Class: Aws::CognitoIdentityProvider::Types::IdentityProviderType

Inherits:

Struct

• Object
• Struct
• Aws::CognitoIdentityProvider::Types::IdentityProviderType

Includes:

Structure

Defined in:

lib/aws-sdk-cognitoidentityprovider/types.rb

Overview

A container for information about an IdP.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #attribute_mapping ⇒ Hash<String,String>

  A mapping of IdP attributes to standard and custom user pool attributes.

• #creation_date ⇒ Time

  The date and time when the item was created.

• #idp_identifiers ⇒ Array<String>

  A list of IdP identifiers.

• #last_modified_date ⇒ Time

  The date and time when the item was modified.

• #provider_details ⇒ Hash<String,String>

  The scopes, URLs, and identifiers for your external identity provider.

• #provider_name ⇒ String

  The IdP name.

• #provider_type ⇒ String

  The IdP type.

• #user_pool_id ⇒ String

  The user pool ID.

Instance Attribute Details

#attribute_mapping ⇒ Hash<String,String>

A mapping of IdP attributes to standard and custom user pool attributes.

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#creation_date ⇒ Time

The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ‘Date` object.

Returns:

• (Time)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#idp_identifiers ⇒ Array<String>

A list of IdP identifiers.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#last_modified_date ⇒ Time

The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java ‘Date` object.

Returns:

• (Time)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#provider_details ⇒ Hash<String,String>

The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP ‘authorize_scopes` values must match the values listed here.

OpenID Connect (OIDC)

: Amazon Cognito accepts the following elements when it can’t

discover endpoint URLs from `oidc_issuer`: `attributes_url`,
`authorize_url`, `jwks_uri`, `token_url`.

Create or update request: `"ProviderDetails": \{
"attributes_request_method": "GET", "attributes_url":
"https://auth.example.com/userInfo", "authorize_scopes": "openid
profile email", "authorize_url":
"https://auth.example.com/authorize", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret",
"jwks_uri": "https://auth.example.com/.well-known/jwks.json",
"oidc_issuer": "https://auth.example.com", "token_url":
"https://example.com/token" \}`

Describe response: `"ProviderDetails": \{
"attributes_request_method": "GET", "attributes_url":
"https://auth.example.com/userInfo",
"attributes_url_add_attributes": "false", "authorize_scopes":
"openid profile email", "authorize_url":
"https://auth.example.com/authorize", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret",
"jwks_uri": "https://auth.example.com/.well-known/jwks.json",
"oidc_issuer": "https://auth.example.com", "token_url":
"https://example.com/token" \}`

SAML

: Create or update request with Metadata URL: ‘“ProviderDetails”:

"IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
"true", "MetadataURL":
"https://auth.example.com/sso/saml/metadata",
"RequestSigningAlgorithm": "rsa-sha256" \`

Create or update request with Metadata file: `"ProviderDetails":
\{ "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" :
"true", "MetadataFile": "[metadata XML]",
"RequestSigningAlgorithm": "rsa-sha256" \}`

The value of `MetadataFile` must be the plaintext metadata
document with all quote (") characters escaped by backslashes.

Describe response: `"ProviderDetails": \{ "IDPInit": "true",
"IDPSignout": "true", "EncryptedResponses" : "true",
"ActiveEncryptionCertificate": "[certificate]", "MetadataURL":
"https://auth.example.com/sso/saml/metadata",
"RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI":
"https://auth.example.com/slo/saml", "SSORedirectBindingURI":
"https://auth.example.com/sso/saml" \}`

LoginWithAmazon

: Create or update request: ‘“ProviderDetails”: {

"authorize_scopes": "profile postal_code", "client_id":
"amzn1.application-oa2-client.1example23456789", "client_secret":
"provider-app-client-secret"`

Describe response: `"ProviderDetails": \{ "attributes_url":
"https://api.amazon.com/user/profile",
"attributes_url_add_attributes": "false", "authorize_scopes":
"profile postal_code", "authorize_url":
"https://www.amazon.com/ap/oa", "client_id":
"amzn1.application-oa2-client.1example23456789", "client_secret":
"provider-app-client-secret", "token_request_method": "POST",
"token_url": "https://api.amazon.com/auth/o2/token" \}`

Google

: Create or update request: ‘“ProviderDetails”: {

"authorize_scopes": "email profile openid", "client_id":
"1example23456789.apps.googleusercontent.com", "client_secret":
"provider-app-client-secret" \}`

Describe response: `"ProviderDetails": \{ "attributes_url":
"https://people.googleapis.com/v1/people/me?personFields=",
"attributes_url_add_attributes": "true", "authorize_scopes":
"email profile openid", "authorize_url":
"https://accounts.google.com/o/oauth2/v2/auth", "client_id":
"1example23456789.apps.googleusercontent.com", "client_secret":
"provider-app-client-secret", "oidc_issuer":
"https://accounts.google.com", "token_request_method": "POST",
"token_url": "https://www.googleapis.com/oauth2/v4/token" \}`

SignInWithApple

: Create or update request: ‘“ProviderDetails”: {

"authorize_scopes": "email name", "client_id":
"com.example.cognito", "private_key": "1EXAMPLE", "key_id":
"2EXAMPLE", "team_id": "3EXAMPLE" \}`

Describe response: `"ProviderDetails": \{
"attributes_url_add_attributes": "false", "authorize_scopes":
"email name", "authorize_url":
"https://appleid.apple.com/auth/authorize", "client_id":
"com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer":
"https://appleid.apple.com", "team_id": "2EXAMPLE",
"token_request_method": "POST", "token_url":
"https://appleid.apple.com/auth/token" \}`

Facebook

: Create or update request: ‘“ProviderDetails”: { “api_version”:

"v17.0", "authorize_scopes": "public_profile, email", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret"
\}`

Describe response: `"ProviderDetails": \{ "api_version": "v17.0",
"attributes_url": "https://graph.facebook.com/v17.0/me?fields=",
"attributes_url_add_attributes": "true", "authorize_scopes":
"public_profile, email", "authorize_url":
"https://www.facebook.com/v17.0/dialog/oauth", "client_id":
"1example23456789", "client_secret": "provider-app-client-secret",
"token_request_method": "GET", "token_url":
"https://graph.facebook.com/v17.0/oauth/access_token" \}`

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#provider_name ⇒ String

The IdP name.

Returns:

• (String)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#provider_type ⇒ String

The IdP type.

Returns:

• (String)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end

#user_pool_id ⇒ String

The user pool ID.

Returns:

• (String)

# File 'lib/aws-sdk-cognitoidentityprovider/types.rb', line 5448

class IdentityProviderType < Struct.new(
  :user_pool_id,
  :provider_name,
  :provider_type,
  :provider_details,
  :attribute_mapping,
  :idp_identifiers,
  :last_modified_date,
  :creation_date)
  SENSITIVE = []
  include Aws::Structure
end