/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include #include namespace Aws { namespace CognitoIdentityProvider { namespace Model { /** *

Represents the request to create a user pool client.

See Also:

* AWS * API Reference

*/ class CreateUserPoolClientRequest : public CognitoIdentityProviderRequest { public: AWS_COGNITOIDENTITYPROVIDER_API CreateUserPoolClientRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "CreateUserPoolClient"; } AWS_COGNITOIDENTITYPROVIDER_API Aws::String SerializePayload() const override; AWS_COGNITOIDENTITYPROVIDER_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline const Aws::String& GetUserPoolId() const{ return m_userPoolId; } /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline bool UserPoolIdHasBeenSet() const { return m_userPoolIdHasBeenSet; } /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline void SetUserPoolId(const Aws::String& value) { m_userPoolIdHasBeenSet = true; m_userPoolId = value; } /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline void SetUserPoolId(Aws::String&& value) { m_userPoolIdHasBeenSet = true; m_userPoolId = std::move(value); } /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline void SetUserPoolId(const char* value) { m_userPoolIdHasBeenSet = true; m_userPoolId.assign(value); } /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline CreateUserPoolClientRequest& WithUserPoolId(const Aws::String& value) { SetUserPoolId(value); return *this;} /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline CreateUserPoolClientRequest& WithUserPoolId(Aws::String&& value) { SetUserPoolId(std::move(value)); return *this;} /** *

The user pool ID for the user pool where you want to create a user pool * client.

*/ inline CreateUserPoolClientRequest& WithUserPoolId(const char* value) { SetUserPoolId(value); return *this;} /** *

The client name for the user pool client you would like to create.

*/ inline const Aws::String& GetClientName() const{ return m_clientName; } /** *

The client name for the user pool client you would like to create.

*/ inline bool ClientNameHasBeenSet() const { return m_clientNameHasBeenSet; } /** *

The client name for the user pool client you would like to create.

*/ inline void SetClientName(const Aws::String& value) { m_clientNameHasBeenSet = true; m_clientName = value; } /** *

The client name for the user pool client you would like to create.

*/ inline void SetClientName(Aws::String&& value) { m_clientNameHasBeenSet = true; m_clientName = std::move(value); } /** *

The client name for the user pool client you would like to create.

*/ inline void SetClientName(const char* value) { m_clientNameHasBeenSet = true; m_clientName.assign(value); } /** *

The client name for the user pool client you would like to create.

*/ inline CreateUserPoolClientRequest& WithClientName(const Aws::String& value) { SetClientName(value); return *this;} /** *

The client name for the user pool client you would like to create.

*/ inline CreateUserPoolClientRequest& WithClientName(Aws::String&& value) { SetClientName(std::move(value)); return *this;} /** *

The client name for the user pool client you would like to create.

*/ inline CreateUserPoolClientRequest& WithClientName(const char* value) { SetClientName(value); return *this;} /** *

Boolean to specify whether you want to generate a secret for the user pool * client being created.

*/ inline bool GetGenerateSecret() const{ return m_generateSecret; } /** *

Boolean to specify whether you want to generate a secret for the user pool * client being created.

*/ inline bool GenerateSecretHasBeenSet() const { return m_generateSecretHasBeenSet; } /** *

Boolean to specify whether you want to generate a secret for the user pool * client being created.

*/ inline void SetGenerateSecret(bool value) { m_generateSecretHasBeenSet = true; m_generateSecret = value; } /** *

Boolean to specify whether you want to generate a secret for the user pool * client being created.

*/ inline CreateUserPoolClientRequest& WithGenerateSecret(bool value) { SetGenerateSecret(value); return *this;} /** *

The refresh token time limit. After this limit expires, your user can't use * their refresh token. To specify the time unit for * RefreshTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * RefreshTokenValidity as 10 and * TokenValidityUnits as days, your user can refresh * their session and retrieve new access and ID tokens for 10 days.

The * default time unit for RefreshTokenValidity in an API request is * days. You can't set RefreshTokenValidity to 0. If you do, Amazon * Cognito overrides the value with the default value of 30 days. Valid * range is displayed below in seconds.

If you don't specify otherwise * in the configuration of your app client, your refresh tokens are valid for 30 * days.

*/ inline int GetRefreshTokenValidity() const{ return m_refreshTokenValidity; } /** *

The refresh token time limit. After this limit expires, your user can't use * their refresh token. To specify the time unit for * RefreshTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * RefreshTokenValidity as 10 and * TokenValidityUnits as days, your user can refresh * their session and retrieve new access and ID tokens for 10 days.

The * default time unit for RefreshTokenValidity in an API request is * days. You can't set RefreshTokenValidity to 0. If you do, Amazon * Cognito overrides the value with the default value of 30 days. Valid * range is displayed below in seconds.

If you don't specify otherwise * in the configuration of your app client, your refresh tokens are valid for 30 * days.

