Docs Packages
  1. Packages
  2. AWS Classic
  3. API Docs
  4. cognito
  5. UserPoolClient

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi
pulumi/pulumi-aws

aws.cognito.UserPoolClient

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi
pulumi/pulumi-aws

    Provides a Cognito User Pool Client resource.

    To manage a User Pool Client created by another service, such as when configuring an OpenSearch Domain to use Cognito authentication, use the aws.cognito.ManagedUserPoolClient resource instead.

    Example Usage

    Create a basic user pool client

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pool = new Aws.Cognito.UserPool("pool");

    var client = new Aws.Cognito.UserPoolClient("client", new()
    {
        UserPoolId = pool.Id,
    });

});

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := cognito.NewUserPool(ctx, "pool", nil)
		if err != nil {
			return err
		}
		_, err = cognito.NewUserPoolClient(ctx, "client", &cognito.UserPoolClientArgs{
			UserPoolId: pool.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pool = new UserPool("pool");

        var client = new UserPoolClient("client", UserPoolClientArgs.builder()        
            .userPoolId(pool.id())
            .build());

    }
}

    import pulumi
import pulumi_aws as aws

pool = aws.cognito.UserPool("pool")
client = aws.cognito.UserPoolClient("client", user_pool_id=pool.id)

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {userPoolId: pool.id});

    resources:
  client:
    type: aws:cognito:UserPoolClient
    properties:
      userPoolId: ${pool.id}
  pool:
    type: aws:cognito:UserPool

    Create a user pool client with no SRP authentication

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pool = new Aws.Cognito.UserPool("pool");

    var client = new Aws.Cognito.UserPoolClient("client", new()
    {
        UserPoolId = pool.Id,
        GenerateSecret = true,
        ExplicitAuthFlows = new[]
        {
            "ADMIN_NO_SRP_AUTH",
        },
    });

});

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := cognito.NewUserPool(ctx, "pool", nil)
		if err != nil {
			return err
		}
		_, err = cognito.NewUserPoolClient(ctx, "client", &cognito.UserPoolClientArgs{
			UserPoolId:     pool.ID(),
			GenerateSecret: pulumi.Bool(true),
			ExplicitAuthFlows: pulumi.StringArray{
				pulumi.String("ADMIN_NO_SRP_AUTH"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pool = new UserPool("pool");

        var client = new UserPoolClient("client", UserPoolClientArgs.builder()        
            .userPoolId(pool.id())
            .generateSecret(true)
            .explicitAuthFlows("ADMIN_NO_SRP_AUTH")
            .build());

    }
}

    import pulumi
import pulumi_aws as aws

pool = aws.cognito.UserPool("pool")
client = aws.cognito.UserPoolClient("client",
    user_pool_id=pool.id,
    generate_secret=True,
    explicit_auth_flows=["ADMIN_NO_SRP_AUTH"])

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const client = new aws.cognito.UserPoolClient("client", {
    userPoolId: pool.id,
    generateSecret: true,
    explicitAuthFlows: ["ADMIN_NO_SRP_AUTH"],
});

    resources:
  client:
    type: aws:cognito:UserPoolClient
    properties:
      userPoolId: ${pool.id}
      generateSecret: true
      explicitAuthFlows:
        - ADMIN_NO_SRP_AUTH
  pool:
    type: aws:cognito:UserPool

    Create a user pool client with pinpoint analytics

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var testUserPool = new Aws.Cognito.UserPool("testUserPool");

    var testApp = new Aws.Pinpoint.App("testApp");

    var assumeRole = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Type = "Service",
                        Identifiers = new[]
                        {
                            "cognito-idp.amazonaws.com",
                        },
                    },
                },
                Actions = new[]
                {
                    "sts:AssumeRole",
                },
            },
        },
    });

    var testRole = new Aws.Iam.Role("testRole", new()
    {
        AssumeRolePolicy = assumeRole.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var testUserPoolClient = new Aws.Cognito.UserPoolClient("testUserPoolClient", new()
    {
        UserPoolId = testUserPool.Id,
        AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs
        {
            ApplicationId = testApp.ApplicationId,
            ExternalId = "some_id",
            RoleArn = testRole.Arn,
            UserDataShared = true,
        },
    });

    var current = Aws.GetCallerIdentity.Invoke();

    var testPolicyDocument = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Effect = "Allow",
                Actions = new[]
                {
                    "mobiletargeting:UpdateEndpoint",
                    "mobiletargeting:PutEvents",
                },
                Resources = new[]
                {
                    $"arn:aws:mobiletargeting:*:{current.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:apps/{testApp.ApplicationId}*",
                },
            },
        },
    });

    var testRolePolicy = new Aws.Iam.RolePolicy("testRolePolicy", new()
    {
        Role = testRole.Id,
        Policy = testPolicyDocument.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

