daniel/agent-claw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

agent-claw: automated task changes

Browse Source
This commit is contained in:
daniel
2026-05-06 18:55:16 -05:00
parent 38905bb1e9
commit 732b00fb66
8494 changed files with 2018127 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

403
cdk/node_modules/aws-cdk-lib/aws-cognito/lib/user-pool-client.d.ts generated vendored Normal file
View File

@@ -0,0 +1,403 @@
import type { Construct } from 'constructs';
import type { ClientAttributes } from './user-pool-attr';
import type { IUserPoolResourceServer, ResourceServerScope } from './user-pool-resource-server';
import type { IRoleRef } from '../../aws-iam';
import type { CfnApp } from '../../aws-pinpoint';
import type { IResource } from '../../core';
import { Resource, Duration, SecretValue } from '../../core';
import type { IUserPoolClientRef, IUserPoolRef, UserPoolClientReference } from '../../interfaces/generated/aws-cognito-interfaces.generated';
/**
* Types of authentication flow
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
*/
export interface AuthFlow {
/**
* Enable admin based user password authentication flow
* @default false
*/
readonly adminUserPassword?: boolean;
/**
* Enable custom authentication flow
* @default false
*/
readonly custom?: boolean;
/**
* Enable auth using username & password
* @default false
*/
readonly userPassword?: boolean;
/**
* Enable SRP based authentication
* @default false
*/
readonly userSrp?: boolean;
/**
* Enable Choice-based authentication
* @default false
*/
readonly user?: boolean;
}
/**
* OAuth settings to configure the interaction between the app and this client.
*/
export interface OAuthSettings {
/**
* OAuth flows that are allowed with this client.
* @see - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
* @default {authorizationCodeGrant:true,implicitCodeGrant:true}
*/
readonly flows?: OAuthFlows;
/**
* List of allowed redirect URLs for the identity providers.
* @default - ['https://example.com'] if either authorizationCodeGrant or implicitCodeGrant flows are enabled, no callback URLs otherwise.
*/
readonly callbackUrls?: string[];
/**
* List of allowed logout URLs for the identity providers.
* @default - no logout URLs
*/
readonly logoutUrls?: string[];
/**
* OAuth scopes that are allowed with this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
* @default [OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.PROFILE,OAuthScope.COGNITO_ADMIN]
*/
readonly scopes?: OAuthScope[];
/**
* The default redirect URI.
* Must be in the `callbackUrls` list.
*
* A redirect URI must:
* * Be an absolute URI
* * Be registered with the authorization server.
* * Not include a fragment component.
*
* @see https://tools.ietf.org/html/rfc6749#section-3.1.2
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
* App callback URLs such as myapp://example are also supported.
*
* @default - no default redirect URI
*/
readonly defaultRedirectUri?: string;
}
/**
* Types of OAuth grant flows
* @see - the 'Allowed OAuth Flows' section at https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
*/
export interface OAuthFlows {
/**
* Initiate an authorization code grant flow, which provides an authorization code as the response.
* @default false
*/
readonly authorizationCodeGrant?: boolean;
/**
* The client should get the access token and ID token directly.
* @default false
*/
readonly implicitCodeGrant?: boolean;
/**
* Client should get the access token and ID token from the token endpoint
* using a combination of client and client_secret.
* @default false
*/
readonly clientCredentials?: boolean;
}
/**
* OAuth scopes that are allowed with this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
*/
export declare class OAuthScope {
/**
* Grants access to the 'phone_number' and 'phone_number_verified' claims.
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly PHONE: OAuthScope;
/**
* Grants access to the 'email' and 'email_verified' claims.
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly EMAIL: OAuthScope;
/**
* Returns all user attributes in the ID token that are readable by the client
*/
static readonly OPENID: OAuthScope;
/**
* Grants access to all user attributes that are readable by the client
* Automatically includes access to `OAuthScope.OPENID`.
*/
static readonly PROFILE: OAuthScope;
/**
* Grants access to Amazon Cognito User Pool API operations that require access tokens,
* such as UpdateUserAttributes and VerifyUserAttribute.
*/
static readonly COGNITO_ADMIN: OAuthScope;
/**
* Custom scope is one that you define for your own resource server in the Resource Servers.
