-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(cognito): Implement user pool and user pool client constructs (#…
…1615) This commit adds initial support for Cognito User Pools. `UserPool` allows selecting the type of sign-in (username vs email, etc) with options consistent with what is presented in the console. `UserPool` also supports setting alias attributes & auto-verified attributes, as well as setting Lambda function triggers. A basic implementation of app clients is implemented in `UserPoolClient`.
- Loading branch information
1 parent
93ae2d5
commit 8e03ed6
Showing
7 changed files
with
815 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,5 @@ | ||
| // AWS::Cognito CloudFormation Resources: | ||
| export * from './cognito.generated'; | ||
|
|
||
| export * from './user-pool'; | ||
| export * from './user-pool-client'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| import cdk = require('@aws-cdk/cdk'); | ||
| import { CfnUserPoolClient } from './cognito.generated'; | ||
| import { IUserPool } from './user-pool'; | ||
|
|
||
| /** | ||
| * Types of authentication flow | ||
| */ | ||
| export enum AuthFlow { | ||
| /** | ||
| * Enable flow for server-side or admin authentication (no client app) | ||
| */ | ||
| AdminNoSrp = 'ADMIN_NO_SRP_AUTH', | ||
|
|
||
| /** | ||
| * Enable custom authentication flow | ||
| */ | ||
| CustomFlowOnly = 'CUSTOM_AUTH_FLOW_ONLY', | ||
|
|
||
| /** | ||
| * Enable auth using username & password | ||
| */ | ||
| UserPassword = 'USER_PASSWORD_AUTH' | ||
| } | ||
|
|
||
| export interface UserPoolClientProps { | ||
| /** | ||
| * Name of the application client | ||
| * @default cloudformation generated name | ||
| */ | ||
| clientName?: string; | ||
|
|
||
| /** | ||
| * The UserPool resource this client will have access to | ||
| */ | ||
| userPool: IUserPool; | ||
|
|
||
| /** | ||
| * Whether to generate a client secret | ||
| * @default false | ||
| */ | ||
| generateSecret?: boolean; | ||
|
|
||
| /** | ||
| * List of enabled authentication flows | ||
| * @default no enabled flows | ||
| */ | ||
| enabledAuthFlows?: AuthFlow[] | ||
| } | ||
|
|
||
| /** | ||
| * Define a UserPool App Client | ||
| */ | ||
| export class UserPoolClient extends cdk.Construct { | ||
| public readonly clientId: string; | ||
|
|
||
| constructor(scope: cdk.Construct, id: string, props: UserPoolClientProps) { | ||
| super(scope, id); | ||
|
|
||
| const userPoolClient = new CfnUserPoolClient(this, 'Resource', { | ||
| clientName: props.clientName, | ||
| generateSecret: props.generateSecret, | ||
| userPoolId: props.userPool.userPoolId, | ||
| explicitAuthFlows: props.enabledAuthFlows | ||
| }); | ||
| this.clientId = userPoolClient.userPoolClientId; | ||
| } | ||
| } |
Oops, something went wrong.