Metadata-Version: 2.1
Name: aws-cdk.aws-cognito
Version: 1.28.0
Summary: The CDK Construct Library for AWS::Cognito
Home-page: https://github.com/aws/aws-cdk
Author: Amazon Web Services
License: Apache-2.0
Project-URL: Source, https://github.com/aws/aws-cdk.git
Description: ## Amazon Cognito Construct Library
        
        <!--BEGIN STABILITY BANNER-->---
        
        
        ![Stability: Experimental](https://img.shields.io/badge/stability-Experimental-important.svg?style=for-the-badge)
        
        > **This is a *developer preview* (public beta) module.**
        >
        > All classes with the `Cfn` prefix in this module ([CFN Resources](https://docs.aws.amazon.com/cdk/latest/guide/constructs.html#constructs_lib))
        > are auto-generated from CloudFormation. They are stable and safe to use.
        >
        > However, all other classes, i.e., higher level constructs, are under active development and subject to non-backward
        > compatible changes or removal in any future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
        > This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
        
        ---
        <!--END STABILITY BANNER-->
        
        [Amazon Cognito](https://docs.aws.amazon.com/cognito/latest/developerguide/what-is-amazon-cognito.html) provides
        authentication, authorization, and user management for your web and mobile apps. Your users can sign in directly with a
        user name and password, or through a third party such as Facebook, Amazon, Google or Apple.
        
        The two main components of Amazon Cognito are [user
        pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools.html) and [identity
        pools](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-identity.html). User pools are user directories
        that provide sign-up and sign-in options for your app users. Identity pools enable you to grant your users access to
        other AWS services.
        
        This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.
        
        ## User Pools
        
        User pools allow creating and managing your own directory of users that can sign up and sign in. They enable easy
        integration with social identity providers such as Facebook, Google, Amazon, Microsoft Active Directory, etc. through
        SAML.
        
        Using the CDK, a new user pool can be created as part of the stack using the construct's constructor. You may specify
        the `userPoolName` to give your own identifier to the user pool. If not, CloudFormation will generate a name.
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        UserPool(self, "myuserpool",
            user_pool_name="myawesomeapp-userpool"
        )
        ```
        
        ### Sign Up
        
        Users can either be signed up by the app's administrators or can sign themselves up. Once a user has signed up, their
        account needs to be confirmed. Cognito provides several ways to sign users up and confirm their accounts. Learn more
        about [user sign up here](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html).
        
        When a user signs up, email and SMS messages are used to verify their account and contact methods. The following code
        snippet configures a user pool with properties relevant to these verification messages -
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        UserPool(self, "myuserpool",
            # ...
            self_sign_up_enabled=True,
            user_verification={
                "email_subject": "Verify your email for our awesome app!",
                "email_body": "Hello {username}, Thanks for signing up to our awesome app! Your verification code is {####}",
                "email_style": VerificationEmailStyle.CODE,
                "sms_message": "Hello {username}, Thanks for signing up to our awesome app! Your verification code is {####}"
            }
        )
        ```
        
        By default, self sign up is disabled. Learn more about [email and SMS verification messages
        here](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html).
        
        Besides users signing themselves up, an administrator of any user pool can sign users up. The user then receives an
        invitation to join the user pool. The following code snippet configures a user pool with properties relevant to the
        invitation messages -
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        UserPool(self, "myuserpool",
            # ...
            user_invitation={
                "email_subject": "Invite to join our awesome app!",
                "email_body": "Hello {username}, you have been invited to join our awesome app! Your temporary password is {####}",
                "sms_message": "Your temporary password for our awesome app is {####}"
            }
        )
        ```
        
        All email subjects, bodies and SMS messages for both invitation and verification support Cognito's message templating.
        Learn more about [message templates
        here](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-templates.html).
        
