daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
cdk/node_modules/aws-cdk-lib/aws-cognito/.jsiirc.json generated vendored Normal file
View File

@@ -0,0 +1,13 @@
{
"targets": {
"java": {
"package": "software.amazon.awscdk.services.cognito"
},
"dotnet": {
"namespace": "Amazon.CDK.AWS.Cognito"
},
"python": {
"module": "aws_cdk.aws_cognito"
}
}
}

1282
cdk/node_modules/aws-cdk-lib/aws-cognito/README.md generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-cognito/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1 @@
export * from './lib';

1
cdk/node_modules/aws-cdk-lib/aws-cognito/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

22
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/cognito-canned-metrics.generated.d.ts generated vendored Normal file
View File

@@ -0,0 +1,22 @@
export interface MetricWithDims<D> {
readonly namespace: string;
readonly metricName: string;
readonly statistic: string;
readonly dimensionsMap: D;
}
export declare class CognitoMetrics {
static noRiskSum(this: void, dimensions: {
Operation: string;
UserPoolId: string;
}): MetricWithDims<{
Operation: string;
UserPoolId: string;
}>;
static riskSum(this: void, dimensions: {
Operation: string;
UserPoolId: string;
}): MetricWithDims<{
Operation: string;
UserPoolId: string;
}>;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/cognito-canned-metrics.generated.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.CognitoMetrics=void 0;class CognitoMetrics{static noRiskSum(dimensions){return{namespace:"AWS/Cognito",metricName:"NoRisk",dimensionsMap:dimensions,statistic:"Sum"}}static riskSum(dimensions){return{namespace:"AWS/Cognito",metricName:"Risk",dimensionsMap:dimensions,statistic:"Sum"}}}exports.CognitoMetrics=CognitoMetrics;

5116
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/cognito.generated.d.ts generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/cognito.generated.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

10
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,10 @@
export * from './cognito.generated';
export * from './user-pool';
export * from './user-pool-attr';
export * from './user-pool-client';
export * from './user-pool-domain';
export * from './user-pool-email';
export * from './user-pool-group';
export * from './user-pool-idp';
export * from './user-pool-idps';
export * from './user-pool-resource-server';

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/index.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

23
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/private/attr-names.d.ts generated vendored Normal file
View File

@@ -0,0 +1,23 @@
export declare const StandardAttributeNames: {
address: string;
birthdate: string;
email: string;
familyName: string;
gender: string;
givenName: string;
locale: string;
middleName: string;
fullname: string;
nickname: string;
phoneNumber: string;
profilePicture: string;
preferredUsername: string;
profilePage: string;
timezone: string;
lastUpdateTime: string;
website: string;
/** @deprecated */
emailVerified: string;
/** @deprecated */
phoneNumberVerified: string;
};

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/private/attr-names.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.StandardAttributeNames=void 0,exports.StandardAttributeNames={address:"address",birthdate:"birthdate",email:"email",familyName:"family_name",gender:"gender",givenName:"given_name",locale:"locale",middleName:"middle_name",fullname:"name",nickname:"nickname",phoneNumber:"phone_number",profilePicture:"picture",preferredUsername:"preferred_username",profilePage:"profile",timezone:"zoneinfo",lastUpdateTime:"updated_at",website:"website",emailVerified:"email_verified",phoneNumberVerified:"phone_number_verified"};

8
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/private/ref-utils.d.ts generated vendored Normal file
View File

@@ -0,0 +1,8 @@
import type { IUserPoolIdentityProviderRef, IUserPoolRef } from '../cognito.generated';
import type { IUserPool } from '../user-pool';
import type { IUserPoolIdentityProvider } from '../user-pool-idp';
/**
* Converts an IUserPoolRef to IUserPool, validating that it implements the full interface
*/
export declare function toIUserPool(ref: IUserPoolRef): IUserPool;
export declare function isIUserPoolIdentityProvider(x: IUserPoolIdentityProviderRef): x is IUserPoolIdentityProvider;

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/private/ref-utils.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.toIUserPool=toIUserPool,exports.isIUserPoolIdentityProvider=isIUserPoolIdentityProvider;var core_1=()=>{var tmp=require("../../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function toIUserPool(ref){if(!isIUserPool(ref))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`UserpoolInstanceShouldImplement`,`'userPool' instance should implement IUserPool, but doesn't: ${ref.constructor.name}`);return ref}function isIUserPool(pool){return"userPoolId"in pool&&"userPoolArn"in pool&&"userPoolProviderName"in pool}function isIUserPoolIdentityProvider(x){return"providerName"in x}

375
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-attr.d.ts generated vendored Normal file
View File

@@ -0,0 +1,375 @@
/**
* The set of standard attributes that can be marked as required or mutable.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes
*/
export interface StandardAttributes {
/**
* The user's postal address.
* @default - see the defaults under `StandardAttribute`
*/
readonly address?: StandardAttribute;
/**
* The user's birthday, represented as an ISO 8601:2004 format.
* @default - see the defaults under `StandardAttribute`
*/
readonly birthdate?: StandardAttribute;
/**
* The user's e-mail address, represented as an RFC 5322 [RFC5322] addr-spec.
* @default - see the defaults under `StandardAttribute`
*/
readonly email?: StandardAttribute;
/**
* The surname or last name of the user.
* @default - see the defaults under `StandardAttribute`
*/
readonly familyName?: StandardAttribute;
/**
* The user's gender.
* @default - see the defaults under `StandardAttribute`
*/
readonly gender?: StandardAttribute;
/**
* The user's first name or give name.
* @default - see the defaults under `StandardAttribute`
*/
readonly givenName?: StandardAttribute;
/**
* The user's locale, represented as a BCP47 [RFC5646] language tag.
* @default - see the defaults under `StandardAttribute`
*/
readonly locale?: StandardAttribute;
/**
* The user's middle name.
* @default - see the defaults under `StandardAttribute`
*/
readonly middleName?: StandardAttribute;
/**
* The user's full name in displayable form, including all name parts, titles and suffixes.
* @default - see the defaults under `StandardAttribute`
*/
readonly fullname?: StandardAttribute;
/**
* The user's nickname or casual name.
* @default - see the defaults under `StandardAttribute`
*/
readonly nickname?: StandardAttribute;
/**
* The user's telephone number.
* @default - see the defaults under `StandardAttribute`
*/
readonly phoneNumber?: StandardAttribute;
/**
* The URL to the user's profile picture.
* @default - see the defaults under `StandardAttribute`
*/
readonly profilePicture?: StandardAttribute;
/**
* The user's preferred username, different from the immutable user name.
* @default - see the defaults under `StandardAttribute`
*/
readonly preferredUsername?: StandardAttribute;
/**
* The URL to the user's profile page.
* @default - see the defaults under `StandardAttribute`
*/
readonly profilePage?: StandardAttribute;
/**
* The user's time zone.
* @default - see the defaults under `StandardAttribute`
*/
readonly timezone?: StandardAttribute;
/**
* The time, the user's information was last updated.
* @default - see the defaults under `StandardAttribute`
*/
readonly lastUpdateTime?: StandardAttribute;
/**
* The URL to the user's web page or blog.
* @default - see the defaults under `StandardAttribute`
*/
readonly website?: StandardAttribute;
}
/**
* Standard attribute that can be marked as required or mutable.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes
*/
export interface StandardAttribute {
/**
* Specifies whether the value of the attribute can be changed.
* For any user pool attribute that's mapped to an identity provider attribute, this must be set to `true`.
* Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
* If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
*
* @default true
*/
readonly mutable?: boolean;
/**
* Specifies whether the attribute is required upon user registration.
* If the attribute is required and the user does not provide a value, registration or sign-in will fail.
*
* @default false
*/
readonly required?: boolean;
}
/**
* Represents a custom attribute type.
*/
export interface ICustomAttribute {
/**
* Bind this custom attribute type to the values as expected by CloudFormation
*/
bind(): CustomAttributeConfig;
}
/**
* Configuration that will be fed into CloudFormation for any custom attribute type.
*/
export interface CustomAttributeConfig {
/**
* The data type of the custom attribute.
*
* @see https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SchemaAttributeType.html#CognitoUserPools-Type-SchemaAttributeType-AttributeDataType
*/
readonly dataType: string;
/**
* The constraints for a custom attribute of 'String' data type.
* @default - None.
*/
readonly stringConstraints?: StringAttributeConstraints;
/**
* The constraints for a custom attribute of the 'Number' data type.
* @default - None.
*/
readonly numberConstraints?: NumberAttributeConstraints;
/**
* Specifies whether the value of the attribute can be changed.
* For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
* Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
* If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
*
* @default false
*/
readonly mutable?: boolean;
}
/**
* Constraints that can be applied to a custom attribute of any type.
*/
export interface CustomAttributeProps {
/**
* Specifies whether the value of the attribute can be changed.
* For any user pool attribute that's mapped to an identity provider attribute, you must set this parameter to true.
* Amazon Cognito updates mapped attributes when users sign in to your application through an identity provider.
* If an attribute is immutable, Amazon Cognito throws an error when it attempts to update the attribute.
*
* @default false
*/
readonly mutable?: boolean;
}
/**
* Constraints that can be applied to a custom attribute of string type.
*/
export interface StringAttributeConstraints {
/**
* Minimum length of this attribute.
* @default 0
*/
readonly minLen?: number;
/**
* Maximum length of this attribute.
* @default 2048
*/
readonly maxLen?: number;
}
/**
* Props for constructing a StringAttr
*/
export interface StringAttributeProps extends StringAttributeConstraints, CustomAttributeProps {
}
/**
* The String custom attribute type.
*/
export declare class StringAttribute implements ICustomAttribute {
private readonly minLen?;
private readonly maxLen?;
private readonly mutable?;
constructor(props?: StringAttributeProps);
bind(): CustomAttributeConfig;
}
/**
* Constraints that can be applied to a custom attribute of number type.
*/
export interface NumberAttributeConstraints {
/**
* Minimum value of this attribute.
* @default - no minimum value
*/
readonly min?: number;
/**
* Maximum value of this attribute.
* @default - no maximum value
*/
readonly max?: number;
}
/**
* Props for NumberAttr
*/
export interface NumberAttributeProps extends NumberAttributeConstraints, CustomAttributeProps {
}
/**
* The Number custom attribute type.
*/
export declare class NumberAttribute implements ICustomAttribute {
private readonly min?;
private readonly max?;
private readonly mutable?;
constructor(props?: NumberAttributeProps);
bind(): CustomAttributeConfig;
}
/**
* The Boolean custom attribute type.
*/
export declare class BooleanAttribute implements ICustomAttribute {
private readonly mutable?;
constructor(props?: CustomAttributeProps);
bind(): CustomAttributeConfig;
}
/**
* The DateTime custom attribute type.
*/
export declare class DateTimeAttribute implements ICustomAttribute {
private readonly mutable?;
constructor(props?: CustomAttributeProps);
bind(): CustomAttributeConfig;
}
/**
* This interface contains standard attributes recognized by Cognito
* from https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
* including built-in attributes `email_verified` and `phone_number_verified`
*/
export interface StandardAttributesMask {
/**
* The user's postal address.
* @default false
*/
readonly address?: boolean;
/**
* The user's birthday, represented as an ISO 8601:2004 format.
* @default false
*/
readonly birthdate?: boolean;
/**
* The user's e-mail address, represented as an RFC 5322 [RFC5322] addr-spec.
* @default false
*/
readonly email?: boolean;
/**
* The surname or last name of the user.
* @default false
*/
readonly familyName?: boolean;
/**
* The user's gender.
* @default false
*/
readonly gender?: boolean;
/**
* The user's first name or give name.
* @default false
*/
readonly givenName?: boolean;
/**
* The user's locale, represented as a BCP47 [RFC5646] language tag.
* @default false
*/
readonly locale?: boolean;
/**
* The user's middle name.
* @default false
*/
readonly middleName?: boolean;
/**
* The user's full name in displayable form, including all name parts, titles and suffixes.
* @default false
*/
readonly fullname?: boolean;
/**
* The user's nickname or casual name.
* @default false
*/
readonly nickname?: boolean;
/**
* The user's telephone number.
* @default false
*/
readonly phoneNumber?: boolean;
/**
* The URL to the user's profile picture.
* @default false
*/
readonly profilePicture?: boolean;
/**
* The user's preferred username, different from the immutable user name.
* @default false
*/
readonly preferredUsername?: boolean;
/**
* The URL to the user's profile page.
* @default false
*/
readonly profilePage?: boolean;
/**
* The user's time zone.
* @default false
*/
readonly timezone?: boolean;
/**
* The time, the user's information was last updated.
* @default false
*/
readonly lastUpdateTime?: boolean;
/**
* The URL to the user's web page or blog.
* @default false
*/
readonly website?: boolean;
/**
* Whether the email address has been verified.
* @default false
*/
readonly emailVerified?: boolean;
/**
* Whether the phone number has been verified.
* @default false
*/
readonly phoneNumberVerified?: boolean;
}
/**
* A set of attributes, useful to set Read and Write attributes
*/
export declare class ClientAttributes {
/**
* The set of attributes
*/
private attributesSet;
/**
* Creates a ClientAttributes with the specified attributes
*
* @default - a ClientAttributes object without any attributes
*/
constructor();
/**
* Creates a custom ClientAttributes with the specified attributes
* @param attributes a list of standard attributes to add to the set
*/
withStandardAttributes(attributes: StandardAttributesMask): ClientAttributes;
/**
* Creates a custom ClientAttributes with the specified attributes
* @param attributes a list of custom attributes to add to the set
*/
withCustomAttributes(...attributes: string[]): ClientAttributes;
/**
* The list of attributes represented by this ClientAttributes
*/
attributes(): string[];
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-attr.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClientAttributes=exports.DateTimeAttribute=exports.BooleanAttribute=exports.NumberAttribute=exports.StringAttribute=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var attr_names_1=()=>{var tmp=require("./private/attr-names");return attr_names_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class StringAttribute{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.StringAttribute",version:"2.252.0"};minLen;maxLen;mutable;constructor(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_StringAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,StringAttribute),error}if(props.minLen&&!core_1().Token.isUnresolved(props.minLen)&&props.minLen<0)throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`MinlenCannotLessThan`,`minLen cannot be less than 0 (value: ${props.minLen}).`);if(props.maxLen&&!core_1().Token.isUnresolved(props.maxLen)&&props.maxLen>2048)throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`MaxlenCannotGreaterThan`,`maxLen cannot be greater than 2048 (value: ${props.maxLen}).`);this.minLen=props?.minLen,this.maxLen=props?.maxLen,this.mutable=props?.mutable}bind(){let stringConstraints;return(this.minLen||this.maxLen)&&(stringConstraints={minLen:this.minLen,maxLen:this.maxLen}),{dataType:"String",stringConstraints,mutable:this.mutable}}}exports.StringAttribute=StringAttribute;class NumberAttribute{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.NumberAttribute",version:"2.252.0"};min;max;mutable;constructor(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_NumberAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NumberAttribute),error}this.min=props?.min,this.max=props?.max,this.mutable=props?.mutable}bind(){let numberConstraints;return(this.min||this.max)&&(numberConstraints={min:this.min,max:this.max}),{dataType:"Number",numberConstraints,mutable:this.mutable}}}exports.NumberAttribute=NumberAttribute;class BooleanAttribute{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.BooleanAttribute",version:"2.252.0"};mutable;constructor(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BooleanAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"Boolean",mutable:this.mutable}}}exports.BooleanAttribute=BooleanAttribute;class DateTimeAttribute{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.DateTimeAttribute",version:"2.252.0"};mutable;constructor(props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DateTimeAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"DateTime",mutable:this.mutable}}}exports.DateTimeAttribute=DateTimeAttribute;class ClientAttributes{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.ClientAttributes",version:"2.252.0"};attributesSet;constructor(){this.attributesSet=new Set}withStandardAttributes(attributes){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_StandardAttributesMask(attributes)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withStandardAttributes),error}let attributesSet=new Set(this.attributesSet);for(const attributeKey in attr_names_1().StandardAttributeNames)if(attributes[attributeKey]===!0){const attributeName=attr_names_1().StandardAttributeNames[attributeKey];attributesSet.add(attributeName)}let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}withCustomAttributes(...attributes){let attributesSet=new Set(this.attributesSet);for(let attribute of attributes)attribute.startsWith("custom:")||(attribute="custom:"+attribute),attributesSet.add(attribute);let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}attributes(){return Array.from(this.attributesSet).sort()}}exports.ClientAttributes=ClientAttributes;