});

    package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/pinpoint"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		testUserPool, err := cognito.NewUserPool(ctx, "testUserPool", nil)
		if err != nil {
			return err
		}
		testApp, err := pinpoint.NewApp(ctx, "testApp", nil)
		if err != nil {
			return err
		}
		assumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{
			Statements: []iam.GetPolicyDocumentStatement{
				{
					Effect: pulumi.StringRef("Allow"),
					Principals: []iam.GetPolicyDocumentStatementPrincipal{
						{
							Type: "Service",
							Identifiers: []string{
								"cognito-idp.amazonaws.com",
							},
						},
					},
					Actions: []string{
						"sts:AssumeRole",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		testRole, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{
			AssumeRolePolicy: *pulumi.String(assumeRole.Json),
		})
		if err != nil {
			return err
		}
		_, err = cognito.NewUserPoolClient(ctx, "testUserPoolClient", &cognito.UserPoolClientArgs{
			UserPoolId: testUserPool.ID(),
			AnalyticsConfiguration: &cognito.UserPoolClientAnalyticsConfigurationArgs{
				ApplicationId:  testApp.ApplicationId,
				ExternalId:     pulumi.String("some_id"),
				RoleArn:        testRole.Arn,
				UserDataShared: pulumi.Bool(true),
			},
		})
		if err != nil {
			return err
		}
		current, err := aws.GetCallerIdentity(ctx, nil, nil)
		if err != nil {
			return err
		}
		testPolicyDocument := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Effect: pulumi.String("Allow"),
					Actions: pulumi.StringArray{
						pulumi.String("mobiletargeting:UpdateEndpoint"),
						pulumi.String("mobiletargeting:PutEvents"),
					},
					Resources: pulumi.StringArray{
						testApp.ApplicationId.ApplyT(func(applicationId string) (string, error) {
							return fmt.Sprintf("arn:aws:mobiletargeting:*:%v:apps/%v*", current.AccountId, applicationId), nil
						}).(pulumi.StringOutput),
					},
				},
			},
		}, nil)
		_, err = iam.NewRolePolicy(ctx, "testRolePolicy", &iam.RolePolicyArgs{
			Role: testRole.ID(),
			Policy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (*string, error) {
				return &testPolicyDocument.Json, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.pinpoint.App;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import com.pulumi.aws.cognito.inputs.UserPoolClientAnalyticsConfigurationArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.iam.RolePolicy;
import com.pulumi.aws.iam.RolePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testUserPool = new UserPool("testUserPool");

        var testApp = new App("testApp");

        final var assumeRole = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .type("Service")
                    .identifiers("cognito-idp.amazonaws.com")
                    .build())
                .actions("sts:AssumeRole")
                .build())
            .build());

        var testRole = new Role("testRole", RoleArgs.builder()        
            .assumeRolePolicy(assumeRole.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());

        var testUserPoolClient = new UserPoolClient("testUserPoolClient", UserPoolClientArgs.builder()        
            .userPoolId(testUserPool.id())
            .analyticsConfiguration(UserPoolClientAnalyticsConfigurationArgs.builder()
                .applicationId(testApp.applicationId())
                .externalId("some_id")
                .roleArn(testRole.arn())
                .userDataShared(true)
                .build())
            .build());

        final var current = AwsFunctions.getCallerIdentity();

        final var testPolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .effect("Allow")
                .actions(                
                    "mobiletargeting:UpdateEndpoint",
                    "mobiletargeting:PutEvents")
                .resources(testApp.applicationId().applyValue(applicationId -> String.format("arn:aws:mobiletargeting:*:%s:apps/%s*", current.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),applicationId)))
                .build())
            .build());

        var testRolePolicy = new RolePolicy("testRolePolicy", RolePolicyArgs.builder()        
            .role(testRole.id())
            .policy(testPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(testPolicyDocument -> testPolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

    }
}

    import pulumi
import pulumi_aws as aws

test_user_pool = aws.cognito.UserPool("testUserPool")
test_app = aws.pinpoint.App("testApp")
assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        type="Service",
        identifiers=["cognito-idp.amazonaws.com"],
    )],
    actions=["sts:AssumeRole"],
)])
test_role = aws.iam.Role("testRole", assume_role_policy=assume_role.json)
test_user_pool_client = aws.cognito.UserPoolClient("testUserPoolClient",
    user_pool_id=test_user_pool.id,
    analytics_configuration=aws.cognito.UserPoolClientAnalyticsConfigurationArgs(
        application_id=test_app.application_id,
        external_id="some_id",
        role_arn=test_role.arn,
        user_data_shared=True,
    ))
current = aws.get_caller_identity()
test_policy_document = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    effect="Allow",
    actions=[
        "mobiletargeting:UpdateEndpoint",
        "mobiletargeting:PutEvents",
    ],
    resources=[test_app.application_id.apply(lambda application_id: f"arn:aws:mobiletargeting:*:{current.account_id}:apps/{application_id}*")],
)])
test_role_policy = aws.iam.RolePolicy("testRolePolicy",
    role=test_role.id,
    policy=test_policy_document.json)

