user_pool_clients
Creates, updates, deletes or gets an user_pool_client resource or lists user_pool_clients in a region
Overview
| Name | user_pool_clients |
| Type | Resource |
| Description | Resource Type definition for AWS::Cognito::UserPoolClient |
| Id | awscc.cognito.user_pool_clients |
Fields
- get (all properties)
- list (identifiers only)
| Name | Datatype | Description |
|---|---|---|
client_name | string | |
explicit_auth_flows | array | |
generate_secret | boolean | |
read_attributes | array | |
auth_session_validity | integer | |
refresh_token_validity | integer | |
access_token_validity | integer | |
id_token_validity | integer | |
token_validity_units | object | |
refresh_token_rotation | object | |
user_pool_id | string | |
write_attributes | array | |
allowed_oauth_flows | array | |
allowed_oauth_flows_user_pool_client | boolean | |
allowed_oauth_scopes | array | |
callback_urls | array | |
default_redirect_uri | string | |
logout_urls | array | |
supported_identity_providers | array | |
analytics_configuration | object | |
prevent_user_existence_errors | string | |
enable_token_revocation | boolean | |
enable_propagate_additional_user_context_data | boolean | |
name | string | |
client_secret | string | |
client_id | string | |
region | string | AWS region. |
| Name | Datatype | Description |
|---|---|---|
user_pool_id | string | |
client_id | string | |
region | string | AWS region. |
For more information, see AWS::Cognito::UserPoolClient.
Methods
| Name | Resource | Accessible by | Required Params |
|---|---|---|---|
create_resource | user_pool_clients | INSERT | UserPoolId, region |
delete_resource | user_pool_clients | DELETE | Identifier, region |
update_resource | user_pool_clients | UPDATE | Identifier, PatchDocument, region |
list_resources | user_pool_clients_list_only | SELECT | region |
get_resource | user_pool_clients | SELECT | Identifier, region |
SELECT examples
- get (all properties)
- list (identifiers only)
Gets all properties from an individual user_pool_client.
SELECT
region,
client_name,
explicit_auth_flows,
generate_secret,
read_attributes,
auth_session_validity,
refresh_token_validity,
access_token_validity,
id_token_validity,
token_validity_units,
refresh_token_rotation,
user_pool_id,
write_attributes,
allowed_oauth_flows,
allowed_oauth_flows_user_pool_client,
allowed_oauth_scopes,
callback_urls,
default_redirect_uri,
logout_urls,
supported_identity_providers,
analytics_configuration,
prevent_user_existence_errors,
enable_token_revocation,
enable_propagate_additional_user_context_data,
name,
client_secret,
client_id
FROM awscc.cognito.user_pool_clients
WHERE
region = '{{ region }}' AND
Identifier = '{{ user_pool_id }}|{{ client_id }}';
Lists all user_pool_clients in a region.
SELECT
region,
user_pool_id,
client_id
FROM awscc.cognito.user_pool_clients_list_only
WHERE
region = '{{ region }}';
INSERT example
Use the following StackQL query and manifest file to create a new user_pool_client resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.cognito.user_pool_clients (
UserPoolId,
region
)
SELECT
'{{ user_pool_id }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
/*+ create */
INSERT INTO awscc.cognito.user_pool_clients (
ClientName,
ExplicitAuthFlows,
GenerateSecret,
ReadAttributes,
AuthSessionValidity,
RefreshTokenValidity,
AccessTokenValidity,
IdTokenValidity,
TokenValidityUnits,
RefreshTokenRotation,
UserPoolId,
WriteAttributes,
AllowedOAuthFlows,
AllowedOAuthFlowsUserPoolClient,
AllowedOAuthScopes,
CallbackURLs,
DefaultRedirectURI,
LogoutURLs,
SupportedIdentityProviders,
AnalyticsConfiguration,
PreventUserExistenceErrors,
EnableTokenRevocation,
EnablePropagateAdditionalUserContextData,
region
)
SELECT
'{{ client_name }}',
'{{ explicit_auth_flows }}',
'{{ generate_secret }}',
'{{ read_attributes }}',
'{{ auth_session_validity }}',
'{{ refresh_token_validity }}',
'{{ access_token_validity }}',
'{{ id_token_validity }}',
'{{ token_validity_units }}',
'{{ refresh_token_rotation }}',
'{{ user_pool_id }}',
'{{ write_attributes }}',
'{{ allowed_oauth_flows }}',
'{{ allowed_oauth_flows_user_pool_client }}',
'{{ allowed_oauth_scopes }}',
'{{ callback_urls }}',
'{{ default_redirect_uri }}',
'{{ logout_urls }}',
'{{ supported_identity_providers }}',
'{{ analytics_configuration }}',
'{{ prevent_user_existence_errors }}',
'{{ enable_token_revocation }}',
'{{ enable_propagate_additional_user_context_data }}',
'{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: user_pool_client
props:
- name: client_name
value: '{{ client_name }}'