*/ inline bool RefreshTokenValidityHasBeenSet() const { return m_refreshTokenValidityHasBeenSet; } /** *

The refresh token time limit. After this limit expires, your user can't use * their refresh token. To specify the time unit for * RefreshTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * RefreshTokenValidity as 10 and * TokenValidityUnits as days, your user can refresh * their session and retrieve new access and ID tokens for 10 days.

The * default time unit for RefreshTokenValidity in an API request is * days. You can't set RefreshTokenValidity to 0. If you do, Amazon * Cognito overrides the value with the default value of 30 days. Valid * range is displayed below in seconds.

If you don't specify otherwise * in the configuration of your app client, your refresh tokens are valid for 30 * days.

*/ inline void SetRefreshTokenValidity(int value) { m_refreshTokenValidityHasBeenSet = true; m_refreshTokenValidity = value; } /** *

The refresh token time limit. After this limit expires, your user can't use * their refresh token. To specify the time unit for * RefreshTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * RefreshTokenValidity as 10 and * TokenValidityUnits as days, your user can refresh * their session and retrieve new access and ID tokens for 10 days.

The * default time unit for RefreshTokenValidity in an API request is * days. You can't set RefreshTokenValidity to 0. If you do, Amazon * Cognito overrides the value with the default value of 30 days. Valid * range is displayed below in seconds.

If you don't specify otherwise * in the configuration of your app client, your refresh tokens are valid for 30 * days.

*/ inline CreateUserPoolClientRequest& WithRefreshTokenValidity(int value) { SetRefreshTokenValidity(value); return *this;} /** *

The access token time limit. After this limit expires, your user can't use * their access token. To specify the time unit for * AccessTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * AccessTokenValidity to 10 and * TokenValidityUnits to hours, your user can authorize * access with their access token for 10 hours.

The default time unit for * AccessTokenValidity in an API request is hours. Valid range * is displayed below in seconds.

If you don't specify otherwise in the * configuration of your app client, your access tokens are valid for one hour.

*/ inline int GetAccessTokenValidity() const{ return m_accessTokenValidity; } /** *

The access token time limit. After this limit expires, your user can't use * their access token. To specify the time unit for * AccessTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * AccessTokenValidity to 10 and * TokenValidityUnits to hours, your user can authorize * access with their access token for 10 hours.

The default time unit for * AccessTokenValidity in an API request is hours. Valid range * is displayed below in seconds.

If you don't specify otherwise in the * configuration of your app client, your access tokens are valid for one hour.

*/ inline bool AccessTokenValidityHasBeenSet() const { return m_accessTokenValidityHasBeenSet; } /** *

The access token time limit. After this limit expires, your user can't use * their access token. To specify the time unit for * AccessTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * AccessTokenValidity to 10 and * TokenValidityUnits to hours, your user can authorize * access with their access token for 10 hours.

The default time unit for * AccessTokenValidity in an API request is hours. Valid range * is displayed below in seconds.

If you don't specify otherwise in the * configuration of your app client, your access tokens are valid for one hour.

*/ inline void SetAccessTokenValidity(int value) { m_accessTokenValidityHasBeenSet = true; m_accessTokenValidity = value; } /** *

The access token time limit. After this limit expires, your user can't use * their access token. To specify the time unit for * AccessTokenValidity as seconds, minutes, * hours, or days, set a TokenValidityUnits * value in your API request.

For example, when you set * AccessTokenValidity to 10 and * TokenValidityUnits to hours, your user can authorize * access with their access token for 10 hours.

The default time unit for * AccessTokenValidity in an API request is hours. Valid range * is displayed below in seconds.

If you don't specify otherwise in the * configuration of your app client, your access tokens are valid for one hour.

*/ inline CreateUserPoolClientRequest& WithAccessTokenValidity(int value) { SetAccessTokenValidity(value); return *this;} /** *

The ID token time limit. After this limit expires, your user can't use their * ID token. To specify the time unit for IdTokenValidity as * seconds, minutes, hours, or * days, set a TokenValidityUnits value in your API * request.

For example, when you set IdTokenValidity as * 10 and TokenValidityUnits as hours, your * user can authenticate their session with their ID token for 10 hours.

The * default time unit for AccessTokenValidity in an API request is * hours. Valid range is displayed below in seconds.

If you don't * specify otherwise in the configuration of your app client, your ID tokens are * valid for one hour.

*/ inline int GetIdTokenValidity() const{ return m_idTokenValidity; } /** *

The ID token time limit. After this limit expires, your user can't use their * ID token. To specify the time unit for IdTokenValidity as * seconds, minutes, hours, or * days, set a TokenValidityUnits value in your API * request.

For example, when you set IdTokenValidity as * 10 and TokenValidityUnits as hours, your * user can authenticate their session with their ID token for 10 hours.

The * default time unit for AccessTokenValidity in an API request is * hours. Valid range is displayed below in seconds.