403
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-client.d.ts generated vendored Normal file
View File

@@ -0,0 +1,403 @@
import type { Construct } from 'constructs';
import type { ClientAttributes } from './user-pool-attr';
import type { IUserPoolResourceServer, ResourceServerScope } from './user-pool-resource-server';
import type { IRoleRef } from '../../aws-iam';
import type { CfnApp } from '../../aws-pinpoint';
import type { IResource } from '../../core';
import { Resource, Duration, SecretValue } from '../../core';
import type { IUserPoolClientRef, IUserPoolRef, UserPoolClientReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* Types of authentication flow
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
*/
export interface AuthFlow {
/**
* Enable admin based user password authentication flow
* @default false
*/
readonly adminUserPassword?: boolean;
/**
* Enable custom authentication flow
* @default false
*/
readonly custom?: boolean;
/**
* Enable auth using username & password
* @default false
*/
readonly userPassword?: boolean;
/**
* Enable SRP based authentication
* @default false
*/
readonly userSrp?: boolean;
/**
* Enable Choice-based authentication
* @default false
*/
readonly user?: boolean;
}
/**
* OAuth settings to configure the interaction between the app and this client.
*/
export interface OAuthSettings {
/**
* OAuth flows that are allowed with this client.
* @see - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
* @default {authorizationCodeGrant:true,implicitCodeGrant:true}
*/
readonly flows?: OAuthFlows;
/**
* List of allowed redirect URLs for the identity providers.
* @default - ['https://example.com'] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.
*/
readonly callbackUrls?: string[];
/**
* List of allowed logout URLs for the identity providers.
* @default - no logout URLs
*/
readonly logoutUrls?: string[];
/**
* OAuth scopes that are allowed with this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
* @default [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
*/
readonly scopes?: OAuthScope[];
/**
* The default redirect URI.
* Must be in the `callbackUrls` list.
*
* A redirect URI must:
* * Be an absolute URI
* * Be registered with the authorization server.
* * Not include a fragment component.
*
* @see https://tools.ietf.org/html/rfc6749#section-3.1.2
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
* App callback URLs such as myapp://example are also supported.
*
* @default - no default redirect URI
*/
readonly defaultRedirectUri?: string;
}
/**
* Types of OAuth grant flows
* @see - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
*/
export interface OAuthFlows {
/**
* Initiate an authorization code grant flow, which provides an authorization code as the response.
* @default false
*/
readonly authorizationCodeGrant?: boolean;
/**
* The client should get the access token and ID token directly.
* @default false
*/
readonly implicitCodeGrant?: boolean;
/**
* Client should get the access token and ID token from the token endpoint
* using a combination of client and client_secret.
* @default false
*/
readonly clientCredentials?: boolean;
}
/**
* OAuth scopes that are allowed with this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
*/
export declare class OAuthScope {
/**
* Grants access to the 'phone_number' and 'phone_number_verified' claims.
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly PHONE: OAuthScope;
/**
* Grants access to the 'email' and 'email_verified' claims.
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly EMAIL: OAuthScope;
/**
* Returns all user attributes in the ID token that are readable by the client
*/
static readonly OPENID: OAuthScope;
/**
* Grants access to all user attributes that are readable by the client
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly PROFILE: OAuthScope;
/**
* Grants access to Amazon Cognito User Pool API operations that require access tokens,
* such as UpdateUserAttributes and VerifyUserAttribute.
*/
static readonly COGNITO_ADMIN: OAuthScope;
/**
* Custom scope is one that you define for your own resource server in the Resource Servers.
* The format is 'resource-server-identifier/scope'.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html
*/
static custom(name: string): OAuthScope;
/**
* Adds a custom scope that's tied to a resource server in your stack
*/
static resourceServer(server: IUserPoolResourceServer, scope: ResourceServerScope): OAuthScope;
/**
* The name of this scope as recognized by CloudFormation.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
*/
readonly scopeName: string;
private constructor();
}
/**
* Identity providers supported by the UserPoolClient
*/
export declare class UserPoolClientIdentityProvider {
/**
* Allow users to sign in using 'Sign In With Apple'.
* A `UserPoolIdentityProviderApple` must be attached to the user pool.
*/
static readonly APPLE: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Facebook Login'.
* A `UserPoolIdentityProviderFacebook` must be attached to the user pool.
*/
static readonly FACEBOOK: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Google Login'.
* A `UserPoolIdentityProviderGoogle` must be attached to the user pool.
*/
static readonly GOOGLE: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Login With Amazon'.
* A `UserPoolIdentityProviderAmazon` must be attached to the user pool.
*/
static readonly AMAZON: UserPoolClientIdentityProvider;
/**
* Allow users to sign in directly as a user of the User Pool
*/
static readonly COGNITO: UserPoolClientIdentityProvider;
/**
* Specify a provider not yet supported by the CDK.
* @param name name of the identity provider as recognized by CloudFormation property `SupportedIdentityProviders`
*/
static custom(name: string): UserPoolClientIdentityProvider;
/** The name of the identity provider as recognized by CloudFormation property `SupportedIdentityProviders` */
readonly name: string;
private constructor();
}
/**
* Options to create a UserPoolClient
*/
export interface UserPoolClientOptions {
/**
* Name of the application client
* @default - cloudformation generated name
*/
readonly userPoolClientName?: string;
/**
* Whether to generate a client secret
* @default false
*/
readonly generateSecret?: boolean;
/**
* The set of OAuth authentication flows to enable on the client
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
* @default - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*/
readonly authFlows?: AuthFlow;
/**
* Turns off all OAuth interactions for this client.
* @default false
*/
readonly disableOAuth?: boolean;
/**
* OAuth settings for this client to interact with the app.
* An error is thrown when this is specified and `disableOAuth` is set.
* @default - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.
*/
readonly oAuth?: OAuthSettings;
/**
* Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token.
* see defaults in `AuthSessionValidity`. Valid duration is from 3 to 15 minutes.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity
* @default - Duration.minutes(3)
*/
readonly authSessionValidity?: Duration;
/**
* Whether Cognito returns a UserNotFoundException exception when the
* user does not exist in the user pool (false), or whether it returns
* another type of error that doesn't reveal the user's absence.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
* @default false
*/
readonly preventUserExistenceErrors?: boolean;
/**
* The list of identity providers that users should be able to use to sign in using this client.
*
* @default - supports all identity providers that are registered with the user pool. If the user pool and/or
* identity providers are imported, either specify this option explicitly or ensure that the identity providers are
* registered with the user pool using the `UserPool.registerIdentityProvider()` API.
*/
readonly supportedIdentityProviders?: UserPoolClientIdentityProvider[];
/**
* Validity of the ID token.
* Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token
* @default Duration.minutes(60)
*/
readonly idTokenValidity?: Duration;
/**
* Validity of the refresh token.
* Values between 60 minutes and 10 years are valid.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token
* @default Duration.days(30)
*/
readonly refreshTokenValidity?: Duration;
/**
* Validity of the access token.
* Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token
* @default Duration.minutes(60)
*/
readonly accessTokenValidity?: Duration;
/**
* Enables refresh token rotation when set.
* Defines the grace period for the original refresh token (0-60 seconds).
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html#using-the-refresh-token-rotation
* @default - undefined (refresh token rotation is disabled)
*/
readonly refreshTokenRotationGracePeriod?: Duration;
/**
* The set of attributes this client will be able to read.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
* @default - all standard and custom attributes
*/
readonly readAttributes?: ClientAttributes;
/**
* The set of attributes this client will be able to write.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
* @default - all standard and custom attributes
*/
readonly writeAttributes?: ClientAttributes;
/**
* Enable token revocation for this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation
* @default true for new user pool clients
*/
readonly enableTokenRevocation?: boolean;
/**
* Enable the propagation of additional user context data.
* You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
* @default false for new user pool clients
*/
readonly enablePropagateAdditionalUserContextData?: boolean;
/**
* The analytics configuration for this client.
* @default - no analytics configuration
*/
readonly analytics?: AnalyticsConfiguration;
}
/**
* Properties for the UserPoolClient construct
*/
export interface UserPoolClientProps extends UserPoolClientOptions {
/**
* The UserPool resource this client will have access to
*/
readonly userPool: IUserPoolRef;
}
/**
* The settings for Amazon Pinpoint analytics configuration.
* With an analytics configuration, your application can collect user-activity metrics for user notifications with an Amazon Pinpoint campaign.
* Amazon Pinpoint isn't available in all AWS Regions.
* For a list of available Regions, see Amazon Cognito and Amazon Pinpoint Region availability: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings.
*/
export interface AnalyticsConfiguration {
/**
* The Amazon Pinpoint project that you want to connect to your user pool app client.
* Amazon Cognito publishes events to the Amazon Pinpoint project.
* You can also configure your application to pass an endpoint ID in the `AnalyticsMetadata` parameter of sign-in operations.
* The endpoint ID is information about the destination for push notifications.
* @default - no configuration, you need to specify either `application` or all of `applicationId`, `externalId`, and `role`.
*/
readonly application?: CfnApp;
/**
* Your Amazon Pinpoint project ID.
* @default - no configuration, you need to specify either this property along with `externalId` and `role` or `application`.
*/
readonly applicationId?: string;
/**
* The external ID of the role that Amazon Cognito assumes to send analytics data to Amazon Pinpoint. More info here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
* @default - no configuration, you need to specify either this property along with `applicationId` and `role` or `application`.
*/
readonly externalId?: string;
/**
* The IAM role that has the permissions required for Amazon Cognito to publish events to Amazon Pinpoint analytics.
* @default - no configuration, you need to specify either this property along with `applicationId` and `externalId` or `application`.
*/
readonly role?: IRoleRef;
/**
* If `true`, Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.
* @default - false
*/
readonly shareUserData?: boolean;
}
/**
* Represents a Cognito user pool client.
*/
export interface IUserPoolClient extends IResource, IUserPoolClientRef {
/**
* Name of the application client
* @attribute
*/
readonly userPoolClientId: string;
/**
* The generated client secret. Only available if the "generateSecret" props is set to true
* @attribute
*/
readonly userPoolClientSecret: SecretValue;
}
/**
* Define a UserPool App Client
*/
export declare class UserPoolClient extends Resource implements IUserPoolClient {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a user pool client given its id.
*/
static fromUserPoolClientId(scope: Construct, id: string, userPoolClientId: string): IUserPoolClient;
readonly userPoolClientId: string;
private _generateSecret?;
private readonly userPool;
private _userPoolClientSecret?;
/**
* The OAuth flows enabled for this client.
*/
readonly oAuthFlows: OAuthFlows;
private readonly _userPoolClientName?;
get userPoolClientRef(): UserPoolClientReference;
constructor(scope: Construct, id: string, props: UserPoolClientProps);
/**
* The client name that was specified via the `userPoolClientName` property during initialization,
* throws an error otherwise.
*/
get userPoolClientName(): string;
get userPoolClientSecret(): SecretValue;
private configureAuthFlows;
private configureOAuthFlows;
private configureOAuthScopes;
private configurePreventUserExistenceErrors;
private configureIdentityProviders;
private configureAuthSessionValidity;
private configureTokenValidity;
private configureRefreshTokenRotation;
private validateDuration;
private configureAnalytics;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-client.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