- name: explicit_auth_flows
value:
- '{{ explicit_auth_flows[0] }}'
- name: generate_secret
value: '{{ generate_secret }}'
- name: read_attributes
value:
- '{{ read_attributes[0] }}'
- name: auth_session_validity
value: '{{ auth_session_validity }}'
- name: refresh_token_validity
value: '{{ refresh_token_validity }}'
- name: access_token_validity
value: '{{ access_token_validity }}'
- name: id_token_validity
value: '{{ id_token_validity }}'
- name: token_validity_units
value:
access_token: '{{ access_token }}'
id_token: '{{ id_token }}'
refresh_token: '{{ refresh_token }}'
- name: refresh_token_rotation
value:
feature: '{{ feature }}'
retry_grace_period_seconds: '{{ retry_grace_period_seconds }}'
- name: user_pool_id
value: '{{ user_pool_id }}'
- name: write_attributes
value:
- '{{ write_attributes[0] }}'
- name: allowed_oauth_flows
value:
- '{{ allowed_oauth_flows[0] }}'
- name: allowed_oauth_flows_user_pool_client
value: '{{ allowed_oauth_flows_user_pool_client }}'
- name: allowed_oauth_scopes
value:
- '{{ allowed_oauth_scopes[0] }}'
- name: callback_urls
value:
- '{{ callback_urls[0] }}'
- name: default_redirect_uri
value: '{{ default_redirect_uri }}'
- name: logout_urls
value:
- '{{ logout_urls[0] }}'
- name: supported_identity_providers
value:
- '{{ supported_identity_providers[0] }}'
- name: analytics_configuration
value:
application_arn: '{{ application_arn }}'
application_id: '{{ application_id }}'
external_id: '{{ external_id }}'
role_arn: '{{ role_arn }}'
user_data_shared: '{{ user_data_shared }}'
- name: prevent_user_existence_errors
value: '{{ prevent_user_existence_errors }}'
- name: enable_token_revocation
value: '{{ enable_token_revocation }}'
- name: enable_propagate_additional_user_context_data
value: '{{ enable_propagate_additional_user_context_data }}'
UPDATE example
Use the following StackQL query and manifest file to update a user_pool_client resource, using stack-deploy.
/*+ update */
UPDATE awscc.cognito.user_pool_clients
SET PatchDocument = string('{{ {
"ClientName": client_name,
"ExplicitAuthFlows": explicit_auth_flows,
"ReadAttributes": read_attributes,
"AuthSessionValidity": auth_session_validity,
"RefreshTokenValidity": refresh_token_validity,
"AccessTokenValidity": access_token_validity,
"IdTokenValidity": id_token_validity,
"TokenValidityUnits": token_validity_units,
"RefreshTokenRotation": refresh_token_rotation,
"WriteAttributes": write_attributes,
"AllowedOAuthFlows": allowed_oauth_flows,
"AllowedOAuthFlowsUserPoolClient": allowed_oauth_flows_user_pool_client,
"AllowedOAuthScopes": allowed_oauth_scopes,
"CallbackURLs": callback_urls,
"DefaultRedirectURI": default_redirect_uri,
"LogoutURLs": logout_urls,
"SupportedIdentityProviders": supported_identity_providers,
"AnalyticsConfiguration": analytics_configuration,
"PreventUserExistenceErrors": prevent_user_existence_errors,
"EnableTokenRevocation": enable_token_revocation,
"EnablePropagateAdditionalUserContextData": enable_propagate_additional_user_context_data
} | generate_patch_document }}')
WHERE
region = '{{ region }}' AND
Identifier = '{{ user_pool_id }}|{{ client_id }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
DELETE example
/*+ delete */
DELETE FROM awscc.cognito.user_pool_clients
WHERE
Identifier = '{{ user_pool_id }}|{{ client_id }}' AND
region = '{{ region }}'
RETURNING
ErrorCode,
EventTime,
Identifier,
Operation,
OperationStatus,
RequestToken,
ResourceModel,
RetryAfter,
StatusMessage,
TypeName
;
Additional Parameters
Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:
| Parameter | Description |
|---|---|
ClientToken | A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.A client token is valid for 36 hours once used. After that, a resource request with the same client token is treated as a new request. If you do not specify a client token, one is generated for inclusion in the request. |
RoleArn | The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.If you do not specify a role, a temporary session is created using your AWS user credentials. |
TypeVersionId | For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used. |
Permissions
To operate on the user_pool_clients resource, the following permissions are required:
- Create
- Read
- Update
- Delete
- List
cognito-idp:CreateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy,
iam:CreateServiceLinkedRole
cognito-idp:DescribeUserPoolClient
cognito-idp:UpdateUserPoolClient,
iam:PassRole,
iam:PutRolePolicy
cognito-idp:DeleteUserPoolClient,
iam:PutRolePolicy,
iam:DeleteRolePolicy
cognito-idp:ListUserPoolClients