClient

Provides a Cognito User Pool Client resource.

Example Usage

Create a basic user pool client

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
    {
    });
    var client = new Aws.Cognito.UserPoolClient("client", new Aws.Cognito.UserPoolClientArgs
    {
        UserPoolId = pool.Id,
    });
}

}

Create a user pool client with no SRP authentication

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var pool = new Aws.Cognito.UserPool("pool", new Aws.Cognito.UserPoolArgs
    {
    });
    var client = new Aws.Cognito.UserPoolClient("client", new Aws.Cognito.UserPoolClientArgs
    {
        ExplicitAuthFlows = 
        {
            "ADMIN_NO_SRP_AUTH",
        },
        GenerateSecret = true,
        UserPoolId = pool.Id,
    });
}

}

Create a user pool client with pinpoint analytics

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());
    var testUserPool = new Aws.Cognito.UserPool("testUserPool", new Aws.Cognito.UserPoolArgs
    {
    });
    var testApp = new Aws.Pinpoint.App("testApp", new Aws.Pinpoint.AppArgs
    {
    });
    var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
    {
        AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
  ""Action"": ""sts:AssumeRole"",
  ""Principal"": {
    ""Service"": ""cognito-idp.amazonaws.com""
  },
  ""Effect"": ""Allow"",
  ""Sid"": """"
}
]
}

",
    });
    var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new Aws.Iam.RolePolicyArgs
    {
        Policy = Output.Tuple(current, testApp.ApplicationId).Apply(values =>
        {
            var current = values.Item1;
            var applicationId = values.Item2;
            return @$"{{
""Version"": ""2012-10-17"",
""Statement"": [
{{
  ""Action"": [
    ""mobiletargeting:UpdateEndpoint"",
    ""mobiletargeting:PutItems""
  ],
  ""Effect"": ""Allow"",
  ""Resource"": ""arn:aws:mobiletargeting:*:{current.AccountId}:apps/{applicationId}*""
}}
]
}}

";
        }),
        Role = testRole.Id,
    });
    var testUserPoolClient = new Aws.Cognito.UserPoolClient("testUserPoolClient", new Aws.Cognito.UserPoolClientArgs
    {
        AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs
        {
            ApplicationId = testApp.ApplicationId,
            ExternalId = "some_id",
            RoleArn = testRole.Arn,
            UserDataShared = true,
        },
        UserPoolId = testUserPool.Id,
    });
}

}
Inheritance
System.Object
Resource
CustomResource
UserPoolClient
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Cognito
Assembly: Pulumi.Aws.dll
Syntax
public class UserPoolClient : CustomResource

Constructors

View Source

UserPoolClient(String, UserPoolClientArgs, CustomResourceOptions)

Create a UserPoolClient resource with the given unique name, arguments, and options.

Declaration
public UserPoolClient(string name, UserPoolClientArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
UserPoolClientArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AllowedOauthFlows

List of allowed OAuth flows (code, implicit, client_credentials).

Declaration
public Output<ImmutableArray<string>> AllowedOauthFlows { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

AllowedOauthFlowsUserPoolClient

Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

Declaration
public Output<bool?> AllowedOauthFlowsUserPoolClient { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AllowedOauthScopes

List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

Declaration
public Output<ImmutableArray<string>> AllowedOauthScopes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

AnalyticsConfiguration

The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.

Declaration
public Output<UserPoolClientAnalyticsConfiguration> AnalyticsConfiguration { get; }
Property Value
Type Description
Output<UserPoolClientAnalyticsConfiguration>
View Source

CallbackUrls

List of allowed callback URLs for the identity providers.

Declaration
public Output<ImmutableArray<string>> CallbackUrls { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

ClientSecret

The client secret of the user pool client.

Declaration
public Output<string> ClientSecret { get; }
Property Value
Type Description
Output<System.String>
View Source

DefaultRedirectUri

The default redirect URI. Must be in the list of callback URLs.

Declaration
public Output<string> DefaultRedirectUri { get; }
Property Value
Type Description
Output<System.String>
View Source

ExplicitAuthFlows

List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

Declaration
public Output<ImmutableArray<string>> ExplicitAuthFlows { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

GenerateSecret

Should an application secret be generated.

Declaration
public Output<bool?> GenerateSecret { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

LogoutUrls

List of allowed logout URLs for the identity providers.

Declaration
public Output<ImmutableArray<string>> LogoutUrls { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Name

The name of the application client.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

PreventUserExistenceErrors

Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

Declaration
public Output<string> PreventUserExistenceErrors { get; }
Property Value
Type Description
Output<System.String>
View Source

ReadAttributes

List of user pool attributes the application client can read from.

Declaration
public Output<ImmutableArray<string>> ReadAttributes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

RefreshTokenValidity

The time limit in days refresh tokens are valid for.

Declaration
public Output<int?> RefreshTokenValidity { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

SupportedIdentityProviders

List of provider names for the identity providers that are supported on this client.

Declaration
public Output<ImmutableArray<string>> SupportedIdentityProviders { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

UserPoolId

The user pool the client belongs to.

Declaration
public Output<string> UserPoolId { get; }
Property Value
Type Description
Output<System.String>
View Source

WriteAttributes

List of user pool attributes the application client can write to.

Declaration
public Output<ImmutableArray<string>> WriteAttributes { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>

Methods

View Source

Get(String, Input<String>, UserPoolClientState, CustomResourceOptions)

Get an existing UserPoolClient resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static UserPoolClient Get(string name, Input<string> id, UserPoolClientState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
UserPoolClientState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
UserPoolClient