159
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-domain.d.ts generated vendored Normal file
View File

@@ -0,0 +1,159 @@
import type { Construct } from 'constructs';
import type { UserPoolClient } from './user-pool-client';
import type { IResource } from '../../core';
import { Resource } from '../../core';
import type { ICertificateRef } from '../../interfaces/generated/aws-certificatemanager-interfaces.generated';
import type { IUserPoolDomainRef, IUserPoolRef, UserPoolDomainReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* The branding version of managed login for the domain.
*/
export declare enum ManagedLoginVersion {
/**
* The classic hosted UI.
*/
CLASSIC_HOSTED_UI = 1,
/**
* The newer managed login with the branding designer.
*/
NEWER_MANAGED_LOGIN = 2
}
/**
* Represents a user pool domain.
*/
export interface IUserPoolDomain extends IResource, IUserPoolDomainRef {
/**
* The domain that was specified to be created.
* If `customDomain` was selected, this holds the full domain name that was specified.
* If the `cognitoDomain` was used, it contains the prefix to the Cognito hosted domain.
* @attribute
*/
readonly domainName: string;
}
/**
* Options while specifying custom domain
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
*/
export interface CustomDomainOptions {
/**
* The custom domain name that you would like to associate with this User Pool.
*/
readonly domainName: string;
/**
* The certificate to associate with this domain.
*/
readonly certificate: ICertificateRef;
}
/**
* Options while specifying a cognito prefix domain.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html
*/
export interface CognitoDomainOptions {
/**
* The prefix to the Cognito hosted domain name that will be associated with the user pool.
*/
readonly domainPrefix: string;
}
/**
* Options to create a UserPoolDomain
*/
export interface UserPoolDomainOptions {
/**
* Associate a custom domain with your user pool
* Either `customDomain` or `cognitoDomain` must be specified.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-add-custom-domain.html
* @default - not set if `cognitoDomain` is specified, otherwise, throws an error.
*/
readonly customDomain?: CustomDomainOptions;
/**
* Associate a cognito prefix domain with your user pool
* Either `customDomain` or `cognitoDomain` must be specified.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain-prefix.html
* @default - not set if `customDomain` is specified, otherwise, throws an error.
*/
readonly cognitoDomain?: CognitoDomainOptions;
/**
* A version that indicates the state of managed login.
* This choice applies to all app clients that host services at the domain.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managed-login.html
*
* @default undefined - Cognito default setting is ManagedLoginVersion.CLASSIC_HOSTED_UI
*/
readonly managedLoginVersion?: ManagedLoginVersion;
}
/**
* Props for UserPoolDomain construct
*/
export interface UserPoolDomainProps extends UserPoolDomainOptions {
/**
* The user pool to which this domain should be associated.
*/
readonly userPool: IUserPoolRef;
}
/**
* Define a user pool domain
*/
export declare class UserPoolDomain extends Resource implements IUserPoolDomain {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a UserPoolDomain given its domain name
*/
static fromDomainName(scope: Construct, id: string, userPoolDomainName: string): IUserPoolDomain;
readonly domainName: string;
private isCognitoDomain;
private readonly _userPool;
private cloudFrontCustomResource?;
private readonly resource;
get userPoolDomainRef(): UserPoolDomainReference;
constructor(scope: Construct, id: string, props: UserPoolDomainProps);
/**
* The domain name of the CloudFront distribution associated with the user pool domain.
*/
get cloudFrontEndpoint(): string;
/**
* The domain name of the CloudFront distribution associated with the user pool domain.
*
* This method creates a custom resource internally to get the CloudFront domain name.
*
* @deprecated use `cloudFrontEndpoint` method instead.
*/
get cloudFrontDomainName(): string;
/**
* The URL to the hosted UI associated with this domain
*
* @param options options to customize baseUrl
*/
baseUrl(options?: BaseUrlOptions): string;
/**
* The URL to the sign in page in this domain using a specific UserPoolClient
* @param client [disable-awslint:ref-via-interface] the user pool client that the UI will use to interact with the UserPool
* @param options options to customize signInUrl.
*/
signInUrl(client: UserPoolClient, options: SignInUrlOptions): string;
}
/**
* Options to customize the behaviour of `baseUrl()`
*/
export interface BaseUrlOptions {
/**
* Whether to return the FIPS-compliant endpoint
*
* @default return the standard URL
*/
readonly fips?: boolean;
}
/**
* Options to customize the behaviour of `signInUrl()`
*/
export interface SignInUrlOptions extends BaseUrlOptions {
/**
* Where to redirect to after sign in
*/
readonly redirectUri: string;
/**
* The path in the URI where the sign-in page is located
* @default '/login'
*/
readonly signInPath?: string;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-domain.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

117
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-email.d.ts generated vendored Normal file
View File

@@ -0,0 +1,117 @@
import type { Construct } from 'constructs';
/**
* Configuration for Cognito sending emails via Amazon SES
*/
export interface UserPoolSESOptions {
/**
* The verified Amazon SES email address that Cognito should
* use to send emails.
*
* The email address used must be a verified email address
* in Amazon SES and must be configured to allow Cognito to
* send emails.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-email.html
*/
readonly fromEmail: string;
/**
* An optional name that should be used as the sender's name
* along with the email.
*
* @default - no name
*/
readonly fromName?: string;
/**
* The destination to which the receiver of the email should reply to.
*
* @default - same as the fromEmail
*/
readonly replyTo?: string;
/**
* The name of a configuration set in Amazon SES that should
* be applied to emails sent via Cognito.
*
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-emailconfiguration.html#cfn-cognito-userpool-emailconfiguration-configurationset
*
* @default - no configuration set
*/
readonly configurationSetName?: string;
/**
* Required if the UserPool region is different than the SES region.
*
* If sending emails with a Amazon SES verified email address,
* and the region that SES is configured is different than the
* region in which the UserPool is deployed, you must specify that
* region here.
*
* @default - The same region as the Cognito UserPool
*/
readonly sesRegion?: string;
/**
* SES Verified custom domain to be used to verify the identity
*
* @default - no domain
*/
readonly sesVerifiedDomain?: string;
}
/**
* Result of binding email settings with a user pool
*/
export interface UserPoolEmailConfig {
/**
* The name of the configuration set in SES.
*
* @default - none
*/
readonly configurationSet?: string;
/**
* Specifies whether to use Cognito's built in email functionality
* or SES.
*
* @default - Cognito built in email functionality
*/
readonly emailSendingAccount?: string;
/**
* Identifies either the sender's email address or the sender's
* name with their email address.
*
* If emailSendingAccount is DEVELOPER then this cannot be specified.
*
* @default 'no-reply@verificationemail.com'
*/
readonly from?: string;
/**
* The destination to which the receiver of the email should reply to.
*
* @default - same as `from`
*/
readonly replyToEmailAddress?: string;
/**
* The ARN of a verified email address in Amazon SES.
*
* required if emailSendingAccount is DEVELOPER or if
* 'from' is provided.
*
* @default - none
*/
readonly sourceArn?: string;
}
/**
* Configure how Cognito sends emails
*/
export declare abstract class UserPoolEmail {
/**
* Send email using Cognito
*/
static withCognito(replyTo?: string): UserPoolEmail;
/**
* Send email using SES
*/
static withSES(options: UserPoolSESOptions): UserPoolEmail;
/**
* Returns the email configuration for a Cognito UserPool
* that controls how Cognito will send emails
* @internal
*/
abstract _bind(scope: Construct): UserPoolEmailConfig;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-email.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolEmail=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var punycode_1=()=>{var tmp=require("punycode/");return punycode_1=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class UserPoolEmail{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolEmail",version:"2.252.0"};static withCognito(replyTo){return new CognitoEmail(replyTo)}static withSES(options){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_UserPoolSESOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withSES),error}return new SESEmail(options)}}exports.UserPoolEmail=UserPoolEmail;class CognitoEmail extends UserPoolEmail{replyTo;constructor(replyTo){super(),this.replyTo=replyTo}_bind(_scope){return{replyToEmailAddress:encodeAndTest(this.replyTo),emailSendingAccount:"COGNITO_DEFAULT"}}}class SESEmail extends UserPoolEmail{options;constructor(options){super(),this.options=options}_bind(scope){const region=core_1().Stack.of(scope).region;if(core_1().Token.isUnresolved(region)&&!this.options.sesRegion)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`IsRequiredYourStackRegion`,'Your stack region cannot be determined so "sesRegion" is required in SESOptions',scope);let from=encodeAndTest(this.options.fromEmail);if(this.options.fromName&&(from=`${formatFromName(this.options.fromName)} <${from}>`),this.options.sesVerifiedDomain&&this.options.fromEmail.split("@").pop()!==this.options.sesVerifiedDomain)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`FromemailContainsDifferentDomain`,'"fromEmail" contains a different domain than the "sesVerifiedDomain"',scope);return{from,replyToEmailAddress:encodeAndTest(this.options.replyTo),configurationSet:this.options.configurationSetName,emailSendingAccount:"DEVELOPER",sourceArn:core_1().Stack.of(scope).formatArn({service:"ses",resource:"identity",resourceName:encodeAndTest(this.options.sesVerifiedDomain??this.options.fromEmail),region:this.options.sesRegion??region})}}}function encodeAndTest(input){if(input){const local=input.split("@")[0];if(!/[\p{ASCII}]+/u.test(local))throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`LocalPartEmailAddress`,"the local part of the email address must use ASCII characters only");return(0,punycode_1().toASCII)(input)}else return}function formatFromName(fromName){return isAscii(fromName)?isSimplePhrase(fromName)||isQuotedString(fromName)?fromName:`"${fromName.replace(/[\\"]/g,ch=>`\\${ch}`)}"`:`=?UTF-8?B?${Buffer.from(fromName,"utf-8").toString("base64")}?=`}function isAscii(input){return/^[\u0020-\u007E]+$/u.test(input)}function isSimplePhrase(input){return/^[\w !#$%&'*+-\/=?^_`{|}~]+$/.test(input)}function isQuotedString(input){return/^"(?:[^\\"]|\\.)*"$/.test(input)}

