Auth
The Auth
construct is a higher level CDK construct that makes it easy to configure a Cognito User Pool and Cognito Identity Pool. Also, allows setting up Auth0, Facebook, Google, Twitter, Apple, and Amazon as authentication providers.
#
InitializerParameters
#
Examples#
Allowing users to sign in with their email using User Pool#
Allowing users to sign in with their email or phone number#
Allowing Twitter auth and a User Pool#
Adding all the supported social logins#
Allowing users to login using Auth0#
Manually creating a User Pool and User Pool Client#
Attaching permissions for authenticated users#
Attaching permissions for unauthenticated users#
PropertiesAn instance of Auth
contains the following properties.
#
cognitoCfnIdentityPoolType : cdk.aws-cognito.CfnIdentityPool
The internally created CDK CfnIdentityPool
instance.
#
cognitoUserPool?Type : cdk.aws-cognito.UserPool
The internally created CDK UserPool
instance. Not available if only social logins are used.
#
cognitoUserPoolClient?Type : cdk.aws-cognito.UserPoolClient
The internally created CDK UserPoolClient
instance. Not available if only social logins are used.
#
iamAuthRoleType : cdk.aws-iam.Role
The internally created CDK IAM Role
instance for the authenticated users of the Identity Pool.
#
iamUnauthRoleType : cdk.aws-iam.Role
The internally created CDK IAM Role
instance for the unauthenticated users of the Identity Pool.
#
MethodsAn instance of Auth
contains the following methods.
#
attachPermissionsForAuthUsersParameters
- permissions
Permissions
Attaches the given list of permissions to IAM role used for authenticated users. This dictates which resources an authenticated user has access to.
Follows the same format as Function.attachPermissions
.
#
attachPermissionsForUnauthUsersParameters
- permissions
Permissions
Attaches the given list of permissions to IAM role used for unauthenticated users. This dictates which resources an unauthenticated user has access to.
Follows the same format as Function.attachPermissions
.
#
AuthProps#
cognito?Type : AuthCognitoProps
The props that'll be used to configure a Cognito User Pool.
#
apple?Type : AuthAppleProps
The props necessary to configure Apple as an authentication provider for the Identity Pool.
#
auth0?Type : AuthAuth0Props
The props necessary to configure Auth0 as an authentication provider for the Identity Pool.
#
google?Type : AuthGoogleProps
The props necessary to configure Google as an authentication provider for the Identity Pool.
#
facebook?Type : AuthFacebookProps
The props necessary to configure Facebook as an authentication provider for the Identity Pool.
#
twitter?Type : AuthTwitterProps
The props necessary to configure Twitter as an authentication provider for the Identity Pool.
#
amazon?Type : AuthAmazonProps
The props necessary to configure Amazon as an authentication provider for the Identity Pool.
#
cognitoUserPool?Type : cdk.aws-cognito.UserPool
Optionally, pass in an instance of the CDK UserPool
. This will override the internally created one.
#
cognitoUserPoolClient?Type : cdk.aws-cognito.UserPoolClient
Optionally, pass in an instance of the CDK UserPoolClient
. This will override the internally created one.
#
AuthCognitoProps#
signInAliasesType : cdk.aws-cognito.SignInAliases
, defaults to { username: true }
The different aliases a user can use to sign in to our application for our User Pool. For example, you might want a user to be able to sign in with their email or username. Or with their phone number.
caution
You cannot change this prop once the User Pool has been created.
Internally sets the CDK User Pool signInAliases
prop.
There are two ways of setting this up.
User signs up with username and signs in with username or alias
A user signs up with a username. In addition to the username, you can optionally allow users to sign in with one or more of the following aliases:
Note that, the username that Cognito refers to, is an internally used user id. So in practice, you'll ask a user to create a new username, this is called the preferred username by Cognito.
- A verified email address
- A verified phone number
- A preferred username
These aliases can be changed after the user signs up.
To use this option, set the
signInAliases
prop to:User signs up and signs in with email or phone number instead of username
A user signs up with an email address or phone number as their username. You can choose whether to allow sign-up with only email addresses, only phone numbers, or either one.
Note that, the email or phone number that gets set as a username needs to be unique. This is because when Cognito refers to the username, it really refers to an internally used user id.
In addition, if a user signs up with an email address, they can only change it to another email address and not a phone number. The same applies if they sign up with a phone number. It cannot be changed to an email.
To use this option, set the
signInAliases
prop to:
#
AuthAuth0Props#
domainType : string
The Domain for your Auth0 app.
#
clientIdType : string
The Client ID for your Auth0 app.
#
AuthAppleProps#
servicesIdType : string
The Services id of your Apple app.
#
AuthGoogleProps#
clientIdType : string
The client id of your Google app.
#
AuthFacebookProps#
appIdType : string
The id of your Facebook app.
#
AuthTwitterProps#
consumerKeyType : string
The Consumer key for your Twitter app.
#
consumerSecretType : string
The Consumer secret key for your Twitter app.
#
AuthAmazonProps#
appIdType : string
The id of your Amazon app.