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testUserPool = new aws.cognito.UserPool("testUserPool", {});
const testApp = new aws.pinpoint.App("testApp", {});
const assumeRole = aws.iam.getPolicyDocument({
    statements: [{
        effect: "Allow",
        principals: [{
            type: "Service",
            identifiers: ["cognito-idp.amazonaws.com"],
        }],
        actions: ["sts:AssumeRole"],
    }],
});
const testRole = new aws.iam.Role("testRole", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});
const testUserPoolClient = new aws.cognito.UserPoolClient("testUserPoolClient", {
    userPoolId: testUserPool.id,
    analyticsConfiguration: {
        applicationId: testApp.applicationId,
        externalId: "some_id",
        roleArn: testRole.arn,
        userDataShared: true,
    },
});
const current = aws.getCallerIdentity({});
const testPolicyDocument = aws.iam.getPolicyDocumentOutput({
    statements: [{
        effect: "Allow",
        actions: [
            "mobiletargeting:UpdateEndpoint",
            "mobiletargeting:PutEvents",
        ],
        resources: [pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) => `arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*`)],
    }],
});
const testRolePolicy = new aws.iam.RolePolicy("testRolePolicy", {
    role: testRole.id,
    policy: testPolicyDocument.apply(testPolicyDocument => testPolicyDocument.json),
});

    resources:
  testUserPoolClient:
    type: aws:cognito:UserPoolClient
    properties:
      userPoolId: ${testUserPool.id}
      analyticsConfiguration:
        applicationId: ${testApp.applicationId}
        externalId: some_id
        roleArn: ${testRole.arn}
        userDataShared: true
  testUserPool:
    type: aws:cognito:UserPool
  testApp:
    type: aws:pinpoint:App
  testRole:
    type: aws:iam:Role
    properties:
      assumeRolePolicy: ${assumeRole.json}
  testRolePolicy:
    type: aws:iam:RolePolicy
    properties:
      role: ${testRole.id}
      policy: ${testPolicyDocument.json}
variables:
  current:
    fn::invoke:
      Function: aws:getCallerIdentity
      Arguments: {}
  assumeRole:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            principals:
              - type: Service
                identifiers:
                  - cognito-idp.amazonaws.com
            actions:
              - sts:AssumeRole
  testPolicyDocument:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - effect: Allow
            actions:
              - mobiletargeting:UpdateEndpoint
              - mobiletargeting:PutEvents
            resources:
              - arn:aws:mobiletargeting:*:${current.accountId}:apps/${testApp.applicationId}*

    Create a user pool client with Cognito as the identity provider

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var pool = new Aws.Cognito.UserPool("pool");

    var userpoolClient = new Aws.Cognito.UserPoolClient("userpoolClient", new()
    {
        UserPoolId = pool.Id,
        CallbackUrls = new[]
        {
            "https://example.com",
        },
        AllowedOauthFlowsUserPoolClient = true,
        AllowedOauthFlows = new[]
        {
            "code",
            "implicit",
        },
        AllowedOauthScopes = new[]
        {
            "email",
            "openid",
        },
        SupportedIdentityProviders = new[]
        {
            "COGNITO",
        },
    });

});

    package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/cognito"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		pool, err := cognito.NewUserPool(ctx, "pool", nil)
		if err != nil {
			return err
		}
		_, err = cognito.NewUserPoolClient(ctx, "userpoolClient", &cognito.UserPoolClientArgs{
			UserPoolId: pool.ID(),
			CallbackUrls: pulumi.StringArray{
				pulumi.String("https://example.com"),
			},
			AllowedOauthFlowsUserPoolClient: pulumi.Bool(true),
			AllowedOauthFlows: pulumi.StringArray{
				pulumi.String("code"),
				pulumi.String("implicit"),
			},
			AllowedOauthScopes: pulumi.StringArray{
				pulumi.String("email"),
				pulumi.String("openid"),
			},
			SupportedIdentityProviders: pulumi.StringArray{
				pulumi.String("COGNITO"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.cognito.UserPool;
import com.pulumi.aws.cognito.UserPoolClient;
import com.pulumi.aws.cognito.UserPoolClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var pool = new UserPool("pool");

        var userpoolClient = new UserPoolClient("userpoolClient", UserPoolClientArgs.builder()        
            .userPoolId(pool.id())
            .callbackUrls("https://example.com")
            .allowedOauthFlowsUserPoolClient(true)
            .allowedOauthFlows(            
                "code",
                "implicit")
            .allowedOauthScopes(            
                "email",
                "openid")
            .supportedIdentityProviders("COGNITO")
            .build());