78
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-group.d.ts generated vendored Normal file
View File

@@ -0,0 +1,78 @@
import type { Construct } from 'constructs';
import type { IRoleRef } from '../../aws-iam';
import type { IResource } from '../../core';
import { Resource } from '../../core';
import type { IUserPoolGroupRef, IUserPoolRef, UserPoolGroupReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* Represents a user pool group.
*/
export interface IUserPoolGroup extends IResource, IUserPoolGroupRef {
/**
* The user group name
* @attribute
*/
readonly groupName: string;
}
/**
* Options to create a UserPoolGroup
*/
export interface UserPoolGroupOptions {
/**
* A string containing the description of the group.
*
* @default - no description
*/
readonly description?: string;
/**
* The name of the group. Must be unique.
*
* @default - auto generate a name
*/
readonly groupName?: string;
/**
* A non-negative integer value that specifies the precedence of this group relative to the other groups
* that a user can belong to in the user pool. Zero is the highest precedence value.
*
* Groups with lower Precedence values take precedence over groups with higher or null Precedence values.
* If a user belongs to two or more groups, it is the group with the lowest precedence value
* whose role ARN is given in the user's tokens for the cognito:roles and cognito:preferred_role claims.
*
* Two groups can have the same Precedence value. If this happens, neither group takes precedence over the other.
* If two groups with the same Precedence have the same role ARN, that role is used in the cognito:preferred_role
* claim in tokens for users in each group.
* If the two groups have different role ARNs, the cognito:preferred_role claim isn't set in users' tokens.
*
* @default - null
*/
readonly precedence?: number;
/**
* The role for the group.
*
* @default - no description
*/
readonly role?: IRoleRef;
}
/**
* Props for UserPoolGroup construct
*/
export interface UserPoolGroupProps extends UserPoolGroupOptions {
/**
* The user pool to which this group is associated.
*/
readonly userPool: IUserPoolRef;
}
/**
* Define a user pool group
*/
export declare class UserPoolGroup extends Resource implements IUserPoolGroup {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a UserPoolGroup given its group name
*/
static fromGroupName(scope: Construct, id: string, groupName: string): IUserPoolGroup;
readonly groupName: string;
private readonly _userPool;
get userPoolGroupRef(): UserPoolGroupReference;
constructor(scope: Construct, id: string, props: UserPoolGroupProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-group.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

23
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idp.d.ts generated vendored Normal file
View File

@@ -0,0 +1,23 @@
import type { Construct } from 'constructs';
import type { IResource } from '../../core';
import type { IUserPoolIdentityProviderRef } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* Represents a UserPoolIdentityProvider
*/
export interface IUserPoolIdentityProvider extends IResource, IUserPoolIdentityProviderRef {
/**
* The primary identifier of this identity provider
* @attribute
*/
readonly providerName: string;
}
/**
* User pool third-party identity providers
*/
export declare class UserPoolIdentityProvider {
/**
* Import an existing UserPoolIdentityProvider
*/
static fromProviderName(scope: Construct, id: string, providerName: string): IUserPoolIdentityProvider;
private constructor();
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idp.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProvider=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};class UserPoolIdentityProvider{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProvider",version:"2.252.0"};static fromProviderName(scope,id,providerName){class Import extends core_1().Resource{providerName=providerName;get userPoolIdentityProviderRef(){return{providerName,get userPoolId(){throw new(errors_1()).UnscopedValidationError((0,literal_string_1().lit)`UserPoolIdAvailableImported`,"userPoolId is not available on imported UserPoolIdentityProvider.")}}}}return new Import(scope,id)}constructor(){}}exports.UserPoolIdentityProvider=UserPoolIdentityProvider;

34
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/amazon.d.ts generated vendored Normal file
View File

@@ -0,0 +1,34 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
/**
* Properties to initialize UserPoolAmazonIdentityProvider
*/
export interface UserPoolIdentityProviderAmazonProps extends UserPoolIdentityProviderProps {
/**
* The client id recognized by Login with Amazon APIs.
* @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier
*/
readonly clientId: string;
/**
* The client secret to be accompanied with clientId for Login with Amazon APIs to authenticate the client.
* @see https://developer.amazon.com/docs/login-with-amazon/security-profile.html#client-identifier
*/
readonly clientSecret: string;
/**
* The types of user profile data to obtain for the Amazon profile.
* @see https://developer.amazon.com/docs/login-with-amazon/customer-profile.html
* @default [ profile ]
*/
readonly scopes?: string[];
}
/**
* Represents an identity provider that integrates with Login with Amazon
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderAmazon extends UserPoolIdentityProviderBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderAmazonProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/amazon.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderAmazon=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var user_pool_idp_base_1=()=>{var tmp=require("./private/user-pool-idp-base");return user_pool_idp_base_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cognito_generated_1=()=>{var tmp=require("../cognito.generated");return cognito_generated_1=()=>tmp,tmp};let UserPoolIdentityProviderAmazon=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=user_pool_idp_base_1().UserPoolIdentityProviderBase;var UserPoolIdentityProviderAmazon2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),UserPoolIdentityProviderAmazon2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito.UserPoolIdentityProviderAmazon";providerName;constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAmazonProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderAmazon2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const scopes=props.scopes??["profile"],resource=new(cognito_generated_1()).CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolRef.userPoolId,providerName:"LoginWithAmazon",providerType:"LoginWithAmazon",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref),props.userPool.registerIdentityProvider(this)}static{__runInitializers(_classThis,_classExtraInitializers)}};return UserPoolIdentityProviderAmazon2=_classThis})();exports.UserPoolIdentityProviderAmazon=UserPoolIdentityProviderAmazon;

50
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/apple.d.ts generated vendored Normal file
View File

@@ -0,0 +1,50 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
import type { SecretValue } from '../../../core';
/**
* Properties to initialize UserPoolAppleIdentityProvider
*/
export interface UserPoolIdentityProviderAppleProps extends UserPoolIdentityProviderProps {
/**
* The client id recognized by Apple APIs.
* @see https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230948-clientid
*/
readonly clientId: string;
/**
* The teamId for Apple APIs to authenticate the client.
*/
readonly teamId: string;
/**
* The keyId (of the same key, which content has to be later supplied as `privateKey`) for Apple APIs to authenticate the client.
*/
readonly keyId: string;
/**
* The privateKey content for Apple APIs to authenticate the client.
*
* @deprecated use privateKeyValue
* @default none
*/
readonly privateKey?: string;
/**
* The privateKey content for Apple APIs to authenticate the client.
* @default none
*/
readonly privateKeyValue?: SecretValue;
/**
* The list of apple permissions to obtain for getting access to the apple profile
* @see https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230955-scope
* @default [ name ]
*/
readonly scopes?: string[];
}
/**
* Represents an identity provider that integrates with Apple
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderApple extends UserPoolIdentityProviderBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderAppleProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/apple.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderApple=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var user_pool_idp_base_1=()=>{var tmp=require("./private/user-pool-idp-base");return user_pool_idp_base_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cognito_generated_1=()=>{var tmp=require("../cognito.generated");return cognito_generated_1=()=>tmp,tmp};let UserPoolIdentityProviderApple=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=user_pool_idp_base_1().UserPoolIdentityProviderBase;var UserPoolIdentityProviderApple2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),UserPoolIdentityProviderApple2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderApple",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito.UserPoolIdentityProviderApple";providerName;constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAppleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderApple2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const scopes=props.scopes??["name"];if(!props.privateKey&&!props.privateKeyValue||props.privateKey&&props.privateKeyValue)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`MustBeExactlyPrivatekeyPrivatekeyvalue`,'Exactly one of "privateKey" or "privateKeyValue" must be configured.',this);const resource=new(cognito_generated_1()).CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolRef.userPoolId,providerName:"SignInWithApple",providerType:"SignInWithApple",providerDetails:{client_id:props.clientId,team_id:props.teamId,key_id:props.keyId,private_key:props.privateKeyValue?props.privateKeyValue.unsafeUnwrap():props.privateKey,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref),props.userPool.registerIdentityProvider(this)}static{__runInitializers(_classThis,_classExtraInitializers)}};return UserPoolIdentityProviderApple2=_classThis})();exports.UserPoolIdentityProviderApple=UserPoolIdentityProviderApple;

187
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.d.ts generated vendored Normal file
View File

