Class OAuthSettings

Namespace

Amazon.CDK.AWS.Cognito

Assembly

Amazon.CDK.AWS.Cognito.dll

OAuth settings to configure the interaction between the app and this client.

public class OAuthSettings : IOAuthSettings

Inheritance

object

OAuthSettings

Implements

IOAuthSettings

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Examples

var pool = new UserPool(this, "Pool");

            var readOnlyScope = new ResourceServerScope(new ResourceServerScopeProps { ScopeName = "read", ScopeDescription = "Read-only access" });
            var fullAccessScope = new ResourceServerScope(new ResourceServerScopeProps { ScopeName = "*", ScopeDescription = "Full access" });

            var userServer = pool.AddResourceServer("ResourceServer", new UserPoolResourceServerOptions {
                Identifier = "users",
                Scopes = new [] { readOnlyScope, fullAccessScope }
            });

            var readOnlyClient = pool.AddClient("read-only-client", new UserPoolClientOptions {
                // ...
                OAuth = new OAuthSettings {
                    // ...
                    Scopes = new [] { OAuthScope.ResourceServer(userServer, readOnlyScope) }
                }
            });

            var fullAccessClient = pool.AddClient("full-access-client", new UserPoolClientOptions {
                // ...
                OAuth = new OAuthSettings {
                    // ...
                    Scopes = new [] { OAuthScope.ResourceServer(userServer, fullAccessScope) }
                }
            });

Remarks

ExampleMetadata: infused

Constructors

OAuthSettings()

public OAuthSettings()

Properties

CallbackUrls

List of allowed redirect URLs for the identity providers.

public string[]? CallbackUrls { get; set; }

Property Value

string[]

Remarks

Default: - ['https://example.com'] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.

Flows

OAuth flows that are allowed with this client.

public IOAuthFlows? Flows { get; set; }

Property Value

IOAuthFlows

Remarks

Default: {authorizationCodeGrant:true,implicitCodeGrant:true}

See: - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

LogoutUrls

List of allowed logout URLs for the identity providers.

public string[]? LogoutUrls { get; set; }

Property Value

string[]

Remarks

Default: - no logout URLs

Scopes

OAuth scopes that are allowed with this client.

public OAuthScope[]? Scopes { get; set; }

Property Value

OAuthScope[]

Remarks

Default: [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]

See: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html