    }
}

    import pulumi
import pulumi_aws as aws

pool = aws.cognito.UserPool("pool")
userpool_client = aws.cognito.UserPoolClient("userpoolClient",
    user_pool_id=pool.id,
    callback_urls=["https://example.com"],
    allowed_oauth_flows_user_pool_client=True,
    allowed_oauth_flows=[
        "code",
        "implicit",
    ],
    allowed_oauth_scopes=[
        "email",
        "openid",
    ],
    supported_identity_providers=["COGNITO"])

    import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const pool = new aws.cognito.UserPool("pool", {});
const userpoolClient = new aws.cognito.UserPoolClient("userpoolClient", {
    userPoolId: pool.id,
    callbackUrls: ["https://example.com"],
    allowedOauthFlowsUserPoolClient: true,
    allowedOauthFlows: [
        "code",
        "implicit",
    ],
    allowedOauthScopes: [
        "email",
        "openid",
    ],
    supportedIdentityProviders: ["COGNITO"],
});

    resources:
  userpoolClient:
    type: aws:cognito:UserPoolClient
    properties:
      userPoolId: ${pool.id}
      callbackUrls:
        - https://example.com
      allowedOauthFlowsUserPoolClient: true
      allowedOauthFlows:
        - code
        - implicit
      allowedOauthScopes:
        - email
        - openid
      supportedIdentityProviders:
        - COGNITO
  pool:
    type: aws:cognito:UserPool

    Create UserPoolClient Resource

    new UserPoolClient(name: string, args: UserPoolClientArgs, opts?: CustomResourceOptions);
    @overload
def UserPoolClient(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   access_token_validity: Optional[int] = None,
                   allowed_oauth_flows: Optional[Sequence[str]] = None,
                   allowed_oauth_flows_user_pool_client: Optional[bool] = None,
                   allowed_oauth_scopes: Optional[Sequence[str]] = None,
                   analytics_configuration: Optional[UserPoolClientAnalyticsConfigurationArgs] = None,
                   auth_session_validity: Optional[int] = None,
                   callback_urls: Optional[Sequence[str]] = None,
                   default_redirect_uri: Optional[str] = None,
                   enable_propagate_additional_user_context_data: Optional[bool] = None,
                   enable_token_revocation: Optional[bool] = None,
                   explicit_auth_flows: Optional[Sequence[str]] = None,
                   generate_secret: Optional[bool] = None,
                   id_token_validity: Optional[int] = None,
                   logout_urls: Optional[Sequence[str]] = None,
                   name: Optional[str] = None,
                   prevent_user_existence_errors: Optional[str] = None,
                   read_attributes: Optional[Sequence[str]] = None,
                   refresh_token_validity: Optional[int] = None,
                   supported_identity_providers: Optional[Sequence[str]] = None,
                   token_validity_units: Optional[UserPoolClientTokenValidityUnitsArgs] = None,
                   user_pool_id: Optional[str] = None,
                   write_attributes: Optional[Sequence[str]] = None)
@overload
def UserPoolClient(resource_name: str,
                   args: UserPoolClientArgs,
                   opts: Optional[ResourceOptions] = None)
    func NewUserPoolClient(ctx *Context, name string, args UserPoolClientArgs, opts ...ResourceOption) (*UserPoolClient, error)
    public UserPoolClient(string name, UserPoolClientArgs args, CustomResourceOptions? opts = null)
    public UserPoolClient(String name, UserPoolClientArgs args)
public UserPoolClient(String name, UserPoolClientArgs args, CustomResourceOptions options)

    type: aws:cognito:UserPoolClient
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserPoolClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserPoolClientArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserPoolClientArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserPoolClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserPoolClientArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    UserPoolClient Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The UserPoolClient resource accepts the following input properties:

    UserPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    AccessTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    AllowedOauthFlows List<string>

    List of allowed OAuth flows (code, implicit, client_credentials).

    AllowedOauthFlowsUserPoolClient bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    AllowedOauthScopes List<string>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    AnalyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    AuthSessionValidity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    CallbackUrls List<string>

    List of allowed callback URLs for the identity providers.

    DefaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    EnablePropagateAdditionalUserContextData bool

    Activates the propagation of additional user context data.

    EnableTokenRevocation bool

    Enables or disables token revocation.