If you don't * specify otherwise in the configuration of your app client, your ID tokens are * valid for one hour.

*/ inline bool IdTokenValidityHasBeenSet() const { return m_idTokenValidityHasBeenSet; } /** *

The ID token time limit. After this limit expires, your user can't use their * ID token. To specify the time unit for IdTokenValidity as * seconds, minutes, hours, or * days, set a TokenValidityUnits value in your API * request.

For example, when you set IdTokenValidity as * 10 and TokenValidityUnits as hours, your * user can authenticate their session with their ID token for 10 hours.

The * default time unit for AccessTokenValidity in an API request is * hours. Valid range is displayed below in seconds.

If you don't * specify otherwise in the configuration of your app client, your ID tokens are * valid for one hour.

*/ inline void SetIdTokenValidity(int value) { m_idTokenValidityHasBeenSet = true; m_idTokenValidity = value; } /** *

The ID token time limit. After this limit expires, your user can't use their * ID token. To specify the time unit for IdTokenValidity as * seconds, minutes, hours, or * days, set a TokenValidityUnits value in your API * request.

For example, when you set IdTokenValidity as * 10 and TokenValidityUnits as hours, your * user can authenticate their session with their ID token for 10 hours.

The * default time unit for AccessTokenValidity in an API request is * hours. Valid range is displayed below in seconds.

If you don't * specify otherwise in the configuration of your app client, your ID tokens are * valid for one hour.

*/ inline CreateUserPoolClientRequest& WithIdTokenValidity(int value) { SetIdTokenValidity(value); return *this;} /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline const TokenValidityUnitsType& GetTokenValidityUnits() const{ return m_tokenValidityUnits; } /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline bool TokenValidityUnitsHasBeenSet() const { return m_tokenValidityUnitsHasBeenSet; } /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline void SetTokenValidityUnits(const TokenValidityUnitsType& value) { m_tokenValidityUnitsHasBeenSet = true; m_tokenValidityUnits = value; } /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline void SetTokenValidityUnits(TokenValidityUnitsType&& value) { m_tokenValidityUnitsHasBeenSet = true; m_tokenValidityUnits = std::move(value); } /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline CreateUserPoolClientRequest& WithTokenValidityUnits(const TokenValidityUnitsType& value) { SetTokenValidityUnits(value); return *this;} /** *

The units in which the validity times are represented. The default unit for * RefreshToken is days, and default for ID and access tokens are hours.

*/ inline CreateUserPoolClientRequest& WithTokenValidityUnits(TokenValidityUnitsType&& value) { SetTokenValidityUnits(std::move(value)); return *this;} /** *

The read attributes.

*/ inline const Aws::Vector& GetReadAttributes() const{ return m_readAttributes; } /** *

The read attributes.

*/ inline bool ReadAttributesHasBeenSet() const { return m_readAttributesHasBeenSet; } /** *

The read attributes.

*/ inline void SetReadAttributes(const Aws::Vector& value) { m_readAttributesHasBeenSet = true; m_readAttributes = value; } /** *

The read attributes.

*/ inline void SetReadAttributes(Aws::Vector&& value) { m_readAttributesHasBeenSet = true; m_readAttributes = std::move(value); } /** *

The read attributes.

*/ inline CreateUserPoolClientRequest& WithReadAttributes(const Aws::Vector& value) { SetReadAttributes(value); return *this;} /** *

The read attributes.

*/ inline CreateUserPoolClientRequest& WithReadAttributes(Aws::Vector&& value) { SetReadAttributes(std::move(value)); return *this;} /** *

The read attributes.

*/ inline CreateUserPoolClientRequest& AddReadAttributes(const Aws::String& value) { m_readAttributesHasBeenSet = true; m_readAttributes.push_back(value); return *this; } /** *

The read attributes.

*/ inline CreateUserPoolClientRequest& AddReadAttributes(Aws::String&& value) { m_readAttributesHasBeenSet = true; m_readAttributes.push_back(std::move(value)); return *this; } /** *

The read attributes.

*/ inline CreateUserPoolClientRequest& AddReadAttributes(const char* value) { m_readAttributesHasBeenSet = true; m_readAttributes.push_back(value); return *this; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline const Aws::Vector& GetWriteAttributes() const{ return m_writeAttributes; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline bool WriteAttributesHasBeenSet() const { return m_writeAttributesHasBeenSet; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline void SetWriteAttributes(const Aws::Vector& value) { m_writeAttributesHasBeenSet = true; m_writeAttributes = value; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline void SetWriteAttributes(Aws::Vector&& value) { m_writeAttributesHasBeenSet = true; m_writeAttributes = std::move(value); } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline CreateUserPoolClientRequest& WithWriteAttributes(const Aws::Vector& value) { SetWriteAttributes(value); return *this;} /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline CreateUserPoolClientRequest& WithWriteAttributes(Aws::Vector&& value) { SetWriteAttributes(std::move(value)); return *this;} /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline CreateUserPoolClientRequest& AddWriteAttributes(const Aws::String& value) { m_writeAttributesHasBeenSet = true; m_writeAttributes.push_back(value); return *this; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline CreateUserPoolClientRequest& AddWriteAttributes(Aws::String&& value) { m_writeAttributesHasBeenSet = true; m_writeAttributes.push_back(std::move(value)); return *this; } /** *

The user pool attributes that the app client can write to.