@@ -0,0 +1,187 @@
import type { IUserPool } from '../user-pool';
/**
* An attribute available from a third party identity provider.
*/
export declare class ProviderAttribute {
/** The email attribute provided by Apple */
static readonly APPLE_EMAIL: ProviderAttribute;
/** The email verified attribute provided by Apple */
static readonly APPLE_EMAIL_VERIFIED: ProviderAttribute;
/** The name attribute provided by Apple */
static readonly APPLE_NAME: ProviderAttribute;
/** The first name attribute provided by Apple */
static readonly APPLE_FIRST_NAME: ProviderAttribute;
/** The last name attribute provided by Apple */
static readonly APPLE_LAST_NAME: ProviderAttribute;
/** The user id attribute provided by Amazon */
static readonly AMAZON_USER_ID: ProviderAttribute;
/** The email attribute provided by Amazon */
static readonly AMAZON_EMAIL: ProviderAttribute;
/** The name attribute provided by Amazon */
static readonly AMAZON_NAME: ProviderAttribute;
/** The postal code attribute provided by Amazon */
static readonly AMAZON_POSTAL_CODE: ProviderAttribute;
/** The user id attribute provided by Facebook */
static readonly FACEBOOK_ID: ProviderAttribute;
/** The birthday attribute provided by Facebook */
static readonly FACEBOOK_BIRTHDAY: ProviderAttribute;
/** The email attribute provided by Facebook */
static readonly FACEBOOK_EMAIL: ProviderAttribute;
/** The name attribute provided by Facebook */
static readonly FACEBOOK_NAME: ProviderAttribute;
/** The first name attribute provided by Facebook */
static readonly FACEBOOK_FIRST_NAME: ProviderAttribute;
/** The last name attribute provided by Facebook */
static readonly FACEBOOK_LAST_NAME: ProviderAttribute;
/** The middle name attribute provided by Facebook */
static readonly FACEBOOK_MIDDLE_NAME: ProviderAttribute;
/** The gender attribute provided by Facebook */
static readonly FACEBOOK_GENDER: ProviderAttribute;
/** The locale attribute provided by Facebook */
static readonly FACEBOOK_LOCALE: ProviderAttribute;
/** The name attribute provided by Google */
static readonly GOOGLE_NAMES: ProviderAttribute;
/** The gender attribute provided by Google */
static readonly GOOGLE_GENDER: ProviderAttribute;
/** The birthday attribute provided by Google */
static readonly GOOGLE_BIRTHDAYS: ProviderAttribute;
/** The phone number attribute provided by Google */
static readonly GOOGLE_PHONE_NUMBERS: ProviderAttribute;
/** The email attribute provided by Google */
static readonly GOOGLE_EMAIL: ProviderAttribute;
/** The email verified attribute provided by Google */
static readonly GOOGLE_EMAIL_VERIFIED: ProviderAttribute;
/** The name attribute provided by Google */
static readonly GOOGLE_NAME: ProviderAttribute;
/** The picture attribute provided by Google */
static readonly GOOGLE_PICTURE: ProviderAttribute;
/** The given name attribute provided by Google */
static readonly GOOGLE_GIVEN_NAME: ProviderAttribute;
/** The family name attribute provided by Google */
static readonly GOOGLE_FAMILY_NAME: ProviderAttribute;
/**
* Use this to specify an attribute from the identity provider that is not pre-defined in the CDK.
* @param attributeName the attribute value string as recognized by the provider
*/
static other(attributeName: string): ProviderAttribute;
/** The attribute value string as recognized by the provider. */
readonly attributeName: string;
private constructor();
}
/**
* The mapping of user pool attributes to the attributes provided by the identity providers.
*/
export interface AttributeMapping {
/**
* The user's postal address is a required attribute.
* @default - not mapped
*/
readonly address?: ProviderAttribute;
/**
* The user's birthday.
* @default - not mapped
*/
readonly birthdate?: ProviderAttribute;
/**
* The user's e-mail address.
* @default - not mapped
*/
readonly email?: ProviderAttribute;
/**
* The user's e-mail address is verification.
* @default - not mapped
*/
readonly emailVerified?: ProviderAttribute;
/**
* The surname or last name of user.
* @default - not mapped
*/
readonly familyName?: ProviderAttribute;
/**
* The user's gender.
* @default - not mapped
*/
readonly gender?: ProviderAttribute;
/**
* The user's first name or give name.
* @default - not mapped
*/
readonly givenName?: ProviderAttribute;
/**
* The user's locale.
* @default - not mapped
*/
readonly locale?: ProviderAttribute;
/**
* The user's middle name.
* @default - not mapped
*/
readonly middleName?: ProviderAttribute;
/**
* The user's full name in displayable form.
* @default - not mapped
*/
readonly fullname?: ProviderAttribute;
/**
* The user's nickname or casual name.
* @default - not mapped
*/
readonly nickname?: ProviderAttribute;
/**
* The user's telephone number.
* @default - not mapped
*/
readonly phoneNumber?: ProviderAttribute;
/**
* The URL to the user's profile picture.
* @default - not mapped
*/
readonly profilePicture?: ProviderAttribute;
/**
* The user's preferred username.
* @default - not mapped
*/
readonly preferredUsername?: ProviderAttribute;
/**
* The URL to the user's profile page.
* @default - not mapped
*/
readonly profilePage?: ProviderAttribute;
/**
* The user's time zone.
* @default - not mapped
*/
readonly timezone?: ProviderAttribute;
/**
* Time, the user's information was last updated.
* @default - not mapped
*/
readonly lastUpdateTime?: ProviderAttribute;
/**
* The URL to the user's web page or blog.
* @default - not mapped
*/
readonly website?: ProviderAttribute;
/**
* Specify custom attribute mapping here and mapping for any standard attributes not supported yet.
* @default - no custom attribute mapping
*/
readonly custom?: {
[key: string]: ProviderAttribute;
};
}
/**
* Properties to create a new instance of UserPoolIdentityProvider
*
*/
export interface UserPoolIdentityProviderProps {
/**
* The user pool to which this construct provides identities.
*/
readonly userPool: IUserPool;
/**
* Mapping attributes from the identity provider to standard and custom attributes of the user pool.
* @default - no attribute mapping
*/
readonly attributeMapping?: AttributeMapping;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.ProviderAttribute=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");class ProviderAttribute{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.ProviderAttribute",version:"2.252.0"};static APPLE_EMAIL=new ProviderAttribute("email");static APPLE_EMAIL_VERIFIED=new ProviderAttribute("email_verified");static APPLE_NAME=new ProviderAttribute("name");static APPLE_FIRST_NAME=new ProviderAttribute("firstName");static APPLE_LAST_NAME=new ProviderAttribute("lastName");static AMAZON_USER_ID=new ProviderAttribute("user_id");static AMAZON_EMAIL=new ProviderAttribute("email");static AMAZON_NAME=new ProviderAttribute("name");static AMAZON_POSTAL_CODE=new ProviderAttribute("postal_code");static FACEBOOK_ID=new ProviderAttribute("id");static FACEBOOK_BIRTHDAY=new ProviderAttribute("birthday");static FACEBOOK_EMAIL=new ProviderAttribute("email");static FACEBOOK_NAME=new ProviderAttribute("name");static FACEBOOK_FIRST_NAME=new ProviderAttribute("first_name");static FACEBOOK_LAST_NAME=new ProviderAttribute("last_name");static FACEBOOK_MIDDLE_NAME=new ProviderAttribute("middle_name");static FACEBOOK_GENDER=new ProviderAttribute("gender");static FACEBOOK_LOCALE=new ProviderAttribute("locale");static GOOGLE_NAMES=new ProviderAttribute("names");static GOOGLE_GENDER=new ProviderAttribute("gender");static GOOGLE_BIRTHDAYS=new ProviderAttribute("birthdays");static GOOGLE_PHONE_NUMBERS=new ProviderAttribute("phoneNumbers");static GOOGLE_EMAIL=new ProviderAttribute("email");static GOOGLE_EMAIL_VERIFIED=new ProviderAttribute("email_verified");static GOOGLE_NAME=new ProviderAttribute("name");static GOOGLE_PICTURE=new ProviderAttribute("picture");static GOOGLE_GIVEN_NAME=new ProviderAttribute("given_name");static GOOGLE_FAMILY_NAME=new ProviderAttribute("family_name");static other(attributeName){return new ProviderAttribute(attributeName)}attributeName;constructor(attributeName){this.attributeName=attributeName}}exports.ProviderAttribute=ProviderAttribute;

38
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/facebook.d.ts generated vendored Normal file
View File

@@ -0,0 +1,38 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
/**
* Properties to initialize UserPoolFacebookIdentityProvider
*/
export interface UserPoolIdentityProviderFacebookProps extends UserPoolIdentityProviderProps {
/**
* The client id recognized by Facebook APIs.
*/
readonly clientId: string;
/**
* The client secret to be accompanied with clientId for Facebook to authenticate the client.
* @see https://developers.facebook.com/docs/facebook-login/security#appsecret
*/
readonly clientSecret: string;
/**
* The list of Facebook permissions to obtain for getting access to the Facebook profile.
* @see https://developers.facebook.com/docs/facebook-login/permissions
* @default [ public_profile ]
*/
readonly scopes?: string[];
/**
* The Facebook API version to use
* @default - to the oldest version supported by Facebook
*/
readonly apiVersion?: string;
}
/**
* Represents an identity provider that integrates with Facebook Login
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderFacebook extends UserPoolIdentityProviderBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderFacebookProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/facebook.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderFacebook=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var user_pool_idp_base_1=()=>{var tmp=require("./private/user-pool-idp-base");return user_pool_idp_base_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cognito_generated_1=()=>{var tmp=require("../cognito.generated");return cognito_generated_1=()=>tmp,tmp};let UserPoolIdentityProviderFacebook=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=user_pool_idp_base_1().UserPoolIdentityProviderBase;var UserPoolIdentityProviderFacebook2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),UserPoolIdentityProviderFacebook2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderFacebook",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito.UserPoolIdentityProviderFacebook";providerName;constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_UserPoolIdentityProviderFacebookProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderFacebook2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const scopes=props.scopes??["public_profile"],resource=new(cognito_generated_1()).CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolRef.userPoolId,providerName:"Facebook",providerType:"Facebook",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(","),api_version:props.apiVersion},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref),props.userPool.registerIdentityProvider(this)}static{__runInitializers(_classThis,_classExtraInitializers)}};return UserPoolIdentityProviderFacebook2=_classThis})();exports.UserPoolIdentityProviderFacebook=UserPoolIdentityProviderFacebook;

43
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.d.ts generated vendored Normal file
View File

@@ -0,0 +1,43 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
import type { SecretValue } from '../../../core';
/**
* Properties to initialize UserPoolGoogleIdentityProvider
*/
export interface UserPoolIdentityProviderGoogleProps extends UserPoolIdentityProviderProps {
/**
* The client id recognized by Google APIs.
* @see https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id
*/
readonly clientId: string;
/**
* The client secret to be accompanied with clientId for Google APIs to authenticate the client.
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default none
* @deprecated use clientSecretValue instead
*/
readonly clientSecret?: string;
/**
* The client secret to be accompanied with clientId for Google APIs to authenticate the client as SecretValue
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default none
*/
readonly clientSecretValue?: SecretValue;
/**
* The list of Google permissions to obtain for getting access to the Google profile
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default [ profile ]
*/
readonly scopes?: string[];
}
/**
* Represents an identity provider that integrates with Google
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderGoogle extends UserPoolIdentityProviderBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderGoogleProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/google.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0},__runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderGoogle=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var user_pool_idp_base_1=()=>{var tmp=require("./private/user-pool-idp-base");return user_pool_idp_base_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../../core/lib/errors");return errors_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},cognito_generated_1=()=>{var tmp=require("../cognito.generated");return cognito_generated_1=()=>tmp,tmp};let UserPoolIdentityProviderGoogle=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=user_pool_idp_base_1().UserPoolIdentityProviderBase;var UserPoolIdentityProviderGoogle2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),UserPoolIdentityProviderGoogle2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-cognito.UserPoolIdentityProviderGoogle";providerName;constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_UserPoolIdentityProviderGoogleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderGoogle2),error}(0,metadata_resource_1().addConstructMetadata)(this,props);const scopes=props.scopes??["profile"];if(!props.clientSecret&&!props.clientSecretValue||props.clientSecret&&props.clientSecretValue)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`ExactlyOneClientSecretClient`,'Exactly one of "clientSecret" or "clientSecretValue" must be configured.',this);const resource=new(cognito_generated_1()).CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolRef.userPoolId,providerName:"Google",providerType:"Google",providerDetails:{client_id:props.clientId,client_secret:props.clientSecretValue?props.clientSecretValue.unsafeUnwrap():props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref),props.userPool.registerIdentityProvider(this)}static{__runInitializers(_classThis,_classExtraInitializers)}};return UserPoolIdentityProviderGoogle2=_classThis})();exports.UserPoolIdentityProviderGoogle=UserPoolIdentityProviderGoogle;

7
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/index.d.ts generated vendored Normal file
View File

@@ -0,0 +1,7 @@
export * from './base';
export * from './apple';
export * from './amazon';
export * from './facebook';
export * from './google';
export * from './oidc';
export * from './saml';

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/index.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__exportStar=exports&&exports.__exportStar||function(m,exports2){for(var p in m)p!=="default"&&!Object.prototype.hasOwnProperty.call(exports2,p)&&__createBinding(exports2,m,p)};Object.defineProperty(exports,"__esModule",{value:!0});var _noFold;exports.ProviderAttribute=void 0,Object.defineProperty(exports,_noFold="ProviderAttribute",{enumerable:!0,configurable:!0,get:()=>{var value=require("./base").ProviderAttribute;return Object.defineProperty(exports,_noFold="ProviderAttribute",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderApple=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderApple",{enumerable:!0,configurable:!0,get:()=>{var value=require("./apple").UserPoolIdentityProviderApple;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderApple",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderAmazon=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderAmazon",{enumerable:!0,configurable:!0,get:()=>{var value=require("./amazon").UserPoolIdentityProviderAmazon;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderAmazon",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderFacebook=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderFacebook",{enumerable:!0,configurable:!0,get:()=>{var value=require("./facebook").UserPoolIdentityProviderFacebook;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderFacebook",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderGoogle=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderGoogle",{enumerable:!0,configurable:!0,get:()=>{var value=require("./google").UserPoolIdentityProviderGoogle;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderGoogle",{enumerable:!0,configurable:!0,value}),value}}),exports.OidcAttributeRequestMethod=void 0,Object.defineProperty(exports,_noFold="OidcAttributeRequestMethod",{enumerable:!0,configurable:!0,get:()=>{var value=require("./oidc").OidcAttributeRequestMethod;return Object.defineProperty(exports,_noFold="OidcAttributeRequestMethod",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderOidc=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderOidc",{enumerable:!0,configurable:!0,get:()=>{var value=require("./oidc").UserPoolIdentityProviderOidc;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderOidc",{enumerable:!0,configurable:!0,value}),value}}),exports.SigningAlgorithm=void 0,Object.defineProperty(exports,_noFold="SigningAlgorithm",{enumerable:!0,configurable:!0,get:()=>{var value=require("./saml").SigningAlgorithm;return Object.defineProperty(exports,_noFold="SigningAlgorithm",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderSamlMetadataType=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSamlMetadataType",{enumerable:!0,configurable:!0,get:()=>{var value=require("./saml").UserPoolIdentityProviderSamlMetadataType;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSamlMetadataType",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderSamlMetadata=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSamlMetadata",{enumerable:!0,configurable:!0,get:()=>{var value=require("./saml").UserPoolIdentityProviderSamlMetadata;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSamlMetadata",{enumerable:!0,configurable:!0,value}),value}}),exports.UserPoolIdentityProviderSaml=void 0,Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSaml",{enumerable:!0,configurable:!0,get:()=>{var value=require("./saml").UserPoolIdentityProviderSaml;return Object.defineProperty(exports,_noFold="UserPoolIdentityProviderSaml",{enumerable:!0,configurable:!0,value}),value}});