    ExplicitAuthFlows List<string>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    GenerateSecret bool

    Should an application secret be generated.

    IdTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    LogoutUrls List<string>

    List of allowed logout URLs for the identity providers.

    Name string

    Name of the application client.

    PreventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    ReadAttributes List<string>

    List of user pool attributes the application client can read from.

    RefreshTokenValidity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    SupportedIdentityProviders List<string>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    TokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    WriteAttributes List<string>

    List of user pool attributes the application client can write to.

    UserPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    AccessTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    AllowedOauthFlows []string

    List of allowed OAuth flows (code, implicit, client_credentials).

    AllowedOauthFlowsUserPoolClient bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    AllowedOauthScopes []string

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    AnalyticsConfiguration UserPoolClientAnalyticsConfigurationArgs

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    AuthSessionValidity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    CallbackUrls []string

    List of allowed callback URLs for the identity providers.

    DefaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    EnablePropagateAdditionalUserContextData bool

    Activates the propagation of additional user context data.

    EnableTokenRevocation bool

    Enables or disables token revocation.

    ExplicitAuthFlows []string

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    GenerateSecret bool

    Should an application secret be generated.

    IdTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    LogoutUrls []string

    List of allowed logout URLs for the identity providers.

    Name string

    Name of the application client.

    PreventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    ReadAttributes []string

    List of user pool attributes the application client can read from.

    RefreshTokenValidity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    SupportedIdentityProviders []string

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    TokenValidityUnits UserPoolClientTokenValidityUnitsArgs

    Configuration block for units in which the validity times are represented in. Detailed below.

    WriteAttributes []string

    List of user pool attributes the application client can write to.

    userPoolId String

    User pool the client belongs to.

    The following arguments are optional:

    accessTokenValidity Integer

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows List<String>

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient Boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes List<String>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity Integer

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls List<String>

    List of allowed callback URLs for the identity providers.

    defaultRedirectUri String

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData Boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation Boolean

    Enables or disables token revocation.

    explicitAuthFlows List<String>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret Boolean

    Should an application secret be generated.

    idTokenValidity Integer

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls List<String>

    List of allowed logout URLs for the identity providers.

    name String

    Name of the application client.

    preventUserExistenceErrors String

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes List<String>

    List of user pool attributes the application client can read from.

    refreshTokenValidity Integer

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders List<String>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    writeAttributes List<String>

    List of user pool attributes the application client can write to.

    userPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    accessTokenValidity number

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows string[]

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes string[]

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity number

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls string[]

    List of allowed callback URLs for the identity providers.

    defaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation boolean

    Enables or disables token revocation.

    explicitAuthFlows string[]

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret boolean

    Should an application secret be generated.

    idTokenValidity number

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls string[]

    List of allowed logout URLs for the identity providers.

    name string

    Name of the application client.

    preventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes string[]

    List of user pool attributes the application client can read from.

    refreshTokenValidity number

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders string[]

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    writeAttributes string[]

    List of user pool attributes the application client can write to.

    user_pool_id str

    User pool the client belongs to.

    The following arguments are optional:

    access_token_validity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowed_oauth_flows Sequence[str]

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowed_oauth_flows_user_pool_client bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowed_oauth_scopes Sequence[str]

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analytics_configuration UserPoolClientAnalyticsConfigurationArgs

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    auth_session_validity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callback_urls Sequence[str]

    List of allowed callback URLs for the identity providers.

    default_redirect_uri str

    Default redirect URI. Must be in the list of callback URLs.

    enable_propagate_additional_user_context_data bool

    Activates the propagation of additional user context data.

    enable_token_revocation bool

    Enables or disables token revocation.

    explicit_auth_flows Sequence[str]

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generate_secret bool

    Should an application secret be generated.

    id_token_validity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logout_urls Sequence[str]

    List of allowed logout URLs for the identity providers.

    name str

    Name of the application client.

    prevent_user_existence_errors str

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    read_attributes Sequence[str]

    List of user pool attributes the application client can read from.

    refresh_token_validity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supported_identity_providers Sequence[str]

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    token_validity_units UserPoolClientTokenValidityUnitsArgs

    Configuration block for units in which the validity times are represented in. Detailed below.

    write_attributes Sequence[str]

    List of user pool attributes the application client can write to.

    userPoolId String

    User pool the client belongs to.

