UserPoolClient

Validity of the access token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

Default: Duration.minutes(60)

The analytics configuration for this client.

Default: - no analytics configuration

The set of OAuth authentication flows to enable on the client.

Default: - If you don't specify a value, your user client supports ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.

Cognito creates a session token for each API request in an authentication flow. AuthSessionValidity is the duration, in minutes, of that session token. see defaults in `AuthSessionValidity`. Valid duration is from 3 to 15 minutes.

Default: - Duration.minutes(3)

Turns off all OAuth interactions for this client.

Default: false

Enable the propagation of additional user context data. You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret.

Default: false for new user pool clients

Enable token revocation for this client.

Default: true for new user pool clients

Whether to generate a client secret.

Default: false

Validity of the ID token. Values between 5 minutes and 1 day are valid. The duration can not be longer than the refresh token validity.

Default: Duration.minutes(60)

OAuth settings for this client to interact with the app. An error is thrown when this is specified and `disableOAuth` is set.

Default: - see defaults in `OAuthSettings`. meaningless if `disableOAuth` is set.

Whether Cognito returns a UserNotFoundException exception when the user does not exist in the user pool (false), or whether it returns another type of error that doesn't reveal the user's absence.

Default: false

The set of attributes this client will be able to read.

Default: - all standard and custom attributes

Enables refresh token rotation when set. Defines the grace period for the original refresh token (0-60 seconds).

Default: - undefined (refresh token rotation is disabled)

Validity of the refresh token. Values between 60 minutes and 10 years are valid.

Default: Duration.days(30)

The list of identity providers that users should be able to use to sign in using this client.

Default: - supports all identity providers that are registered with the user pool. If the user pool and/or identity providers are imported, either specify this option explicitly or ensure that the identity providers are registered with the user pool using the `UserPool.registerIdentityProvider()` API.

Name of the application client.

Default: - cloudformation generated name

The set of attributes this client will be able to write.

Default: - all standard and custom attributes