AWS Native v0.126.0, Sep 30 24

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.cognito.UserPoolIdentityProvider

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

pulumi/pulumi-aws-native

Create UserPoolIdentityProvider Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new UserPoolIdentityProvider(name: string, args: UserPoolIdentityProviderArgs, opts?: CustomResourceOptions);

@overload
def UserPoolIdentityProvider(resource_name: str,
                             args: UserPoolIdentityProviderArgs,
                             opts: Optional[ResourceOptions] = None)

@overload
def UserPoolIdentityProvider(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             provider_type: Optional[str] = None,
                             user_pool_id: Optional[str] = None,
                             attribute_mapping: Optional[Any] = None,
                             idp_identifiers: Optional[Sequence[str]] = None,
                             provider_details: Optional[Any] = None,
                             provider_name: Optional[str] = None)

func NewUserPoolIdentityProvider(ctx *Context, name string, args UserPoolIdentityProviderArgs, opts ...ResourceOption) (*UserPoolIdentityProvider, error)

public UserPoolIdentityProvider(string name, UserPoolIdentityProviderArgs args, CustomResourceOptions? opts = null)

public UserPoolIdentityProvider(String name, UserPoolIdentityProviderArgs args)
public UserPoolIdentityProvider(String name, UserPoolIdentityProviderArgs args, CustomResourceOptions options)

type: aws-native:cognito:UserPoolIdentityProvider
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args UserPoolIdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args UserPoolIdentityProviderArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args UserPoolIdentityProviderArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args UserPoolIdentityProviderArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args UserPoolIdentityProviderArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

UserPoolIdentityProvider Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The UserPoolIdentityProvider resource accepts the following input properties:

ProviderType string

The IdP type.

UserPoolId string

The user pool ID.

AttributeMapping object

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

IdpIdentifiers List<string>

A list of IdP identifiers.

ProviderDetails object

The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP authorize_scopes values must match the values listed here.

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

Create or update request: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

Describe response: "ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

Create or update request with Metadata file: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

Describe response: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Describe response: "ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

Describe response: "ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Describe response: "ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Describe response: "ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

ProviderName string

The IdP name.

ProviderType string

The IdP type.

UserPoolId string

The user pool ID.

AttributeMapping interface{}

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

IdpIdentifiers []string

A list of IdP identifiers.

ProviderDetails interface{}

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

ProviderName string

The IdP name.

providerType String

The IdP type.

userPoolId String

The user pool ID.

attributeMapping Object

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

idpIdentifiers List<String>

A list of IdP identifiers.

providerDetails Object

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

providerName String

The IdP name.

providerType string

The IdP type.

userPoolId string

The user pool ID.

attributeMapping any

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

idpIdentifiers string[]

A list of IdP identifiers.

providerDetails any

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

providerName string

The IdP name.

provider_type str

The IdP type.

user_pool_id str

The user pool ID.

attribute_mapping Any

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

idp_identifiers Sequence[str]

A list of IdP identifiers.

provider_details Any

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

provider_name str

The IdP name.

providerType String

The IdP type.

userPoolId String

The user pool ID.

attributeMapping Any

A mapping of IdP attributes to standard and custom user pool attributes.

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

idpIdentifiers List<String>

A list of IdP identifiers.

providerDetails Any

OpenID Connect (OIDC) - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from oidc_issuer : attributes_url , authorize_url , jwks_uri , token_url .

SAML - Create or update request with Metadata URL: "ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }

The value of MetadataFile must be the plaintext metadata document with all quote (") characters escaped by backslashes.

LoginWithAmazon - Create or update request: "ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"

Google - Create or update request: "ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }

SignInWithApple - Create or update request: "ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }

Facebook - Create or update request: "ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }

Search the CloudFormation User Guide for AWS::Cognito::UserPoolIdentityProvider for more information about the expected schema for this property.

providerName String

The IdP name.

Outputs

All input properties are implicitly available as output properties. Additionally, the UserPoolIdentityProvider resource produces the following output properties:

AwsId string: The resource ID.
Id string: The provider-assigned unique ID for this managed resource.

AwsId string: The resource ID.
Id string: The provider-assigned unique ID for this managed resource.

awsId String: The resource ID.
id String: The provider-assigned unique ID for this managed resource.

awsId string: The resource ID.
id string: The provider-assigned unique ID for this managed resource.

aws_id str: The resource ID.
id str: The provider-assigned unique ID for this managed resource.

awsId String: The resource ID.
id String: The provider-assigned unique ID for this managed resource.

Package Details

Repository: AWS Native pulumi/pulumi-aws-native
License: Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Native v0.126.0 published on Monday, Sep 30, 2024 by Pulumi

pulumi/pulumi-aws-native

aws-native.cognito.UserPoolIdentityProvider

On this page

On this page

Create UserPoolIdentityProvider Resource

Constructor syntax

Parameters

UserPoolIdentityProvider Resource Properties

Inputs

Outputs

Package Details

On this page

On this page