        ### Sign In
        
        Users registering or signing in into your application can do so with multiple identifiers. There are 4 options
        available:
        
        * `username`: Allow signing in using the one time immutable user name that the user chose at the time of sign up.
        * `email`: Allow signing in using the email address that is associated with the account.
        * `phone`: Allow signing in using the phone number that is associated with the account.
        * `preferredUsername`: Allow signing in with an alternate user name that the user can change at any time. However, this
          is not available if the `username` option is not chosen.
        
        The following code sets up a user pool so that the user can sign in with either their username or their email address -
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        UserPool(self, "myuserpool",
            # ...
            # ...
            sign_in_aliases={
                "username": True,
                "email": True
            }
        )
        ```
        
        User pools can either be configured so that user name is primary sign in form, but also allows for the other three to be
        used additionally; or it can be configured so that email and/or phone numbers are the only ways a user can register and
        sign in. Read more about this
        [here](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases-settings).
        
        To match with 'Option 1' in the above link, with a verified email, `signInAliases` should be set to
        `{ username: true, email: true }`. To match with 'Option 2' in the above link with both a verified
        email and phone number, this property should be set to `{ email: true, phone: true }`.
        
        Cognito recommends that email and phone number be automatically verified, if they are one of the sign in methods for
        the user pool. Read more about that
        [here](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#user-pool-settings-aliases).
        The CDK does this by default, when email and/or phone number are specified as part of `signInAliases`. This can be
        overridden by specifying the `autoVerify` property.
        
        The following code snippet sets up only email as a sign in alias, but both email and phone number to be auto-verified.
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        UserPool(self, "myuserpool",
            # ...
            # ...
            sign_in_aliases={"username": True, "email": True},
            auto_verify={"email": True, "phone": True}
        )
        ```
        
        ### Security
        
        Cognito sends various messages to its users via SMS, for different actions, ranging from account verification to
        marketing. In order to send SMS messages, Cognito needs an IAM role that it can assume, with permissions that allow it
        to send SMS messages. By default, CDK will create this IAM role but can also be explicily specified to an existing IAM
        role using the `smsRole` property.
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        from aws_cdk.aws_iam import Role
        
        pool_sms_role = Role(self, "userpoolsmsrole")
        
        UserPool(self, "myuserpool",
            # ...
            sms_role=pool_sms_role,
            sms_role_external_id="c87467be-4f34-11ea-b77f-2e728ce88125"
        )
        ```
        
        When the `smsRole` property is specified, the `smsRoleExternalId` may also be specified. The value of
        `smsRoleExternalId` will be used as the `sts:ExternalId` when the Cognito service assumes the role. In turn, the role's
        assume role policy should be configured to accept this value as the ExternalId. Learn more about [ExternalId
        here](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).
        
        ### Importing User Pools
        
        Any user pool that has been created outside of this stack, can be imported into the CDK app. Importing a user pool
        allows for it to be used in other parts of the CDK app that reference an `IUserPool`. However, imported user pools have
        limited configurability. As a rule of thumb, none of the properties that is are part of the
        [`AWS::Cognito::UserPool`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html)
        CloudFormation resource can be configured.
        
        User pools can be imported either using their id via the `UserPool.fromUserPoolId()`, or by using their ARN, via the
        `UserPool.fromUserPoolArn()` API.
        
        ```python
        # Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
        stack = Stack(app, "my-stack")
        
        awesome_pool = UserPool.from_user_pool_id(stack, "awesome-user-pool", "us-east-1_oiuR12Abd")
        
        other_awesome_pool = UserPool.from_user_pool_arn(stack, "other-awesome-user-pool", "arn:aws:cognito-idp:eu-west-1:123456789012:userpool/us-east-1_mtRyYQ14D")
        ```
        
Platform: UNKNOWN
Classifier: Intended Audience :: Developers
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: JavaScript
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Typing :: Typed
Classifier: Development Status :: 4 - Beta
Classifier: License :: OSI Approved
Requires-Python: >=3.6
Description-Content-Type: text/markdown