* The format is 'resource-server-identifier/scope'.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-define-resource-servers.html
*/
static custom(name: string): OAuthScope;
/**
* Adds a custom scope that's tied to a resource server in your stack
*/
static resourceServer(server: IUserPoolResourceServer, scope: ResourceServerScope): OAuthScope;
/**
* The name of this scope as recognized by CloudFormation.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-allowedoauthscopes
*/
readonly scopeName: string;
private constructor();
}
/**
* Identity providers supported by the UserPoolClient
*/
export declare class UserPoolClientIdentityProvider {
/**
* Allow users to sign in using 'Sign In With Apple'.
* A `UserPoolIdentityProviderApple` must be attached to the user pool.
*/
static readonly APPLE: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Facebook Login'.
* A `UserPoolIdentityProviderFacebook` must be attached to the user pool.
*/
static readonly FACEBOOK: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Google Login'.
* A `UserPoolIdentityProviderGoogle` must be attached to the user pool.
*/
static readonly GOOGLE: UserPoolClientIdentityProvider;
/**
* Allow users to sign in using 'Login With Amazon'.
* A `UserPoolIdentityProviderAmazon` must be attached to the user pool.
*/
static readonly AMAZON: UserPoolClientIdentityProvider;
/**
* Allow users to sign in directly as a user of the User Pool
*/
static readonly COGNITO: UserPoolClientIdentityProvider;
/**
* Specify a provider not yet supported by the CDK.
* @param name name of the identity provider as recognized by CloudFormation property `SupportedIdentityProviders`
*/
static custom(name: string): UserPoolClientIdentityProvider;
/** The name of the identity provider as recognized by CloudFormation property `SupportedIdentityProviders` */
readonly name: string;
private constructor();
}
/**
* Options to create a UserPoolClient
*/
export interface UserPoolClientOptions {
/**
* Name of the application client
* @default - cloudformation generated name
*/
readonly userPoolClientName?: string;
/**
* Whether to generate a client secret
* @default false
*/
readonly generateSecret?: boolean;
/**
* The set of OAuth authentication flows to enable on the client
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-authentication-flow.html
* @default - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*/
readonly authFlows?: AuthFlow;
/**
* Turns off all OAuth interactions for this client.
* @default false
*/
readonly disableOAuth?: boolean;
/**
* OAuth settings for this client to interact with the app.
* An error is thrown when this is specified and `disableOAuth` is set.
* @default - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.
*/
readonly oAuth?: OAuthSettings;
/**
* Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token.
* see defaults in `AuthSessionValidity`. Valid duration is from 3 to 15 minutes.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpoolclient.html#cfn-cognito-userpoolclient-authsessionvalidity
* @default - Duration.minutes(3)
*/
readonly authSessionValidity?: Duration;
/**
* Whether Cognito returns a UserNotFoundException exception when the
* user does not exist in the user pool (false), or whether it returns
* another type of error that doesn't reveal the user's absence.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-managing-errors.html
* @default false
*/
readonly preventUserExistenceErrors?: boolean;
/**
* The list of identity providers that users should be able to use to sign in using this client.
*
* @default - supports all identity providers that are registered with the user pool. If the user pool and/or
* identity providers are imported, either specify this option explicitly or ensure that the identity providers are
* registered with the user pool using the `UserPool.registerIdentityProvider()` API.
*/
readonly supportedIdentityProviders?: UserPoolClientIdentityProvider[];
/**
* Validity of the ID token.
* Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-id-token
* @default Duration.minutes(60)
*/
readonly idTokenValidity?: Duration;
/**
* Validity of the refresh token.
* Values between 60 minutes and 10 years are valid.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-refresh-token
* @default Duration.days(30)
*/
readonly refreshTokenValidity?: Duration;
/**
* Validity of the access token.
* Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.
* @see https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html#amazon-cognito-user-pools-using-the-access-token
* @default Duration.minutes(60)
*/
readonly accessTokenValidity?: Duration;
/**
* Enables refresh token rotation when set.
* Defines the grace period for the original refresh token (0-60 seconds).