    The following arguments are optional:

    accessTokenValidity Number

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows List<String>

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient Boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes List<String>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration Property Map

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity Number

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls List<String>

    List of allowed callback URLs for the identity providers.

    defaultRedirectUri String

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData Boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation Boolean

    Enables or disables token revocation.

    explicitAuthFlows List<String>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret Boolean

    Should an application secret be generated.

    idTokenValidity Number

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls List<String>

    List of allowed logout URLs for the identity providers.

    name String

    Name of the application client.

    preventUserExistenceErrors String

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes List<String>

    List of user pool attributes the application client can read from.

    refreshTokenValidity Number

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders List<String>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits Property Map

    Configuration block for units in which the validity times are represented in. Detailed below.

    writeAttributes List<String>

    List of user pool attributes the application client can write to.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the UserPoolClient resource produces the following output properties:

    ClientSecret string

    Client secret of the user pool client.

    Id string

    The provider-assigned unique ID for this managed resource.

    ClientSecret string

    Client secret of the user pool client.

    Id string

    The provider-assigned unique ID for this managed resource.

    clientSecret String

    Client secret of the user pool client.

    id String

    The provider-assigned unique ID for this managed resource.

    clientSecret string

    Client secret of the user pool client.

    id string

    The provider-assigned unique ID for this managed resource.

    client_secret str

    Client secret of the user pool client.

    id str

    The provider-assigned unique ID for this managed resource.

    clientSecret String

    Client secret of the user pool client.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing UserPoolClient Resource

    Get an existing UserPoolClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserPoolClientState, opts?: CustomResourceOptions): UserPoolClient
    @staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_validity: Optional[int] = None,
        allowed_oauth_flows: Optional[Sequence[str]] = None,
        allowed_oauth_flows_user_pool_client: Optional[bool] = None,
        allowed_oauth_scopes: Optional[Sequence[str]] = None,
        analytics_configuration: Optional[UserPoolClientAnalyticsConfigurationArgs] = None,
        auth_session_validity: Optional[int] = None,
        callback_urls: Optional[Sequence[str]] = None,
        client_secret: Optional[str] = None,
        default_redirect_uri: Optional[str] = None,
        enable_propagate_additional_user_context_data: Optional[bool] = None,
        enable_token_revocation: Optional[bool] = None,
        explicit_auth_flows: Optional[Sequence[str]] = None,
        generate_secret: Optional[bool] = None,
        id_token_validity: Optional[int] = None,
        logout_urls: Optional[Sequence[str]] = None,
        name: Optional[str] = None,
        prevent_user_existence_errors: Optional[str] = None,
        read_attributes: Optional[Sequence[str]] = None,
        refresh_token_validity: Optional[int] = None,
        supported_identity_providers: Optional[Sequence[str]] = None,
        token_validity_units: Optional[UserPoolClientTokenValidityUnitsArgs] = None,
        user_pool_id: Optional[str] = None,
        write_attributes: Optional[Sequence[str]] = None) -> UserPoolClient
    func GetUserPoolClient(ctx *Context, name string, id IDInput, state *UserPoolClientState, opts ...ResourceOption) (*UserPoolClient, error)
    public static UserPoolClient Get(string name, Input<string> id, UserPoolClientState? state, CustomResourceOptions? opts = null)
    public static UserPoolClient get(String name, Output<String> id, UserPoolClientState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    AllowedOauthFlows List<string>

    List of allowed OAuth flows (code, implicit, client_credentials).

    AllowedOauthFlowsUserPoolClient bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    AllowedOauthScopes List<string>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    AnalyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    AuthSessionValidity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    CallbackUrls List<string>

    List of allowed callback URLs for the identity providers.

    ClientSecret string

    Client secret of the user pool client.

    DefaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    EnablePropagateAdditionalUserContextData bool

    Activates the propagation of additional user context data.

    EnableTokenRevocation bool

    Enables or disables token revocation.

    ExplicitAuthFlows List<string>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    GenerateSecret bool

    Should an application secret be generated.

    IdTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    LogoutUrls List<string>

    List of allowed logout URLs for the identity providers.

    Name string

    Name of the application client.

    PreventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    ReadAttributes List<string>

    List of user pool attributes the application client can read from.

    RefreshTokenValidity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    SupportedIdentityProviders List<string>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    TokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    UserPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    WriteAttributes List<string>

    List of user pool attributes the application client can write to.

    AccessTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    AllowedOauthFlows []string

    List of allowed OAuth flows (code, implicit, client_credentials).

    AllowedOauthFlowsUserPoolClient bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    AllowedOauthScopes []string

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    AnalyticsConfiguration UserPoolClientAnalyticsConfigurationArgs

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    AuthSessionValidity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    CallbackUrls []string

    List of allowed callback URLs for the identity providers.

    ClientSecret string

    Client secret of the user pool client.

    DefaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    EnablePropagateAdditionalUserContextData bool

    Activates the propagation of additional user context data.

    EnableTokenRevocation bool

    Enables or disables token revocation.