94
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/oidc.d.ts generated vendored Normal file
View File

@@ -0,0 +1,94 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
/**
* Properties to initialize UserPoolIdentityProviderOidc
*/
export interface UserPoolIdentityProviderOidcProps extends UserPoolIdentityProviderProps {
/**
* The client id
*/
readonly clientId: string;
/**
* The client secret
*/
readonly clientSecret: string;
/**
* Issuer URL
*/
readonly issuerUrl: string;
/**
* The name of the provider
*
* @default - the unique ID of the construct
*/
readonly name?: string;
/**
* The OAuth 2.0 scopes that you will request from OpenID Connect. Scopes are
* groups of OpenID Connect user attributes to exchange with your app.
*
* @default ['openid']
*/
readonly scopes?: string[];
/**
* Identifiers
*
* Identifiers can be used to redirect users to the correct IdP in multitenant apps.
*
* @default - no identifiers used
*/
readonly identifiers?: string[];
/**
* The method to use to request attributes
*
* @default OidcAttributeRequestMethod.GET
*/
readonly attributeRequestMethod?: OidcAttributeRequestMethod;
/**
* OpenID connect endpoints
*
* @default - auto discovered with issuer URL
*/
readonly endpoints?: OidcEndpoints;
}
/**
* OpenID Connect endpoints
*/
export interface OidcEndpoints {
/**
* Authorization endpoint
*/
readonly authorization: string;
/**
* Token endpoint
*/
readonly token: string;
/**
* UserInfo endpoint
*/
readonly userInfo: string;
/**
* Jwks_uri endpoint
*/
readonly jwksUri: string;
}
/**
* The method to use to request attributes
*/
export declare enum OidcAttributeRequestMethod {
/** GET */
GET = "GET",
/** POST */
POST = "POST"
}
/**
* Represents an identity provider that integrates with OpenID Connect
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderOidc extends UserPoolIdentityProviderBase {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderOidcProps);
private getProviderName;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/oidc.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

17
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/private/user-pool-idp-base.d.ts generated vendored Normal file
View File

@@ -0,0 +1,17 @@
import type { Construct } from 'constructs';
import { Resource } from '../../../../core';
import type { UserPoolIdentityProviderReference } from '../../../../interfaces/generated/aws-cognito-interfaces.generated';
import type { IUserPoolIdentityProvider } from '../../user-pool-idp';
import type { UserPoolIdentityProviderProps } from '../base';
/**
* Options to integrate with the various social identity providers.
*
* @internal
*/
export declare abstract class UserPoolIdentityProviderBase extends Resource implements IUserPoolIdentityProvider {
private readonly props;
abstract readonly providerName: string;
get userPoolIdentityProviderRef(): UserPoolIdentityProviderReference;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderProps);
protected configureAttributeMapping(): any;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/private/user-pool-idp-base.js generated vendored Normal file
View File

@@ -0,0 +1 @@
"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderBase=void 0;var core_1=()=>{var tmp=require("../../../../core");return core_1=()=>tmp,tmp},attr_names_1=()=>{var tmp=require("../../private/attr-names");return attr_names_1=()=>tmp,tmp};class UserPoolIdentityProviderBase extends core_1().Resource{props;get userPoolIdentityProviderRef(){return{userPoolId:this.props.userPool.userPoolRef.userPoolId,providerName:this.providerName}}constructor(scope,id,props){super(scope,id),this.props=props}configureAttributeMapping(){if(!this.props.attributeMapping)return;let mapping={};if(mapping=Object.entries(this.props.attributeMapping).filter(([k,_])=>k!=="custom").reduce((agg,[k,v])=>({...agg,[attr_names_1().StandardAttributeNames[k]]:v.attributeName}),mapping),this.props.attributeMapping.custom&&(mapping=Object.entries(this.props.attributeMapping.custom).reduce((agg,[k,v])=>({...agg,[k]:v.attributeName}),mapping)),Object.keys(mapping).length!==0)return mapping}}exports.UserPoolIdentityProviderBase=UserPoolIdentityProviderBase;

108
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/saml.d.ts generated vendored Normal file
View File

@@ -0,0 +1,108 @@
import type { Construct } from 'constructs';
import type { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
/**
* Properties to initialize UserPoolIdentityProviderSaml.
*/
export interface UserPoolIdentityProviderSamlProps extends UserPoolIdentityProviderProps {
/**
* The name of the provider. Must be between 3 and 32 characters.
*
* @default - the unique ID of the construct
*/
readonly name?: string;
/**
* Identifiers
*
* Identifiers can be used to redirect users to the correct IdP in multitenant apps.
*
* @default - no identifiers used
*/
readonly identifiers?: string[];
/**
* The SAML metadata.
*/
readonly metadata: UserPoolIdentityProviderSamlMetadata;
/**
* Whether to enable the "Sign-out flow" feature.
*
* @default - false
*/
readonly idpSignout?: boolean;
/**
* Whether to require encrypted SAML assertions from IdP.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-encryption
*
* @default false
*/
readonly encryptedResponses?: boolean;
/**
* The signing algorithm for SAML requests.
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-SAML-signing-encryption.html#cognito-user-pools-SAML-signing
*
* @default - don't sign requests
*/
readonly requestSigningAlgorithm?: SigningAlgorithm;
/**
* Whether to enable IdP-initiated SAML auth flows.
*
* @default false
*/
readonly idpInitiated?: boolean;
}
/**
* Signing algorithms for SAML requests.
*/
export declare enum SigningAlgorithm {
/**
* RSA with SHA-256.
*/
RSA_SHA256 = "rsa-sha256"
}
/**
* Metadata types that can be used for a SAML user pool identity provider.
*/
export declare enum UserPoolIdentityProviderSamlMetadataType {
/** Metadata provided via a URL. */
URL = "url",
/** Metadata provided via the contents of a file. */
FILE = "file"
}
/**
* Metadata for a SAML user pool identity provider.
*/
export declare class UserPoolIdentityProviderSamlMetadata {
readonly metadataContent: string;
readonly metadataType: UserPoolIdentityProviderSamlMetadataType;
/**
* Specify SAML metadata via a URL.
*/
static url(url: string): UserPoolIdentityProviderSamlMetadata;
/**
* Specify SAML metadata via the contents of a file.
*/
static file(fileContent: string): UserPoolIdentityProviderSamlMetadata;
/**
* Construct the metadata for a SAML identity provider.
*
* @param metadataContent A URL hosting SAML metadata, or the content of a file containing SAML metadata.
* @param metadataType The type of metadata, either a URL or file content.
*/
private constructor();
}
/**
* Represents an identity provider that integrates with SAML.
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export declare class UserPoolIdentityProviderSaml extends UserPoolIdentityProviderBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderSamlProps);
private getProviderName;
private validateName;
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-idps/saml.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

85
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.d.ts generated vendored Normal file
View File

@@ -0,0 +1,85 @@
import type { Construct } from 'constructs';
import type { IResource } from '../../core';
import { Resource } from '../../core';
import type { IUserPoolRef, IUserPoolResourceServerRef, UserPoolResourceServerReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* Represents a Cognito user pool resource server
*/
export interface IUserPoolResourceServer extends IResource, IUserPoolResourceServerRef {
/**
* Resource server id
* @attribute
*/
readonly userPoolResourceServerId: string;
}
/**
* Props to initialize ResourceServerScope
*/
export interface ResourceServerScopeProps {
/**
* The name of the scope
*/
readonly scopeName: string;
/**
* A description of the scope.
*/
readonly scopeDescription: string;
}
/**
* A scope for ResourceServer
*/
export declare class ResourceServerScope {
/**
* The name of the scope
*/
readonly scopeName: string;
/**
* A description of the scope.
*/
readonly scopeDescription: string;
constructor(props: ResourceServerScopeProps);
}
/**
* Options to create a UserPoolResourceServer
*/
export interface UserPoolResourceServerOptions {
/**
* A unique resource server identifier for the resource server.
*/
readonly identifier: string;
/**
* A friendly name for the resource server.
* @default - same as `identifier`
*/
readonly userPoolResourceServerName?: string;
/**
* Oauth scopes
* @default - No scopes will be added
*/
readonly scopes?: ResourceServerScope[];
}
/**
* Properties for the UserPoolResourceServer construct
*/
export interface UserPoolResourceServerProps extends UserPoolResourceServerOptions {
/**
* The user pool to add this resource server to
*/
readonly userPool: IUserPoolRef;
}
/**
* Defines a User Pool OAuth2.0 Resource Server
*/
export declare class UserPoolResourceServer extends Resource implements IUserPoolResourceServer {
/** Uniquely identifies this class. */
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a user pool resource client given its id.
*/
static fromUserPoolResourceServerId(scope: Construct, id: string, userPoolResourceServerId: string): IUserPoolResourceServer;
readonly userPoolResourceServerId: string;
private readonly _userPool;
private readonly identifier;
get userPoolResourceServerRef(): UserPoolResourceServerReference;
constructor(scope: Construct, id: string, props: UserPoolResourceServerProps);
}

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-resource-server.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long

953
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool.d.ts generated vendored Normal file
View File

