ALLOW_ADMIN_USER_PASSWORD_AUTH not getting set in AWS CDK

Question

ALLOW_ADMIN_USER_PASSWORD_AUTH not getting set in AWS CDK

37 views Asked by MountainBiker At 24 March 2024 at 04:04

I am trying to set the Authentication Flows in my Cognito - User Pool - App Client to the flows below in AWS CDK.

ALLOW_ADMIN_USER_PASSWORD_AUTH
ALLOW_CUSTOM_AUTH
ALLOW_REFRESH_TOKEN_AUTH
ALLOW_USER_SRP_AUTH

I can only get it to add these flows.

ALLOW_REFRESH_TOKEN_AUTH
ALLOW_CUSTOM_AUTH
ALLOW_USER_SRP_AUTH

I am missing ALLOW_ADMIN_USER_PASSWORD_AUTH.

My code to create the app client is as follows.

    cognito.CfnUserPoolClientProps(
        user_pool_id=self.user_pool.user_pool_id,
        explicit_auth_flows=["ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH"]
    )

    self.user_pool.add_client('cognito-app-client',
                              user_pool_client_name='cognito-app-client',
                              access_token_validity=Duration.minutes(60),
                              id_token_validity=Duration.minutes(60),
                              refresh_token_validity=Duration.days(1),
                              # auth_flows=cognito.AuthFlow(user_password=True),
                              o_auth=cognito.OAuthSettings(
                                  flows=cognito.OAuthFlows(
                                      implicit_code_grant=True,

                                    )
                              ),
                              prevent_user_existence_errors=True,
                              generate_secret=True,
                              enable_token_revocation=True)

Can anyone point me in the right direction?

Original Q&A

There are 1 answers

**MountainBiker** · Answer 1 · 2024-03-24T20:41:17+00:00

UPDATE - I was clearly overcomplicating this. :-)

https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_cognito/AuthFlow.html

self.user_pool.add_client('poc-cognito-app-client',
                              user_pool_client_name='poc-cognito-app-client',
                              access_token_validity=Duration.minutes(60),
                              id_token_validity=Duration.minutes(60),
                              refresh_token_validity=Duration.days(1),
                              auth_flows=cognito.AuthFlow(admin_user_password=True, user_srp=True, custom=True),
                              o_auth=cognito.OAuthSettings(
                                  flows=cognito.OAuthFlows(
                                      implicit_code_grant=True
                                    )
                              ),
                              # scopes=aws_cdk.aws_cognito.OAuthScope.resource_server(aws_cdk.aws_cognito.OAuthScope.OPENID, aws_cdk.aws_cognito.OAuthScope.resource_server(resource_server, nested-stack_api_read_scope))),
                              prevent_user_existence_errors=True,
                              generate_secret=True,
                              enable_token_revocation=True)

TechQA.

ALLOW_ADMIN_USER_PASSWORD_AUTH not getting set in AWS CDK

There are 1 answers

Related Questions in PYTHON

Related Questions in AMAZON-COGNITO

Related Questions in AWS-CDK

Popular Questions

Popular Tags

Trending Questions