If your app * client allows users to sign in through an IdP, this array must include all * attributes that you have mapped to IdP attributes. Amazon Cognito updates mapped * attributes when users sign in to your application through an IdP. If your app * client does not have write access to a mapped attribute, Amazon Cognito throws * an error when it tries to update the attribute. For more information, see Specifying * IdP Attribute Mappings for Your user pool.

*/ inline CreateUserPoolClientRequest& AddWriteAttributes(const char* value) { m_writeAttributesHasBeenSet = true; m_writeAttributes.push_back(value); return *this; } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline const Aws::Vector& GetExplicitAuthFlows() const{ return m_explicitAuthFlows; } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline bool ExplicitAuthFlowsHasBeenSet() const { return m_explicitAuthFlowsHasBeenSet; } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline void SetExplicitAuthFlows(const Aws::Vector& value) { m_explicitAuthFlowsHasBeenSet = true; m_explicitAuthFlows = value; } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline void SetExplicitAuthFlows(Aws::Vector&& value) { m_explicitAuthFlowsHasBeenSet = true; m_explicitAuthFlows = std::move(value); } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline CreateUserPoolClientRequest& WithExplicitAuthFlows(const Aws::Vector& value) { SetExplicitAuthFlows(value); return *this;} /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline CreateUserPoolClientRequest& WithExplicitAuthFlows(Aws::Vector&& value) { SetExplicitAuthFlows(std::move(value)); return *this;} /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline CreateUserPoolClientRequest& AddExplicitAuthFlows(const ExplicitAuthFlowsType& value) { m_explicitAuthFlowsHasBeenSet = true; m_explicitAuthFlows.push_back(value); return *this; } /** *

The authentication flows that you want your user pool client to support. For * each app client in your user pool, you can sign in your users with any * combination of one or more flows, including with a user name and Secure Remote * Password (SRP), a user name and password, or a custom authentication process * that you define with Lambda functions.

If you don't specify a * value for ExplicitAuthFlows, your user client supports * ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and * ALLOW_CUSTOM_AUTH.

Valid values include:

    *

  • ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user * password authentication flow ADMIN_USER_PASSWORD_AUTH. This setting * replaces the ADMIN_NO_SRP_AUTH setting. With this authentication * flow, your app passes a user name and password to Amazon Cognito in the request, * instead of using the Secure Remote Password (SRP) protocol to securely transmit * the password.

  • ALLOW_CUSTOM_AUTH: Enable Lambda * trigger based authentication.

  • * ALLOW_USER_PASSWORD_AUTH: Enable user password-based * authentication. In this flow, Amazon Cognito receives the password in the * request instead of using the SRP protocol to verify passwords.

  • *

    ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.

    • *

  • ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh * tokens.

In some environments, you will see the values * ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, or * USER_PASSWORD_AUTH. You can't assign these legacy * ExplicitAuthFlows values to user pool clients at the same time as * values that begin with ALLOW_, like * ALLOW_USER_SRP_AUTH.

*/ inline CreateUserPoolClientRequest& AddExplicitAuthFlows(ExplicitAuthFlowsType&& value) { m_explicitAuthFlowsHasBeenSet = true; m_explicitAuthFlows.push_back(std::move(value)); return *this; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline const Aws::Vector& GetSupportedIdentityProviders() const{ return m_supportedIdentityProviders; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline bool SupportedIdentityProvidersHasBeenSet() const { return m_supportedIdentityProvidersHasBeenSet; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline void SetSupportedIdentityProviders(const Aws::Vector& value) { m_supportedIdentityProvidersHasBeenSet = true; m_supportedIdentityProviders = value; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline void SetSupportedIdentityProviders(Aws::Vector&& value) { m_supportedIdentityProvidersHasBeenSet = true; m_supportedIdentityProviders = std::move(value); } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline CreateUserPoolClientRequest& WithSupportedIdentityProviders(const Aws::Vector& value) { SetSupportedIdentityProviders(value); return *this;} /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline CreateUserPoolClientRequest& WithSupportedIdentityProviders(Aws::Vector&& value) { SetSupportedIdentityProviders(std::move(value)); return *this;} /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline CreateUserPoolClientRequest& AddSupportedIdentityProviders(const Aws::String& value) { m_supportedIdentityProvidersHasBeenSet = true; m_supportedIdentityProviders.push_back(value); return *this; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline CreateUserPoolClientRequest& AddSupportedIdentityProviders(Aws::String&& value) { m_supportedIdentityProvidersHasBeenSet = true; m_supportedIdentityProviders.push_back(std::move(value)); return *this; } /** *

A list of provider names for the identity providers (IdPs) that are supported * on this client. The following are supported: COGNITO, * Facebook, Google, SignInWithApple, and * LoginWithAmazon. You can also specify the names that you configured * for the SAML and OIDC IdPs in your user pool, for example MySAMLIdP * or MyOIDCIdP.

