createUserPoolClient
inline suspend fun CognitoIdentityProviderClient.createUserPoolClient(crossinline block: CreateUserPoolClientRequest.Builder.() -> Unit): CreateUserPoolClientResponse
Creates an app client in a user pool. This operation sets basic and advanced configuration options.
Unlike app clients created in the console, Amazon Cognito doesn't automatically assign a branding style to app clients that you configure with this API operation. Managed login and classic hosted UI pages aren't available for your client until after you apply a branding style.
If you don't provide a value for an attribute, Amazon Cognito sets it to its default value.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Samples
import aws.sdk.kotlin.services.cognitoidentityprovider.model.AnalyticsConfigurationType
import aws.sdk.kotlin.services.cognitoidentityprovider.model.ExplicitAuthFlowsType
import aws.sdk.kotlin.services.cognitoidentityprovider.model.OAuthFlowType
import aws.sdk.kotlin.services.cognitoidentityprovider.model.PreventUserExistenceErrorTypes
import aws.sdk.kotlin.services.cognitoidentityprovider.model.TimeUnitsType
import aws.sdk.kotlin.services.cognitoidentityprovider.model.TokenValidityUnitsType
fun main() {
//sampleStart
// The following example creates an app client with all configurable properties set to an example
// value. The resulting user pool client connects to an analytics client, allows sign in with username and
// password, and has two external identity providers associated with it.
val resp = cognitoIdentityProviderClient.createUserPoolClient {
accessTokenValidity = 6
allowedOAuthFlows = listOf<OAuthFlowType>(
OAuthFlowType.fromValue("code")
)
allowedOAuthFlowsUserPoolClient = true
allowedOAuthScopes = listOf<String>(
"aws.cognito.signin.user.admin",
"openid"
)
analyticsConfiguration = AnalyticsConfigurationType {
applicationId = "d70b2ba36a8c4dc5a04a0451a31a1e12"
externalId = "my-external-id"
roleArn = "arn:aws:iam::123456789012:role/test-cognitouserpool-role"
userDataShared = true
}
callbackUrls = listOf<String>(
"https://example.com",
"http://localhost",
"myapp://example"
)
clientName = "my-test-app-client"
defaultRedirectUri = "https://example.com"
explicitAuthFlows = listOf<ExplicitAuthFlowsType>(
ExplicitAuthFlowsType.fromValue("ALLOW_ADMIN_USER_PASSWORD_AUTH"),
ExplicitAuthFlowsType.fromValue("ALLOW_USER_PASSWORD_AUTH"),
ExplicitAuthFlowsType.fromValue("ALLOW_REFRESH_TOKEN_AUTH")
)
generateSecret = true
idTokenValidity = 6
logoutUrls = listOf<String>(
"https://example.com/logout"
)
preventUserExistenceErrors = PreventUserExistenceErrorTypes.fromValue("ENABLED")
readAttributes = listOf<String>(
"email",
"address",
"preferred_username"
)
refreshTokenValidity = 6
supportedIdentityProviders = listOf<String>(
"SignInWithApple",
"MySSO"
)
tokenValidityUnits = TokenValidityUnitsType {
accessToken = TimeUnitsType.fromValue("hours")
idToken = TimeUnitsType.fromValue("minutes")
refreshToken = TimeUnitsType.fromValue("days")
}
userPoolId = "us-east-1_EXAMPLE"
writeAttributes = listOf<String>(
"family_name",
"email"
)
}
//sampleEnd
}