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-the-refresh-token.html#using-the-refresh-token-rotation
* @default - undefined (refresh token rotation is disabled)
*/
readonly refreshTokenRotationGracePeriod?: Duration;
/**
* The set of attributes this client will be able to read.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
* @default - all standard and custom attributes
*/
readonly readAttributes?: ClientAttributes;
/**
* The set of attributes this client will be able to write.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-attribute-permissions-and-scopes
* @default - all standard and custom attributes
*/
readonly writeAttributes?: ClientAttributes;
/**
* Enable token revocation for this client.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/token-revocation.html#enable-token-revocation
* @default true for new user pool clients
*/
readonly enableTokenRevocation?: boolean;
/**
* Enable the propagation of additional user context data.
* You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.
* @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint
* @default false for new user pool clients
*/
readonly enablePropagateAdditionalUserContextData?: boolean;
/**
* The analytics configuration for this client.
* @default - no analytics configuration
*/
readonly analytics?: AnalyticsConfiguration;
}
/**
* Properties for the UserPoolClient construct
*/
export interface UserPoolClientProps extends UserPoolClientOptions {
/**
* The UserPool resource this client will have access to
*/
readonly userPool: IUserPoolRef;
}
/**
* The settings for Amazon Pinpoint analytics configuration.
* With an analytics configuration, your application can collect user-activity metrics for user notifications with an Amazon Pinpoint campaign.
* Amazon Pinpoint isn't available in all AWS Regions.
* For a list of available Regions, see Amazon Cognito and Amazon Pinpoint Region availability: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-pinpoint-integration.html#cognito-user-pools-find-region-mappings.
*/
export interface AnalyticsConfiguration {
/**
* The Amazon Pinpoint project that you want to connect to your user pool app client.
* Amazon Cognito publishes events to the Amazon Pinpoint project.
* You can also configure your application to pass an endpoint ID in the `AnalyticsMetadata` parameter of sign-in operations.
* The endpoint ID is information about the destination for push notifications.
* @default - no configuration, you need to specify either `application` or all of `applicationId`, `externalId`, and `role`.
*/
readonly application?: CfnApp;
/**
* Your Amazon Pinpoint project ID.
* @default - no configuration, you need to specify either this property along with `externalId` and `role` or `application`.
*/
readonly applicationId?: string;
/**
* The external ID of the role that Amazon Cognito assumes to send analytics data to Amazon Pinpoint. More info here: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
* @default - no configuration, you need to specify either this property along with `applicationId` and `role` or `application`.
*/
readonly externalId?: string;
/**
* The IAM role that has the permissions required for Amazon Cognito to publish events to Amazon Pinpoint analytics.
* @default - no configuration, you need to specify either this property along with `applicationId` and `externalId` or `application`.
*/
readonly role?: IRoleRef;
/**
* If `true`, Amazon Cognito includes user data in the events that it publishes to Amazon Pinpoint analytics.
* @default - false
*/
readonly shareUserData?: boolean;
}
/**
* Represents a Cognito user pool client.
*/
export interface IUserPoolClient extends IResource, IUserPoolClientRef {
/**
* Name of the application client
* @attribute
*/
readonly userPoolClientId: string;
/**
* The generated client secret. Only available if the "generateSecret" props is set to true
* @attribute
*/
readonly userPoolClientSecret: SecretValue;
}
/**
* Define a UserPool App Client
*/
export declare class UserPoolClient extends Resource implements IUserPoolClient {
/**
* Uniquely identifies this class.
*/
static readonly PROPERTY_INJECTION_ID: string;
/**
* Import a user pool client given its id.
*/
static fromUserPoolClientId(scope: Construct, id: string, userPoolClientId: string): IUserPoolClient;
readonly userPoolClientId: string;
private _generateSecret?;
private readonly userPool;
private _userPoolClientSecret?;
/**
* The OAuth flows enabled for this client.
*/
readonly oAuthFlows: OAuthFlows;
private readonly _userPoolClientName?;
get userPoolClientRef(): UserPoolClientReference;
constructor(scope: Construct, id: string, props: UserPoolClientProps);
/**
* The client name that was specified via the `userPoolClientName` property during initialization,
* throws an error otherwise.
*/
get userPoolClientName(): string;
get userPoolClientSecret(): SecretValue;
private configureAuthFlows;
private configureOAuthFlows;
private configureOAuthScopes;
private configurePreventUserExistenceErrors;
private configureIdentityProviders;
private configureAuthSessionValidity;
private configureTokenValidity;
private configureRefreshTokenRotation;
private validateDuration;
private configureAnalytics;
}