*/ inline CreateUserPoolClientRequest& AddSupportedIdentityProviders(const char* value) { m_supportedIdentityProvidersHasBeenSet = true; m_supportedIdentityProviders.push_back(value); return *this; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline const Aws::Vector& GetCallbackURLs() const{ return m_callbackURLs; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline bool CallbackURLsHasBeenSet() const { return m_callbackURLsHasBeenSet; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline void SetCallbackURLs(const Aws::Vector& value) { m_callbackURLsHasBeenSet = true; m_callbackURLs = value; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline void SetCallbackURLs(Aws::Vector&& value) { m_callbackURLsHasBeenSet = true; m_callbackURLs = std::move(value); } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& WithCallbackURLs(const Aws::Vector& value) { SetCallbackURLs(value); return *this;} /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& WithCallbackURLs(Aws::Vector&& value) { SetCallbackURLs(std::move(value)); return *this;} /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& AddCallbackURLs(const Aws::String& value) { m_callbackURLsHasBeenSet = true; m_callbackURLs.push_back(value); return *this; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& AddCallbackURLs(Aws::String&& value) { m_callbackURLsHasBeenSet = true; m_callbackURLs.push_back(std::move(value)); return *this; } /** *

A list of allowed redirect (callback) URLs for the IdPs.

A redirect * URI must:

  • Be an absolute URI.

  • Be registered * with the authorization server.

  • Not include a fragment * component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& AddCallbackURLs(const char* value) { m_callbackURLsHasBeenSet = true; m_callbackURLs.push_back(value); return *this; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline const Aws::Vector& GetLogoutURLs() const{ return m_logoutURLs; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline bool LogoutURLsHasBeenSet() const { return m_logoutURLsHasBeenSet; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline void SetLogoutURLs(const Aws::Vector& value) { m_logoutURLsHasBeenSet = true; m_logoutURLs = value; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline void SetLogoutURLs(Aws::Vector&& value) { m_logoutURLsHasBeenSet = true; m_logoutURLs = std::move(value); } /** *

A list of allowed logout URLs for the IdPs.

*/ inline CreateUserPoolClientRequest& WithLogoutURLs(const Aws::Vector& value) { SetLogoutURLs(value); return *this;} /** *

A list of allowed logout URLs for the IdPs.

*/ inline CreateUserPoolClientRequest& WithLogoutURLs(Aws::Vector&& value) { SetLogoutURLs(std::move(value)); return *this;} /** *

A list of allowed logout URLs for the IdPs.

*/ inline CreateUserPoolClientRequest& AddLogoutURLs(const Aws::String& value) { m_logoutURLsHasBeenSet = true; m_logoutURLs.push_back(value); return *this; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline CreateUserPoolClientRequest& AddLogoutURLs(Aws::String&& value) { m_logoutURLsHasBeenSet = true; m_logoutURLs.push_back(std::move(value)); return *this; } /** *

A list of allowed logout URLs for the IdPs.

*/ inline CreateUserPoolClientRequest& AddLogoutURLs(const char* value) { m_logoutURLsHasBeenSet = true; m_logoutURLs.push_back(value); return *this; } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline const Aws::String& GetDefaultRedirectURI() const{ return m_defaultRedirectURI; } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline bool DefaultRedirectURIHasBeenSet() const { return m_defaultRedirectURIHasBeenSet; } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline void SetDefaultRedirectURI(const Aws::String& value) { m_defaultRedirectURIHasBeenSet = true; m_defaultRedirectURI = value; } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline void SetDefaultRedirectURI(Aws::String&& value) { m_defaultRedirectURIHasBeenSet = true; m_defaultRedirectURI = std::move(value); } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline void SetDefaultRedirectURI(const char* value) { m_defaultRedirectURIHasBeenSet = true; m_defaultRedirectURI.assign(value); } /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& WithDefaultRedirectURI(const Aws::String& value) { SetDefaultRedirectURI(value); return *this;} /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& WithDefaultRedirectURI(Aws::String&& value) { SetDefaultRedirectURI(std::move(value)); return *this;} /** *

The default redirect URI. Must be in the CallbackURLs list.

*

A redirect URI must:

  • Be an absolute URI.

  • *

    Be registered with the authorization server.

  • Not include a * fragment component.

See OAuth 2.0 - Redirection * Endpoint.

Amazon Cognito requires HTTPS over HTTP except for * http://localhost for testing purposes only.

App callback URLs such as * myapp://example are also supported.

