in Gems/AWSClientAuth/cdkv1/cognito/cognito_user_pool.py [0:0]
def __init__(self, scope: core.Construct, feature_name: str, project_name: str, env: core.Environment,
sms_role: CognitoUserPoolSMSRole) -> None:
"""
:param scope: Construct role scope will be attached to.
:param feature_name: Name of the feature for resource.
:param project_name: Name of the project for resource.
:param env: Environment set up by App.
:param sms_role: SMS IAM role created using
"""
self._user_pool = cognito.CfnUserPool(scope, name_utils.format_aws_resource_id(feature_name, project_name, env,
cognito.CfnUserPool.__name__),
user_pool_name=name_utils.format_aws_resource_name(feature_name,
project_name, env,
cognito.CfnUserPool.__name__),
admin_create_user_config=cognito.CfnUserPool.AdminCreateUserConfigProperty(
allow_admin_create_user_only=False),
account_recovery_setting=cognito.CfnUserPool.AccountRecoverySettingProperty(
recovery_mechanisms=[cognito.CfnUserPool.RecoveryOptionProperty(
name='verified_email', priority=1),
cognito.CfnUserPool.RecoveryOptionProperty(
name='verified_phone_number', priority=2)]),
auto_verified_attributes=['email', 'phone_number'],
enabled_mfas=['SMS_MFA'],
mfa_configuration='OPTIONAL',
sms_configuration=cognito.CfnUserPool.SmsConfigurationProperty(
external_id=name_utils.format_aws_resource_name(feature_name,
project_name, env,
cognito.CfnUserPool.__name__) + '-external',
sns_caller_arn=sms_role.get_role().role_arn))
self._user_pool.node.add_dependency(sms_role.get_role())
self._user_pool_client = cognito.CfnUserPoolClient(scope,
name_utils.format_aws_resource_id(feature_name, project_name,
env,
cognito.CfnUserPoolClient.__name__),
client_name=name_utils.format_aws_resource_name(feature_name,
project_name,
env,
cognito.CfnUserPoolClient.__name__),
user_pool_id=self._user_pool.ref,
explicit_auth_flows=['ALLOW_ADMIN_USER_PASSWORD_AUTH',
'ALLOW_CUSTOM_AUTH',
'ALLOW_USER_PASSWORD_AUTH',
'ALLOW_USER_SRP_AUTH',
'ALLOW_REFRESH_TOKEN_AUTH'],
# access_token_validity=5, # Does not work
# id_token_validity=5, # Does not work
# refresh_token_validity=30, # Does not work
)
self._user_pool_client.add_depends_on(self._user_pool)
core.CfnOutput(
scope,
'CognitoUserPoolId',
description="Cognito User pool id",
value=self._user_pool.ref)
core.CfnOutput(
scope,
'CognitoUserPoolAppClientId',
description="Cognito User pool App client id",
value=self._user_pool_client.ref)