## Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
## SPDX-License-Identifier: MIT-0

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Cognito user pool with hosted domain

Parameters:
  ClientDomain:
    Type: String
    Description: Domain allowed to use this UserPool

Resources:
  UserPool:
    Type: AWS::Cognito::UserPool 
    Properties: 
      UserPoolName: weather2-UserPool 
      Policies: 
        PasswordPolicy: 
          MinimumLength: 8
      AutoVerifiedAttributes:
        - email
      UsernameAttributes: 
        - email
      Schema: 
        - AttributeDataType: String 
          Name: email 
          Required: false

  UserPoolClient:
    Type: AWS::Cognito::UserPoolClient 
    Properties: 
      UserPoolId: !Ref UserPool 
      ClientName: weather2-UserPoolClient 
      GenerateSecret: false # set to false for web clients
      SupportedIdentityProviders:
        - COGNITO
      CallbackURLs:
        - !Ref ClientDomain
        - https://oauth.pstmn.io/v1/callback
      LogoutURLs:
        - !Ref ClientDomain
        - https://oauth.pstmn.io/v1/callback
      AllowedOAuthFlowsUserPoolClient: true
      AllowedOAuthFlows:
        - code
        - implicit # only for postman testing
      AllowedOAuthScopes:
        - email
        - openid
        - profile

  UserPoolDomain:
    Type: AWS::Cognito::UserPoolDomain
    Properties: 
      Domain: !Sub weather2-${AWS::AccountId}
      UserPoolId: !Ref UserPool
    
Outputs:
    UserPoolId:
      Description: "User pool ID"
      Value: !Ref UserPool

    UserPoolClientId:
      Description: "Application client ID"
      Value: !Ref UserPoolClient

    AuthUrl:
      Description: "URL used for authentication"
      Value: !Sub https://${UserPoolDomain}.auth.${AWS::Region}.amazoncognito.com/login
      
    Issuer:
      Description: "Url used for issuer on HTTP API JWT tokens"
      Value: !Sub https://cognito-idp.${AWS::Region}.amazonaws.com/${UserPool}