*/ inline CreateUserPoolClientRequest& WithDefaultRedirectURI(const char* value) { SetDefaultRedirectURI(value); return *this;} /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline const Aws::Vector& GetAllowedOAuthFlows() const{ return m_allowedOAuthFlows; } /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline bool AllowedOAuthFlowsHasBeenSet() const { return m_allowedOAuthFlowsHasBeenSet; } /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline void SetAllowedOAuthFlows(const Aws::Vector& value) { m_allowedOAuthFlowsHasBeenSet = true; m_allowedOAuthFlows = value; } /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline void SetAllowedOAuthFlows(Aws::Vector&& value) { m_allowedOAuthFlowsHasBeenSet = true; m_allowedOAuthFlows = std::move(value); } /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline CreateUserPoolClientRequest& WithAllowedOAuthFlows(const Aws::Vector& value) { SetAllowedOAuthFlows(value); return *this;} /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline CreateUserPoolClientRequest& WithAllowedOAuthFlows(Aws::Vector&& value) { SetAllowedOAuthFlows(std::move(value)); return *this;} /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline CreateUserPoolClientRequest& AddAllowedOAuthFlows(const OAuthFlowType& value) { m_allowedOAuthFlowsHasBeenSet = true; m_allowedOAuthFlows.push_back(value); return *this; } /** *

The allowed OAuth flows.

code

Use a code grant * flow, which provides an authorization code as the response. This code can be * exchanged for access tokens with the /oauth2/token endpoint.

*
implicit

Issue the access token (and, optionally, ID * token, based on scopes) directly to your user.

*
client_credentials

Issue the access token from the * /oauth2/token endpoint directly to a non-person user using a * combination of the client ID and client secret.

*/ inline CreateUserPoolClientRequest& AddAllowedOAuthFlows(OAuthFlowType&& value) { m_allowedOAuthFlowsHasBeenSet = true; m_allowedOAuthFlows.push_back(std::move(value)); return *this; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline const Aws::Vector& GetAllowedOAuthScopes() const{ return m_allowedOAuthScopes; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline bool AllowedOAuthScopesHasBeenSet() const { return m_allowedOAuthScopesHasBeenSet; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline void SetAllowedOAuthScopes(const Aws::Vector& value) { m_allowedOAuthScopesHasBeenSet = true; m_allowedOAuthScopes = value; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline void SetAllowedOAuthScopes(Aws::Vector&& value) { m_allowedOAuthScopesHasBeenSet = true; m_allowedOAuthScopes = std::move(value); } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline CreateUserPoolClientRequest& WithAllowedOAuthScopes(const Aws::Vector& value) { SetAllowedOAuthScopes(value); return *this;} /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline CreateUserPoolClientRequest& WithAllowedOAuthScopes(Aws::Vector&& value) { SetAllowedOAuthScopes(std::move(value)); return *this;} /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline CreateUserPoolClientRequest& AddAllowedOAuthScopes(const Aws::String& value) { m_allowedOAuthScopesHasBeenSet = true; m_allowedOAuthScopes.push_back(value); return *this; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline CreateUserPoolClientRequest& AddAllowedOAuthScopes(Aws::String&& value) { m_allowedOAuthScopesHasBeenSet = true; m_allowedOAuthScopes.push_back(std::move(value)); return *this; } /** *

The allowed OAuth scopes. Possible values provided by OAuth are * phone, email, openid, and * profile. Possible values provided by Amazon Web Services are * aws.cognito.signin.user.admin. Custom scopes created in Resource * Servers are also supported.

*/ inline CreateUserPoolClientRequest& AddAllowedOAuthScopes(const char* value) { m_allowedOAuthScopesHasBeenSet = true; m_allowedOAuthScopes.push_back(value); return *this; } /** *

Set to true if the client is allowed to follow the OAuth protocol when * interacting with Amazon Cognito user pools.

*/ inline bool GetAllowedOAuthFlowsUserPoolClient() const{ return m_allowedOAuthFlowsUserPoolClient; } /** *

Set to true if the client is allowed to follow the OAuth protocol when * interacting with Amazon Cognito user pools.

*/ inline bool AllowedOAuthFlowsUserPoolClientHasBeenSet() const { return m_allowedOAuthFlowsUserPoolClientHasBeenSet; } /** *

Set to true if the client is allowed to follow the OAuth protocol when * interacting with Amazon Cognito user pools.

*/ inline void SetAllowedOAuthFlowsUserPoolClient(bool value) { m_allowedOAuthFlowsUserPoolClientHasBeenSet = true; m_allowedOAuthFlowsUserPoolClient = value; } /** *

Set to true if the client is allowed to follow the OAuth protocol when * interacting with Amazon Cognito user pools.

