» Resource: aws_cognito_user_pool_client
Provides a Cognito User Pool Client resource.
» Example Usage
» Create a basic user pool client
resource "aws_cognito_user_pool" "pool" {
name = "pool"
}
resource "aws_cognito_user_pool_client" "client" {
name = "client"
user_pool_id = "${aws_cognito_user_pool.pool.id}"
}
» Create a user pool client with no SRP authentication
resource "aws_cognito_user_pool" "pool" {
name = "pool"
}
resource "aws_cognito_user_pool_client" "client" {
name = "client"
user_pool_id = "${aws_cognito_user_pool.pool.id}"
generate_secret = true
explicit_auth_flows = ["ADMIN_NO_SRP_AUTH"]
}
» Argument Reference
The following arguments are supported:
-
allowed_oauth_flows
- (Optional) List of allowed OAuth flows (code, implicit, client_credentials). -
allowed_oauth_flows_user_pool_client
- (Optional) Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools. -
allowed_oauth_scopes
- (Optional) List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin). -
callback_urls
- (Optional) List of allowed callback URLs for the identity providers. -
default_redirect_uri
- (Optional) The default redirect URI. Must be in the list of callback URLs. -
explicit_auth_flows
- (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH). -
generate_secret
- (Optional) Should an application secret be generated. -
logout_urls
- (Optional) List of allowed logout URLs for the identity providers. -
name
- (Required) The name of the application client. -
read_attributes
- (Optional) List of user pool attributes the application client can read from. -
refresh_token_validity
- (Optional) The time limit in days refresh tokens are valid for. -
supported_identity_providers
- (Optional) List of provider names for the identity providers that are supported on this client. -
user_pool_id
- (Required) The user pool the client belongs to. -
write_attributes
- (Optional) List of user pool attributes the application client can write to.
» Attribute Reference
In addition to all arguments above, the following attributes are exported:
-
id
- The id of the user pool client. -
client_secret
- The client secret of the user pool client.
» Import
Cognito User Pool Clients can be imported using the id
of the Cognito User Pool, and the id
of the Cognito User Pool Client, e.g.
$ terraform import aws_cognito_user_pool_client.client <user_pool_id>/<user_pool_client_id>