View source: R/cognitoidentityprovider_operations.R
| cognitoidentityprovider_create_user_pool_client | R Documentation |
Creates an app client in a user pool. This operation sets basic and advanced configuration options.
See https://www.paws-r-sdk.com/docs/cognitoidentityprovider_create_user_pool_client/ for full documentation.
cognitoidentityprovider_create_user_pool_client(
UserPoolId,
ClientName,
GenerateSecret = NULL,
ClientSecret = NULL,
RefreshTokenValidity = NULL,
AccessTokenValidity = NULL,
IdTokenValidity = NULL,
TokenValidityUnits = NULL,
ReadAttributes = NULL,
WriteAttributes = NULL,
ExplicitAuthFlows = NULL,
SupportedIdentityProviders = NULL,
CallbackURLs = NULL,
LogoutURLs = NULL,
DefaultRedirectURI = NULL,
AllowedOAuthFlows = NULL,
AllowedOAuthScopes = NULL,
AllowedOAuthFlowsUserPoolClient = NULL,
AnalyticsConfiguration = NULL,
PreventUserExistenceErrors = NULL,
EnableTokenRevocation = NULL,
EnablePropagateAdditionalUserContextData = NULL,
AuthSessionValidity = NULL,
RefreshTokenRotation = NULL
)
UserPoolId |
[required] The ID of the user pool where you want to create an app client. |
ClientName |
[required] A friendly name for the app client that you want to create. |
GenerateSecret |
When |
ClientSecret |
A custom client secret that you want to use for the app client. You cannot specify both GenerateSecret as true and provide a ClientSecret value. |
RefreshTokenValidity |
The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for For example, when you set The default time unit for If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30 days. |
AccessTokenValidity |
The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for For example, when you set The default time unit for If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one hour. |
IdTokenValidity |
The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for For example, when you set The default time unit for If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour. |
TokenValidityUnits |
The units that validity times are represented in. The default unit for refresh tokens is days, and the default for ID and access tokens are hours. |
ReadAttributes |
The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. When you don't specify the |
WriteAttributes |
The list of user attributes that you want your app client to have write access to. After your user authenticates in your app, their access token authorizes them to set or modify their own attribute value for any attribute in this list. When you don't specify the If your app client allows users to sign in through an IdP, this array must include all attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool. |
ExplicitAuthFlows |
The authentication flows that you want your user pool client to support. For each app client in your user pool, you can sign in your users with any combination of one or more flows, including with a user name and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda functions. If you don't specify a value for The values for authentication flow options include the following.
In some environments, you will see the values |
SupportedIdentityProviders |
A list of provider names for the identity providers (IdPs) that are supported on this client. The following are supported: This parameter sets the IdPs that managed login will display on the login page for your app client. The removal of |
CallbackURLs |
A list of allowed redirect, or callback, URLs for managed login authentication. These URLs are the paths where you want to send your users' browsers after they complete authentication with managed login or a third-party IdP. Typically, callback URLs are the home of an application that uses OAuth or OIDC libraries to process authentication outcomes. A redirect URI must meet the following requirements:
See OAuth 2.0 - Redirection Endpoint. Amazon Cognito requires HTTPS over HTTP except for callback URLs to App callback URLs such as |
LogoutURLs |
A list of allowed logout URLs for managed login authentication. When you pass |
DefaultRedirectURI |
The default redirect URI. In app clients with one assigned IdP, replaces |
AllowedOAuthFlows |
The OAuth grant types that you want your app client to generate for clients in managed login authentication. To create an app client that generates client credentials grants, you must add code Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for access tokens with the implicit Issue the access token, and the ID token when scopes like client_credentials Issue the access token from the |
AllowedOAuthScopes |
The OAuth, OpenID Connect (OIDC), and custom scopes that you want to permit your app client to authorize access with. Scopes govern access control to user pool self-service API operations, user data from the |
AllowedOAuthFlowsUserPoolClient |
Set to This parameter must have a value of
To use authorization server features, configure one of these features in the Amazon Cognito console or set |
AnalyticsConfiguration |
The user pool analytics configuration for collecting metrics and sending them to your Amazon Pinpoint campaign. In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools might not have access to analytics or might be configurable with campaigns in the US East (N. Virginia) Region. For more information, see Using Amazon Pinpoint analytics. |
PreventUserExistenceErrors |
When Defaults to |
EnableTokenRevocation |
Activates or deactivates token revocation in the target app client. If you don't include this parameter, token revocation is automatically activated for the new user pool client. |
EnablePropagateAdditionalUserContextData |
When |
AuthSessionValidity |
Amazon Cognito creates a session token for each API request in an authentication flow. |
RefreshTokenRotation |
The configuration of your app client for refresh token rotation. When enabled, your app client issues new ID, access, and refresh tokens when users renew their sessions with refresh tokens. When disabled, token refresh issues only ID and access tokens. |
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.