*/ inline CreateUserPoolClientRequest& WithAllowedOAuthFlowsUserPoolClient(bool value) { SetAllowedOAuthFlowsUserPoolClient(value); return *this;} /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline const AnalyticsConfigurationType& GetAnalyticsConfiguration() const{ return m_analyticsConfiguration; } /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline bool AnalyticsConfigurationHasBeenSet() const { return m_analyticsConfigurationHasBeenSet; } /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline void SetAnalyticsConfiguration(const AnalyticsConfigurationType& value) { m_analyticsConfigurationHasBeenSet = true; m_analyticsConfiguration = value; } /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline void SetAnalyticsConfiguration(AnalyticsConfigurationType&& value) { m_analyticsConfigurationHasBeenSet = true; m_analyticsConfiguration = std::move(value); } /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline CreateUserPoolClientRequest& WithAnalyticsConfiguration(const AnalyticsConfigurationType& value) { SetAnalyticsConfiguration(value); return *this;} /** *

The user pool analytics configuration for collecting metrics and sending them * to your Amazon Pinpoint campaign.

In Amazon Web Services Regions * where Amazon Pinpoint isn't available, user pools only support sending events to * Amazon Pinpoint projects in Amazon Web Services Region us-east-1. In Regions * where Amazon Pinpoint is available, user pools support sending events to Amazon * Pinpoint projects within that same Region.

*/ inline CreateUserPoolClientRequest& WithAnalyticsConfiguration(AnalyticsConfigurationType&& value) { SetAnalyticsConfiguration(std::move(value)); return *this;} /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline const PreventUserExistenceErrorTypes& GetPreventUserExistenceErrors() const{ return m_preventUserExistenceErrors; } /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline bool PreventUserExistenceErrorsHasBeenSet() const { return m_preventUserExistenceErrorsHasBeenSet; } /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline void SetPreventUserExistenceErrors(const PreventUserExistenceErrorTypes& value) { m_preventUserExistenceErrorsHasBeenSet = true; m_preventUserExistenceErrors = value; } /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline void SetPreventUserExistenceErrors(PreventUserExistenceErrorTypes&& value) { m_preventUserExistenceErrorsHasBeenSet = true; m_preventUserExistenceErrors = std::move(value); } /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline CreateUserPoolClientRequest& WithPreventUserExistenceErrors(const PreventUserExistenceErrorTypes& value) { SetPreventUserExistenceErrors(value); return *this;} /** *

Errors and responses that you want Amazon Cognito APIs to return during * authentication, account confirmation, and password recovery when the user * doesn't exist in the user pool. When set to ENABLED and the user * doesn't exist, authentication returns an error indicating either the username or * password was incorrect. Account confirmation and password recovery return a * response indicating a code was sent to a simulated destination. When set to * LEGACY, those APIs return a UserNotFoundException * exception if the user doesn't exist in the user pool.

Valid values * include:

  • ENABLED - This prevents user * existence-related errors.

  • LEGACY - This * represents the early behavior of Amazon Cognito where user existence related * errors aren't prevented.

*/ inline CreateUserPoolClientRequest& WithPreventUserExistenceErrors(PreventUserExistenceErrorTypes&& value) { SetPreventUserExistenceErrors(std::move(value)); return *this;} /** *

Activates or deactivates token revocation. For more information about * revoking tokens, see RevokeToken.

*

If you don't include this parameter, token revocation is automatically * activated for the new user pool client.

*/ inline bool GetEnableTokenRevocation() const{ return m_enableTokenRevocation; } /** *

Activates or deactivates token revocation. For more information about * revoking tokens, see RevokeToken.

*

If you don't include this parameter, token revocation is automatically * activated for the new user pool client.

*/ inline bool EnableTokenRevocationHasBeenSet() const { return m_enableTokenRevocationHasBeenSet; } /** *

Activates or deactivates token revocation. For more information about * revoking tokens, see RevokeToken.

*

If you don't include this parameter, token revocation is automatically * activated for the new user pool client.

*/ inline void SetEnableTokenRevocation(bool value) { m_enableTokenRevocationHasBeenSet = true; m_enableTokenRevocation = value; } /** *

Activates or deactivates token revocation. For more information about * revoking tokens, see RevokeToken.

*

If you don't include this parameter, token revocation is automatically * activated for the new user pool client.

*/ inline CreateUserPoolClientRequest& WithEnableTokenRevocation(bool value) { SetEnableTokenRevocation(value); return *this;} /** *

Activates the propagation of additional user context data. For more * information about propagation of user context data, see * Adding advanced security to a user pool. If you don’t include this * parameter, you can't send device fingerprint information, including source IP * address, to Amazon Cognito advanced security. You can only activate * EnablePropagateAdditionalUserContextData in an app client that has * a client secret.

*/ inline bool GetEnablePropagateAdditionalUserContextData() const{ return m_enablePropagateAdditionalUserContextData; } /** *

Activates the propagation of additional user context data. For more * information about propagation of user context data, see * Adding advanced security to a user pool. If you don’t include this * parameter, you can't send device fingerprint information, including source IP * address, to Amazon Cognito advanced security. You can only activate * EnablePropagateAdditionalUserContextData in an app client that has * a client secret.