@@ -0,0 +1,953 @@
import type { Construct } from 'constructs';
import type { ICustomAttribute, StandardAttributes } from './user-pool-attr';
import type { UserPoolClientOptions } from './user-pool-client';
import { UserPoolClient } from './user-pool-client';
import type { UserPoolDomainOptions } from './user-pool-domain';
import { UserPoolDomain } from './user-pool-domain';
import type { UserPoolEmail } from './user-pool-email';
import type { UserPoolGroupOptions } from './user-pool-group';
import { UserPoolGroup } from './user-pool-group';
import type { IUserPoolIdentityProvider } from './user-pool-idp';
import type { UserPoolResourceServerOptions } from './user-pool-resource-server';
import { UserPoolResourceServer } from './user-pool-resource-server';
import type { IGrantable, IRoleRef } from '../../aws-iam';
import { Grant } from '../../aws-iam';
import type { IKeyRef } from '../../aws-kms';
import type * as lambda from '../../aws-lambda';
import type { IResource, RemovalPolicy } from '../../core';
import { Duration, Resource } from '../../core';
import type { IUserPoolIdentityProviderRef, IUserPoolRef, UserPoolReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* The different ways in which users of this pool can sign up or sign in.
*/
export interface SignInAliases {
/**
* Whether user is allowed to sign up or sign in with a username
* @default true
*/
readonly username?: boolean;
/**
* Whether a user is allowed to sign up or sign in with an email address
* @default false
*/
readonly email?: boolean;
/**
* Whether a user is allowed to sign up or sign in with a phone number
* @default false
*/
readonly phone?: boolean;
/**
* Whether a user is allowed to sign in with a secondary username, that can be set and modified after sign up.
* Can only be used in conjunction with `USERNAME`.
* @default false
*/
readonly preferredUsername?: boolean;
}
/**
* Attributes that can be automatically verified for users in a user pool.
*/
export interface AutoVerifiedAttrs {
/**
* Whether the email address of the user should be auto verified at sign up.
*
* Note: If both `email` and `phone` is set, Cognito only verifies the phone number. To also verify email, see here -
* https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-email-phone-verification.html
*
* @default - true, if email is turned on for `signIn`. false, otherwise.
*/
readonly email?: boolean;
/**
* Whether the phone number of the user should be auto verified at sign up.
* @default - true, if phone is turned on for `signIn`. false, otherwise.
*/
readonly phone?: boolean;
}
/**
* Attributes that will be kept until the user verifies the changed attribute.
*/
export interface KeepOriginalAttrs {
/**
* Whether the email address of the user should remain the original value until the new email address is verified.
*
* @default - false
*/
readonly email?: boolean;
/**
* Whether the phone number of the user should remain the original value until the new phone number is verified.
*
* @default - false
*/
readonly phone?: boolean;
}
/**
* Triggers for a user pool
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
*/
export interface UserPoolTriggers {
/**
* Creates an authentication challenge.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html
* @default - no trigger configured
*/
readonly createAuthChallenge?: lambda.IFunction;
/**
* A custom Message AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
* @default - no trigger configured
*/
readonly customMessage?: lambda.IFunction;
/**
* Defines the authentication challenge.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html
* @default - no trigger configured
*/
readonly defineAuthChallenge?: lambda.IFunction;
/**
* A post-authentication AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html
* @default - no trigger configured
*/
readonly postAuthentication?: lambda.IFunction;
/**
* A post-confirmation AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html
* @default - no trigger configured
*/
readonly postConfirmation?: lambda.IFunction;
/**
* A pre-authentication AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html
* @default - no trigger configured
*/
readonly preAuthentication?: lambda.IFunction;
/**
* A pre-registration AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
* @default - no trigger configured
*/
readonly preSignUp?: lambda.IFunction;
/**
* A pre-token-generation AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
* @default - no trigger configured
*/
readonly preTokenGeneration?: lambda.IFunction;
/**
* A user-migration AWS Lambda trigger.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
* @default - no trigger configured
*/
readonly userMigration?: lambda.IFunction;
/**
* Verifies the authentication challenge response.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html
* @default - no trigger configured
*/
readonly verifyAuthChallengeResponse?: lambda.IFunction;
/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
* @default - no trigger configured
*/
readonly customEmailSender?: lambda.IFunction;
/**
* Amazon Cognito invokes this trigger to send SMS notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
* @default - no trigger configured
*/
readonly customSmsSender?: lambda.IFunction;
/**
* Index signature.
*
* This index signature is not usable in non-TypeScript/JavaScript languages.
*
* @jsii ignore
*/
[trigger: string]: lambda.IFunction | undefined;
}
/**
* User pool operations to which lambda triggers can be attached.
*/
export declare class UserPoolOperation {
/**
* Creates a challenge in a custom auth flow
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-create-auth-challenge.html
*/
static readonly CREATE_AUTH_CHALLENGE: UserPoolOperation;
/**
* Advanced customization and localization of messages
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-message.html
*/
static readonly CUSTOM_MESSAGE: UserPoolOperation;
/**
* Determines the next challenge in a custom auth flow
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-define-auth-challenge.html
*/
static readonly DEFINE_AUTH_CHALLENGE: UserPoolOperation;
/**
* Event logging for custom analytics
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html
*/
static readonly POST_AUTHENTICATION: UserPoolOperation;
/**
* Custom welcome messages or event logging for custom analytics
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html
*/
static readonly POST_CONFIRMATION: UserPoolOperation;
/**
* Custom validation to accept or deny the sign-in request
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html
*/
static readonly PRE_AUTHENTICATION: UserPoolOperation;
/**
* Custom validation to accept or deny the sign-up request
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html
*/
static readonly PRE_SIGN_UP: UserPoolOperation;
/**
* Add or remove attributes in Id tokens
*
* Set this parameter for legacy purposes.
* If you also set an ARN in PreTokenGenerationConfig, its value must be identical to PreTokenGeneration.
* For new instances of pre token generation triggers, set the LambdaArn of PreTokenGenerationConfig.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
*/
static readonly PRE_TOKEN_GENERATION: UserPoolOperation;
/**
* Add or remove attributes in Id tokens and Access tokens
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html
*/
static readonly PRE_TOKEN_GENERATION_CONFIG: UserPoolOperation;
/**
* Migrate a user from an existing user directory to user pools
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html
*/
static readonly USER_MIGRATION: UserPoolOperation;
/**
* Determines if a response is correct in a custom auth flow
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-verify-auth-challenge-response.html
*/
static readonly VERIFY_AUTH_CHALLENGE_RESPONSE: UserPoolOperation;
/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-email-sender.html
*/
static readonly CUSTOM_EMAIL_SENDER: UserPoolOperation;
/**
* Amazon Cognito invokes this trigger to send email notifications to users.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sms-sender.html
*/
static readonly CUSTOM_SMS_SENDER: UserPoolOperation;
/** A custom user pool operation */
static of(name: string): UserPoolOperation;
/** The key to use in `CfnUserPool.LambdaConfigProperty` */
readonly operationName: string;
private constructor();
}
/**
* The email verification style
*/
export declare enum VerificationEmailStyle {
/** Verify email via code */
CODE = "CONFIRM_WITH_CODE",
/** Verify email via link */
LINK = "CONFIRM_WITH_LINK"
}
/**
* The user pool trigger version of the request that Amazon Cognito sends to your Lambda function.
*/
export declare enum LambdaVersion {
/**
* V1_0 trigger
*/
V1_0 = "V1_0",
/**
* V2_0 trigger
*
* This is supported only for PRE_TOKEN_GENERATION trigger.
*/
V2_0 = "V2_0",
/**
* V3_0 trigger
*
* This is supported only for PRE_TOKEN_GENERATION trigger.
*/
V3_0 = "V3_0"
}
/**
* User pool configuration for user self sign up.
*/
export interface UserVerificationConfig {
/**
* The email subject template for the verification email sent to the user upon sign up.
* See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
* learn more about message templates.
* @default 'Verify your new account'
*/
readonly emailSubject?: string;
/**
* The email body template for the verification email sent to the user upon sign up.
* See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
* learn more about message templates.
*
* @default - 'The verification code to your new account is {####}' if VerificationEmailStyle.CODE is chosen,
* 'Verify your account by clicking on {##Verify Email##}' if VerificationEmailStyle.LINK is chosen.
*/
readonly emailBody?: string;
/**
* Emails can be verified either using a code or a link.
* Learn more at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-email-verification-message-customization.html
* @default VerificationEmailStyle.CODE
*/
readonly emailStyle?: VerificationEmailStyle;
/**
* The message template for the verification SMS sent to the user upon sign up.
* See https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html to
* learn more about message templates.
*
* @default - 'The verification code to your new account is {####}' if VerificationEmailStyle.CODE is chosen,
* not configured if VerificationEmailStyle.LINK is chosen
*/
readonly smsMessage?: string;
}
/**
* User pool configuration when administrators sign users up.
*/
export interface UserInvitationConfig {
/**
* The template to the email subject that is sent to the user when an administrator signs them up to the user pool.
* @default 'Your temporary password'
*/
readonly emailSubject?: string;
/**
* The template to the email body that is sent to the user when an administrator signs them up to the user pool.
* @default 'Your username is {username} and temporary password is {####}.'
*/
readonly emailBody?: string;
/**
* The template to the SMS message that is sent to the user when an administrator signs them up to the user pool.
* @default 'Your username is {username} and temporary password is {####}'
*/
readonly smsMessage?: string;
}
/**
* The different ways in which a user pool's MFA enforcement can be configured.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
*/
export declare enum Mfa {
/** Users are not required to use MFA for sign in, and cannot configure one. */
OFF = "OFF",
/** Users are not required to use MFA for sign in, but can configure one if they so choose to. */
OPTIONAL = "OPTIONAL",
/** Users are required to configure an MFA, and have to use it to sign in. */
REQUIRED = "ON"
}
/**
* The different ways in which a user pool can obtain their MFA token for sign in.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa.html
*/
export interface MfaSecondFactor {
/**
* The MFA token is sent to the user via SMS to their verified phone numbers
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html
* @default true
*/
readonly sms: boolean;
/**
* The MFA token is a time-based one time password that is generated by a hardware or software token
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-totp.html
* @default false
*/
readonly otp: boolean;
/**
* The MFA token is sent to the user via EMAIL
*
* To enable email-based MFA, set `email` property to the Amazon SES email-sending configuration
* and set `feturePlan` to `FeaturePlan.ESSENTIALS` or `FeaturePlan.PLUS`
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-mfa-sms-email-message.html
* @default false
*/
readonly email?: boolean;
}
/**
* Password policy for User Pools.
*/
export interface PasswordPolicy {
/**
* The length of time the temporary password generated by an admin is valid.
* This must be provided as whole days, like Duration.days(3) or Duration.hours(48).
* Fractional days, such as Duration.hours(20), will generate an error.
* @default Duration.days(7)
*/
readonly tempPasswordValidity?: Duration;
/**
* Minimum length required for a user's password.
* @default 8
*/
readonly minLength?: number;
/**
* Whether the user is required to have lowercase characters in their password.
* @default true
*/
readonly requireLowercase?: boolean;
/**
* Whether the user is required to have uppercase characters in their password.
* @default true
*/
readonly requireUppercase?: boolean;
/**
* Whether the user is required to have digits in their password.
* @default true
*/
readonly requireDigits?: boolean;
/**
* Whether the user is required to have symbols in their password.
* @default true
*/
readonly requireSymbols?: boolean;
/**
* The number of previous passwords that you want Amazon Cognito to restrict each user from reusing.
*
* `passwordHistorySize` can not be set when `featurePlan` is `FeaturePlan.LITE`.
*
* @default undefined - Cognito default setting is no restriction
*/
readonly passwordHistorySize?: number;
}
/**
* Sign-in policy for User Pools.
*/
export interface SignInPolicy {
/**
* The types of authentication that you want to allow for users' first authentication prompt.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-selection-sdk.html#authentication-flows-selection-choice
*
* @default - Password only
*/
readonly allowedFirstAuthFactors?: AllowedFirstAuthFactors;
}
/**
* The types of authentication that you want to allow for users' first authentication prompt
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/authentication-flows-selection-sdk.html#authentication-flows-selection-choice
*/
export interface AllowedFirstAuthFactors {
/**
* Whether the password authentication is allowed.
* This must be true.
*/
readonly password: boolean;
/**
* Whether the email message one-time password is allowed.
* @default false
*/
readonly emailOtp?: boolean;
/**
* Whether the SMS message one-time password is allowed.
* @default false
*/
readonly smsOtp?: boolean;
/**
* Whether the Passkey (WebAuthn) is allowed.
* @default false
*/
readonly passkey?: boolean;
}
/**
* The user-pool treatment for MFA with a passkey
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow-methods.html#amazon-cognito-user-pools-authentication-flow-methods-passkey
*/
export declare enum PasskeyUserVerification {
/** Passkey MFA is preferred */
PREFERRED = "preferred",
/** Passkey MFA is required */
REQUIRED = "required"
}
/**
* Email settings for the user pool.
*/
export interface EmailSettings {
/**
* The 'from' address on the emails received by the user.
* @default noreply@verificationemail.com
*/
readonly from?: string;
/**
* The 'replyTo' address on the emails received by the user as defined by IETF RFC-5322.
* When set, most email clients recognize to change 'to' line to this address when a reply is drafted.
* @default - Not set.
*/
readonly replyTo?: string;
}
/**
* How will a user be able to recover their account?
*
* When a user forgets their password, they can have a code sent to their verified email or verified phone to recover their account.
* You can choose the preferred way to send codes below.
* We recommend not allowing phone to be used for both password resets and multi-factor authentication (MFA).
*
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/how-to-recover-a-user-account.html