    ExplicitAuthFlows []string

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    GenerateSecret bool

    Should an application secret be generated.

    IdTokenValidity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    LogoutUrls []string

    List of allowed logout URLs for the identity providers.

    Name string

    Name of the application client.

    PreventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    ReadAttributes []string

    List of user pool attributes the application client can read from.

    RefreshTokenValidity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    SupportedIdentityProviders []string

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    TokenValidityUnits UserPoolClientTokenValidityUnitsArgs

    Configuration block for units in which the validity times are represented in. Detailed below.

    UserPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    WriteAttributes []string

    List of user pool attributes the application client can write to.

    accessTokenValidity Integer

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows List<String>

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient Boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes List<String>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity Integer

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls List<String>

    List of allowed callback URLs for the identity providers.

    clientSecret String

    Client secret of the user pool client.

    defaultRedirectUri String

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData Boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation Boolean

    Enables or disables token revocation.

    explicitAuthFlows List<String>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret Boolean

    Should an application secret be generated.

    idTokenValidity Integer

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls List<String>

    List of allowed logout URLs for the identity providers.

    name String

    Name of the application client.

    preventUserExistenceErrors String

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes List<String>

    List of user pool attributes the application client can read from.

    refreshTokenValidity Integer

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders List<String>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    userPoolId String

    User pool the client belongs to.

    The following arguments are optional:

    writeAttributes List<String>

    List of user pool attributes the application client can write to.

    accessTokenValidity number

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows string[]

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes string[]

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration UserPoolClientAnalyticsConfiguration

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity number

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls string[]

    List of allowed callback URLs for the identity providers.

    clientSecret string

    Client secret of the user pool client.

    defaultRedirectUri string

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation boolean

    Enables or disables token revocation.

    explicitAuthFlows string[]

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret boolean

    Should an application secret be generated.

    idTokenValidity number

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls string[]

    List of allowed logout URLs for the identity providers.

    name string

    Name of the application client.

    preventUserExistenceErrors string

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes string[]

    List of user pool attributes the application client can read from.

    refreshTokenValidity number

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders string[]

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits UserPoolClientTokenValidityUnits

    Configuration block for units in which the validity times are represented in. Detailed below.

    userPoolId string

    User pool the client belongs to.

    The following arguments are optional:

    writeAttributes string[]

    List of user pool attributes the application client can write to.

    access_token_validity int

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowed_oauth_flows Sequence[str]

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowed_oauth_flows_user_pool_client bool

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowed_oauth_scopes Sequence[str]

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analytics_configuration UserPoolClientAnalyticsConfigurationArgs

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    auth_session_validity int

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callback_urls Sequence[str]

    List of allowed callback URLs for the identity providers.

    client_secret str

    Client secret of the user pool client.

    default_redirect_uri str

    Default redirect URI. Must be in the list of callback URLs.

    enable_propagate_additional_user_context_data bool

    Activates the propagation of additional user context data.

    enable_token_revocation bool

    Enables or disables token revocation.

    explicit_auth_flows Sequence[str]

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generate_secret bool

    Should an application secret be generated.

    id_token_validity int

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logout_urls Sequence[str]

    List of allowed logout URLs for the identity providers.

    name str

    Name of the application client.

    prevent_user_existence_errors str

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    read_attributes Sequence[str]

    List of user pool attributes the application client can read from.

    refresh_token_validity int

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supported_identity_providers Sequence[str]

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    token_validity_units UserPoolClientTokenValidityUnitsArgs

    Configuration block for units in which the validity times are represented in. Detailed below.

    user_pool_id str

    User pool the client belongs to.

    The following arguments are optional:

    write_attributes Sequence[str]

    List of user pool attributes the application client can write to.

    accessTokenValidity Number

    Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.access_token.

    allowedOauthFlows List<String>

    List of allowed OAuth flows (code, implicit, client_credentials).

    allowedOauthFlowsUserPoolClient Boolean

    Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.

    allowedOauthScopes List<String>

    List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).

    analyticsConfiguration Property Map

    Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.

    authSessionValidity Number

    Amazon Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user must respond to each authentication challenge before the session expires. Valid values between 3 and 15. Default value is 3.

    callbackUrls List<String>

    List of allowed callback URLs for the identity providers.

    clientSecret String

    Client secret of the user pool client.

    defaultRedirectUri String

    Default redirect URI. Must be in the list of callback URLs.

    enablePropagateAdditionalUserContextData Boolean

    Activates the propagation of additional user context data.

    enableTokenRevocation Boolean

    Enables or disables token revocation.

    explicitAuthFlows List<String>

    List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).

    generateSecret Boolean

    Should an application secret be generated.