*/ inline bool EnablePropagateAdditionalUserContextDataHasBeenSet() const { return m_enablePropagateAdditionalUserContextDataHasBeenSet; } /** *

Activates the propagation of additional user context data. For more * information about propagation of user context data, see * Adding advanced security to a user pool. If you don’t include this * parameter, you can't send device fingerprint information, including source IP * address, to Amazon Cognito advanced security. You can only activate * EnablePropagateAdditionalUserContextData in an app client that has * a client secret.

*/ inline void SetEnablePropagateAdditionalUserContextData(bool value) { m_enablePropagateAdditionalUserContextDataHasBeenSet = true; m_enablePropagateAdditionalUserContextData = value; } /** *

Activates the propagation of additional user context data. For more * information about propagation of user context data, see * Adding advanced security to a user pool. If you don’t include this * parameter, you can't send device fingerprint information, including source IP * address, to Amazon Cognito advanced security. You can only activate * EnablePropagateAdditionalUserContextData in an app client that has * a client secret.

*/ inline CreateUserPoolClientRequest& WithEnablePropagateAdditionalUserContextData(bool value) { SetEnablePropagateAdditionalUserContextData(value); return *this;} /** *

Amazon Cognito creates a session token for each API request in an * authentication flow. AuthSessionValidity is the duration, in * minutes, of that session token. Your user pool native user must respond to each * authentication challenge before the session expires.

*/ inline int GetAuthSessionValidity() const{ return m_authSessionValidity; } /** *

Amazon Cognito creates a session token for each API request in an * authentication flow. AuthSessionValidity is the duration, in * minutes, of that session token. Your user pool native user must respond to each * authentication challenge before the session expires.

*/ inline bool AuthSessionValidityHasBeenSet() const { return m_authSessionValidityHasBeenSet; } /** *

Amazon Cognito creates a session token for each API request in an * authentication flow. AuthSessionValidity is the duration, in * minutes, of that session token. Your user pool native user must respond to each * authentication challenge before the session expires.

*/ inline void SetAuthSessionValidity(int value) { m_authSessionValidityHasBeenSet = true; m_authSessionValidity = value; } /** *

Amazon Cognito creates a session token for each API request in an * authentication flow. AuthSessionValidity is the duration, in * minutes, of that session token. Your user pool native user must respond to each * authentication challenge before the session expires.

*/ inline CreateUserPoolClientRequest& WithAuthSessionValidity(int value) { SetAuthSessionValidity(value); return *this;} private: Aws::String m_userPoolId; bool m_userPoolIdHasBeenSet = false; Aws::String m_clientName; bool m_clientNameHasBeenSet = false; bool m_generateSecret; bool m_generateSecretHasBeenSet = false; int m_refreshTokenValidity; bool m_refreshTokenValidityHasBeenSet = false; int m_accessTokenValidity; bool m_accessTokenValidityHasBeenSet = false; int m_idTokenValidity; bool m_idTokenValidityHasBeenSet = false; TokenValidityUnitsType m_tokenValidityUnits; bool m_tokenValidityUnitsHasBeenSet = false; Aws::Vector m_readAttributes; bool m_readAttributesHasBeenSet = false; Aws::Vector m_writeAttributes; bool m_writeAttributesHasBeenSet = false; Aws::Vector m_explicitAuthFlows; bool m_explicitAuthFlowsHasBeenSet = false; Aws::Vector m_supportedIdentityProviders; bool m_supportedIdentityProvidersHasBeenSet = false; Aws::Vector m_callbackURLs; bool m_callbackURLsHasBeenSet = false; Aws::Vector m_logoutURLs; bool m_logoutURLsHasBeenSet = false; Aws::String m_defaultRedirectURI; bool m_defaultRedirectURIHasBeenSet = false; Aws::Vector m_allowedOAuthFlows; bool m_allowedOAuthFlowsHasBeenSet = false; Aws::Vector m_allowedOAuthScopes; bool m_allowedOAuthScopesHasBeenSet = false; bool m_allowedOAuthFlowsUserPoolClient; bool m_allowedOAuthFlowsUserPoolClientHasBeenSet = false; AnalyticsConfigurationType m_analyticsConfiguration; bool m_analyticsConfigurationHasBeenSet = false; PreventUserExistenceErrorTypes m_preventUserExistenceErrors; bool m_preventUserExistenceErrorsHasBeenSet = false; bool m_enableTokenRevocation; bool m_enableTokenRevocationHasBeenSet = false; bool m_enablePropagateAdditionalUserContextData; bool m_enablePropagateAdditionalUserContextDataHasBeenSet = false; int m_authSessionValidity; bool m_authSessionValidityHasBeenSet = false; }; } // namespace Model } // namespace CognitoIdentityProvider } // namespace Aws