From ba5032912567a7bf44202cdd577019ed99340982 Mon Sep 17 00:00:00 2001 From: Daniel Holmes Date: Mon, 25 Nov 2024 08:49:38 -0700 Subject: [PATCH] feat(aws-cognito): Add support for ALLOW_USER_AUTH explicit auth flow --- .../integ-user-pool-client-explicit-props.template.json | 1 + .../tree.json | 1 + .../test/integ.user-pool-client-explicit-props.ts | 1 + packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts | 7 +++++++ .../aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts | 3 +++ 5 files changed, 13 insertions(+) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.template.json index 27a0b8be4bc3d..1f19d811f5833 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/integ-user-pool-client-explicit-props.template.json @@ -66,6 +66,7 @@ "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_SRP_AUTH", + "ALLOW_USER_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "GenerateSecret": true, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/tree.json index 26412cd2cff18..3bd8520772679 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.js.snapshot/tree.json @@ -91,6 +91,7 @@ "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_SRP_AUTH", + "ALLOW_USER_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "generateSecret": true, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.ts index 1161f7007d2b9..1308d31bf2953 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-explicit-props.ts @@ -20,6 +20,7 @@ const client = userpool.addClient('myuserpoolclient', { custom: true, userPassword: true, userSrp: true, + user: true, }, generateSecret: true, oAuth: { diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts index d1e7ad218c1f5..d92109c73b7a8 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts @@ -34,6 +34,12 @@ export interface AuthFlow { * @default false */ readonly userSrp?: boolean; + + /** + * Enable Choice-based authentication + * @default false + */ + readonly user?: boolean; } /** @@ -525,6 +531,7 @@ export class UserPoolClient extends Resource implements IUserPoolClient { if (props.authFlows.adminUserPassword) { authFlows.push('ALLOW_ADMIN_USER_PASSWORD_AUTH'); } if (props.authFlows.custom) { authFlows.push('ALLOW_CUSTOM_AUTH'); } if (props.authFlows.userSrp) { authFlows.push('ALLOW_USER_SRP_AUTH'); } + if (props.authFlows.user) { authFlows.push('ALLOW_USER_AUTH'); } // refreshToken should always be allowed if authFlows are present authFlows.push('ALLOW_REFRESH_TOKEN_AUTH'); diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts index 751b722b6c2c7..49f44cccac3c2 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts @@ -255,6 +255,7 @@ describe('User Pool Client', () => { custom: true, userPassword: true, userSrp: true, + user: true, }, }); @@ -264,6 +265,7 @@ describe('User Pool Client', () => { 'ALLOW_ADMIN_USER_PASSWORD_AUTH', 'ALLOW_CUSTOM_AUTH', 'ALLOW_USER_SRP_AUTH', + 'ALLOW_USER_AUTH', 'ALLOW_REFRESH_TOKEN_AUTH', ], }); @@ -281,6 +283,7 @@ describe('User Pool Client', () => { custom: false, userPassword: false, userSrp: false, + user: false, }, });