*/
export declare enum AccountRecovery {
/**
* Email if available, otherwise phone, but dont allow a user to reset their password via phone if they are also using it for MFA
*/
EMAIL_AND_PHONE_WITHOUT_MFA = 0,
/**
* Phone if available, otherwise email, but dont allow a user to reset their password via phone if they are also using it for MFA
*/
PHONE_WITHOUT_MFA_AND_EMAIL = 1,
/**
* Email only
*/
EMAIL_ONLY = 2,
/**
* Phone only, but dont allow a user to reset their password via phone if they are also using it for MFA
*/
PHONE_ONLY_WITHOUT_MFA = 3,
/**
* (Not Recommended) Phone if available, otherwise email, and do allow a user to reset their password via phone if they are also using it for MFA.
*/
PHONE_AND_EMAIL = 4,
/**
* None users will have to contact an administrator to reset their passwords
*/
NONE = 5
}
/**
* Device tracking settings
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
*/
export interface DeviceTracking {
/**
* Indicates whether a challenge is required on a new device. Only applicable to a new device.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
* @default false
*/
readonly challengeRequiredOnNewDevice: boolean;
/**
* If true, a device is only remembered on user prompt.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-device-tracking.html
* @default false
*/
readonly deviceOnlyRememberedOnUserPrompt: boolean;
}
/**
* The different ways in which a user pool's Advanced Security Mode can be configured.
* @deprecated Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
*/
export declare enum AdvancedSecurityMode {
/** Enable advanced security mode */
ENFORCED = "ENFORCED",
/** gather metrics on detected risks without taking action. Metrics are published to Amazon CloudWatch */
AUDIT = "AUDIT",
/** Advanced security mode is disabled */
OFF = "OFF"
}
/**
* The user pool feature plan, or tier.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
*/
export declare enum FeaturePlan {
/** Lite feature plan */
LITE = "LITE",
/** Essentials feature plan */
ESSENTIALS = "ESSENTIALS",
/** Plus feature plan */
PLUS = "PLUS"
}
/**
* The Type of Threat Protection Enabled for Standard Authentication
*
* This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
*
* Acceptable values are strings with values 'ENFORCED', 'AUDIT', or 'OFF'
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
*/
export declare enum StandardThreatProtectionMode {
/** Cognito automatically takes preventative actions in response to different levels of risk that you configure for your user pool */
FULL_FUNCTION = "ENFORCED",
/** Cognito gathers metrics on detected risks, but doesn't take automatic action */
AUDIT_ONLY = "AUDIT",
/** Cognito doesn't gather metrics on detected risks or automatically take preventative actions */
NO_ENFORCEMENT = "OFF"
}
/**
* The Type of Threat Protection Enabled for Custom Authentication
*
* This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
*
* Acceptable values are strings with values 'ENFORCED', or 'AUDIT'. For 'OFF' behavior, don't define this value
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
*/
export declare enum CustomThreatProtectionMode {
/** Cognito automatically takes preventative actions in response to different levels of risk that you configure for your user pool */
FULL_FUNCTION = "ENFORCED",
/** Cognito gathers metrics on detected risks, but doesn't take automatic action */
AUDIT_ONLY = "AUDIT"
}
/**
* Props for the UserPool construct
*/
export interface UserPoolProps {
/**
* Name of the user pool.
*
* @default - automatically generated name by CloudFormation at deploy time.
*/
readonly userPoolName?: string;
/**
* Whether self sign-up should be enabled.
* To configure self sign-up configuration use the `userVerification` property.
*
* @default - false
*/
readonly selfSignUpEnabled?: boolean;
/**
* Configuration around users signing themselves up to the user pool.
* Enable or disable self sign-up via the `selfSignUpEnabled` property.
*
* @default - see defaults in UserVerificationConfig.
*/
readonly userVerification?: UserVerificationConfig;
/**
* Configuration around admins signing up users into a user pool.
*
* @default - see defaults in UserInvitationConfig.
*/
readonly userInvitation?: UserInvitationConfig;
/**
* The IAM role that Cognito will assume while sending SMS messages.
*
* @default - a new IAM role is created.
*/
readonly smsRole?: IRoleRef;
/**
* The 'ExternalId' that Cognito service must be using when assuming the `smsRole`, if the role is restricted with an 'sts:ExternalId' conditional.
* Learn more about ExternalId here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
*
* This property will be ignored if `smsRole` is not specified.
*
* @default - No external id will be configured.
*/
readonly smsRoleExternalId?: string;
/**
* The region to integrate with SNS to send SMS messages.
*
* This property will do nothing if SMS configuration is not configured.
*
* @default - The same region as the user pool, with a few exceptions - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-sms-settings.html#user-pool-sms-settings-first-time
*/
readonly snsRegion?: string;
/**
* Setting this would explicitly enable or disable SMS role creation.
* When left unspecified, CDK will determine based on other properties if a role is needed or not.
*
* @default - CDK will determine based on other properties of the user pool if an SMS role should be created or not.
*/
readonly enableSmsRole?: boolean;
/**
* Methods in which a user registers or signs in to a user pool.
* Allows either username with aliases OR sign in with email, phone, or both.
*
* Read the sections on usernames and aliases to learn more -
* https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
*
* To match with 'Option 1' in the above link, with a verified email, this property should be set to
* `{ username: true, email: true }`. To match with 'Option 2' in the above link with both a verified email and phone
* number, this property should be set to `{ email: true, phone: true }`.
*
* @default { username: true }
*/
readonly signInAliases?: SignInAliases;
/**
* Attributes which Cognito will look to verify automatically upon user sign up.
* EMAIL and PHONE are the only available options.
*
* @default - If `signInAlias` includes email and/or phone, they will be included in `autoVerifiedAttributes` by default.
* If absent, no attributes will be auto-verified.
*/
readonly autoVerify?: AutoVerifiedAttrs;
/**
* Attributes which Cognito will look to handle changes to the value of your users' email address and phone number attributes.
* EMAIL and PHONE are the only available options.
*
* @default - Nothing is kept.
*/
readonly keepOriginal?: KeepOriginalAttrs;
/**
* The set of attributes that are required for every user in the user pool.
* Read more on attributes here - https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html
*
* @default - All standard attributes are optional and mutable.
*/
readonly standardAttributes?: StandardAttributes;
/**
* Define a set of custom attributes that can be configured for each user in the user pool.
*
* @default - No custom attributes.
*/
readonly customAttributes?: {
[key: string]: ICustomAttribute;
};
/**
* Configure whether users of this user pool can or are required use MFA to sign in.
*
* @default Mfa.OFF
*/
readonly mfa?: Mfa;
/**
* The SMS message template sent during MFA verification.
* Use '{####}' in the template where Cognito should insert the verification code.
* @default 'Your authentication code is {####}.'
*/
readonly mfaMessage?: string;
/**
* Configure the MFA types that users can use in this user pool. Ignored if `mfa` is set to `OFF`.
*
* @default - { sms: true, otp: false, email: false }, if `mfa` is set to `OPTIONAL` or `REQUIRED`.
* { sms: false, otp: false, email:false }, otherwise
*/
readonly mfaSecondFactor?: MfaSecondFactor;
/**
* Password policy for this user pool.
* @default - see defaults on each property of PasswordPolicy.
*/
readonly passwordPolicy?: PasswordPolicy;
/**
* Sign-in policy for this user pool.
* @default - see defaults on each property of SignInPolicy.
*/
readonly signInPolicy?: SignInPolicy;
/**
* The authentication domain that passkey providers must use as a relying party (RP) in their configuration.
*
* Under the following conditions, the passkey relying party ID must be the fully-qualified domain name of your custom domain:
* - The user pool is configured for passkey authentication.
* - The user pool has a custom domain, whether or not it also has a prefix domain.
* - Your application performs authentication with managed login or the classic hosted UI.
*
* @default - No authentication domain
*/
readonly passkeyRelyingPartyId?: string;
/**
* Your user-pool treatment for MFA with a passkey.
* You can override other MFA options and require passkey MFA, or you can set it as preferred.
* When passkey MFA is preferred, the hosted UI encourages users to register a passkey at sign-in.
*
* @default - Cognito default setting is PasskeyUserVerification.PREFERRED
*/
readonly passkeyUserVerification?: PasskeyUserVerification;
/**
* Email settings for a user pool.
* @default - cognito will use the default email configuration
*/
readonly email?: UserPoolEmail;
/**
* Lambda functions to use for supported Cognito triggers.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
* @default - No Lambda triggers.
*/
readonly lambdaTriggers?: UserPoolTriggers;
/**
* Whether sign-in aliases should be evaluated with case sensitivity.
* For example, when this option is set to false, users will be able to sign in using either `MyUsername` or `myusername`.
* @default true
*/
readonly signInCaseSensitive?: boolean;
/**
* How will a user be able to recover their account?
*
* @default AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL
*/
readonly accountRecovery?: AccountRecovery;
/**
* Policy to apply when the user pool is removed from the stack
*
* @default RemovalPolicy.RETAIN
*/
readonly removalPolicy?: RemovalPolicy;
/**
* Indicates whether the user pool should have deletion protection enabled.
*
* @default false
*/
readonly deletionProtection?: boolean;
/**
* Device tracking settings
* @default - see defaults on each property of DeviceTracking.
*/
readonly deviceTracking?: DeviceTracking;
/**
* This key will be used to encrypt temporary passwords and authorization codes that Amazon Cognito generates.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-custom-sender-triggers.html
* @default - no key ID configured
*/
readonly customSenderKmsKey?: IKeyRef;
/**
* The user pool's Advanced Security Mode
* @deprecated Advanced Security Mode is deprecated due to user pool feature plans. Use StandardThreatProtectionMode and CustomThreatProtectionMode to set Thread Protection level.
* @default - no value
*/
readonly advancedSecurityMode?: AdvancedSecurityMode;
/**
* The user pool feature plan, or tier.
* This parameter determines the eligibility of the user pool for features like managed login, access-token customization, and threat protection.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
* @default - FeaturePlan.ESSENTIALS for a newly created user pool; FeaturePlan.LITE otherwise
*/
readonly featurePlan?: FeaturePlan;
/**
* The Type of Threat Protection Enabled for Standard Authentication
*
* This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
*
* Acceptable values are strings with values 'ENFORCED', 'AUDIT', or 'OFF'
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
*
* @default - StandardThreatProtectionMode.NO_ENFORCEMENT
*/
readonly standardThreatProtectionMode?: StandardThreatProtectionMode;
/**
* The Type of Threat Protection Enabled for Custom Authentication
*
* This feature only functions if your FeaturePlan is set to FeaturePlan.PLUS
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-sign-in-feature-plans.html
*
* Acceptable values are strings with values 'ENFORCED', or 'AUDIT'. For 'OFF' behavior, don't define this value
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-userpooladdons.html
*
* @default - no value
*/
readonly customThreatProtectionMode?: CustomThreatProtectionMode;
}
/**
* Represents a Cognito UserPool
*/
export interface IUserPool extends IResource, IUserPoolRef {
/**
* The physical ID of this user pool resource
* @attribute
*/
readonly userPoolId: string;
/**
* The ARN of this user pool resource
* @attribute
*/
readonly userPoolArn: string;
/**
* The provider name of this user pool resource
*
* @attribute
*/
readonly userPoolProviderName: string;
/**
* Get all identity providers registered with this user pool.
*/
readonly identityProviders: IUserPoolIdentityProvider[];
/**
* Add a new app client to this user pool.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-client-apps.html
*/
addClient(id: string, options?: UserPoolClientOptions): UserPoolClient;
/**
* Associate a domain to this user pool.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-assign-domain.html
*/
addDomain(id: string, options: UserPoolDomainOptions): UserPoolDomain;
/**
* Add a new resource server to this user pool.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-resource-servers.html
*/
addResourceServer(id: string, options: UserPoolResourceServerOptions): UserPoolResourceServer;
/**
* Add a new group to this user pool.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-user-groups.html
*/
addGroup(id: string, options: UserPoolGroupOptions): UserPoolGroup;
/**
* Register an identity provider with this user pool.
*/
registerIdentityProvider(provider: IUserPoolIdentityProviderRef): void;
/**
* Adds an IAM policy statement associated with this user pool to an
* IAM principal's policy.
*/
grant(grantee: IGrantable, ...actions: string[]): Grant;
}
declare abstract class UserPoolBase extends Resource implements IUserPool {
abstract readonly userPoolId: string;
abstract readonly userPoolArn: string;
abstract readonly userPoolProviderName: string;
readonly identityProviders: IUserPoolIdentityProvider[];
get userPoolRef(): UserPoolReference;
addClient(id: string, options?: UserPoolClientOptions): UserPoolClient;
addDomain(id: string, options: UserPoolDomainOptions): UserPoolDomain;
addResourceServer(id: string, options: UserPoolResourceServerOptions): UserPoolResourceServer;
addGroup(id: string, options: UserPoolGroupOptions): UserPoolGroup;
registerIdentityProvider(provider: IUserPoolIdentityProviderRef): void;
/**
* [disable-awslint:no-grants]
*/
grant(grantee: IGrantable, ...actions: string[]): Grant;
}
/**
* Define a Cognito User Pool
*/
export declare class UserPool extends UserPoolBase {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import an existing user pool based on its id.
*/
static fromUserPoolId(scope: Construct, id: string, userPoolId: string): IUserPool;
/**
* Import an existing user pool based on its ARN.
*/
static fromUserPoolArn(scope: Construct, id: string, userPoolArn: string): IUserPool;
/**
* The physical ID of this user pool resource
*/
readonly userPoolId: string;
/**
* The ARN of the user pool
*/
readonly userPoolArn: string;
/**
* User pool provider name
* @attribute
*/
readonly userPoolProviderName: string;
/**
* User pool provider URL
* @attribute
*/
readonly userPoolProviderUrl: string;
private triggers;
private emailConfiguration;
constructor(scope: Construct, id: string, props?: UserPoolProps);
/**
* Add a lambda trigger to a user pool operation
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html
*/
addTrigger(operation: UserPoolOperation, fn: lambda.IFunction, lambdaVersion?: LambdaVersion): void;
private addLambdaPermission;
private mfaMessage;
private verificationMessageConfiguration;
private signInConfiguration;
private smsConfiguration;
private mfaConfiguration;
private configurePasswordPolicy;
private configureSignInPolicy;
private schemaConfiguration;
private accountRecovery;
private configureUserAttributeChanges;
private validateEmailMfa;
}
export {};

1
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool.js generated vendored Normal file
View File

File diff suppressed because one or more lines are too long