    idTokenValidity Number

    Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. By default, the unit is hours. The unit can be overridden by a value in token_validity_units.id_token.

    logoutUrls List<String>

    List of allowed logout URLs for the identity providers.

    name String

    Name of the application client.

    preventUserExistenceErrors String

    Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY, those APIs will return a UserNotFoundException exception if the user does not exist in the user pool.

    readAttributes List<String>

    List of user pool attributes the application client can read from.

    refreshTokenValidity Number

    Time limit, between 60 minutes and 10 years, after which the refresh token is no longer valid and cannot be used. By default, the unit is days. The unit can be overridden by a value in token_validity_units.refresh_token.

    supportedIdentityProviders List<String>

    List of provider names for the identity providers that are supported on this client. Uses the provider_name attribute of aws.cognito.IdentityProvider resource(s), or the equivalent string(s).

    tokenValidityUnits Property Map

    Configuration block for units in which the validity times are represented in. Detailed below.

    userPoolId String

    User pool the client belongs to.

    The following arguments are optional:

    writeAttributes List<String>

    List of user pool attributes the application client can write to.

    Supporting Types

    UserPoolClientAnalyticsConfiguration, UserPoolClientAnalyticsConfigurationArgs

    ApplicationArn string

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    ApplicationId string

    Application ID for an Amazon Pinpoint application.

    ExternalId string

    ID for the Analytics Configuration. Conflicts with application_arn.

    RoleArn string

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    UserDataShared bool

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    ApplicationArn string

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    ApplicationId string

    Application ID for an Amazon Pinpoint application.

    ExternalId string

    ID for the Analytics Configuration. Conflicts with application_arn.

    RoleArn string

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    UserDataShared bool

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    applicationArn String

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    applicationId String

    Application ID for an Amazon Pinpoint application.

    externalId String

    ID for the Analytics Configuration. Conflicts with application_arn.

    roleArn String

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    userDataShared Boolean

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    applicationArn string

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    applicationId string

    Application ID for an Amazon Pinpoint application.

    externalId string

    ID for the Analytics Configuration. Conflicts with application_arn.

    roleArn string

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    userDataShared boolean

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    application_arn str

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    application_id str

    Application ID for an Amazon Pinpoint application.

    external_id str

    ID for the Analytics Configuration. Conflicts with application_arn.

    role_arn str

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    user_data_shared bool

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    applicationArn String

    Application ARN for an Amazon Pinpoint application. Conflicts with external_id and role_arn.

    applicationId String

    Application ID for an Amazon Pinpoint application.

    externalId String

    ID for the Analytics Configuration. Conflicts with application_arn.

    roleArn String

    ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with application_arn.

    userDataShared Boolean

    If set to true, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.

    UserPoolClientTokenValidityUnits, UserPoolClientTokenValidityUnitsArgs

    AccessToken string

    Time unit in for the value in access_token_validity, defaults to hours.

    IdToken string

    Time unit in for the value in id_token_validity, defaults to hours.

    RefreshToken string

    Time unit in for the value in refresh_token_validity, defaults to days.

    AccessToken string

    Time unit in for the value in access_token_validity, defaults to hours.

    IdToken string

    Time unit in for the value in id_token_validity, defaults to hours.

    RefreshToken string

    Time unit in for the value in refresh_token_validity, defaults to days.

    accessToken String

    Time unit in for the value in access_token_validity, defaults to hours.

    idToken String

    Time unit in for the value in id_token_validity, defaults to hours.

    refreshToken String

    Time unit in for the value in refresh_token_validity, defaults to days.

    accessToken string

    Time unit in for the value in access_token_validity, defaults to hours.

    idToken string

    Time unit in for the value in id_token_validity, defaults to hours.

    refreshToken string

    Time unit in for the value in refresh_token_validity, defaults to days.

    access_token str

    Time unit in for the value in access_token_validity, defaults to hours.

    id_token str

    Time unit in for the value in id_token_validity, defaults to hours.

    refresh_token str

    Time unit in for the value in refresh_token_validity, defaults to days.

    accessToken String

    Time unit in for the value in access_token_validity, defaults to hours.

    idToken String

    Time unit in for the value in id_token_validity, defaults to hours.

    refreshToken String

    Time unit in for the value in refresh_token_validity, defaults to days.

    Import

    Using pulumi import, import Cognito User Pool Clients using the id of the Cognito User Pool, and the id of the Cognito User Pool Client. For example:

     $ pulumi import aws:cognito/userPoolClient:UserPoolClient client us-west-2_abc123/3ho4ek12345678909nh3fmhpko

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.13.1 published on Tuesday, Dec 5, 2023 by Pulumi
    pulumi/pulumi-aws