aws-cdk-lib 2.51.0 → 2.51.1

package/aws-cognito/lib/user-pool-attr.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c,_d,_e;Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClientAttributes=exports.DateTimeAttribute=exports.BooleanAttribute=exports.NumberAttribute=exports.StringAttribute=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),attr_names_1=require("./private/attr-names");class StringAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_StringAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,StringAttribute),error}if(props.minLen&&!core_1.Token.isUnresolved(props.minLen)&&props.minLen<0)throw new Error(`minLen cannot be less than 0 (value: ${props.minLen}).`);if(props.maxLen&&!core_1.Token.isUnresolved(props.maxLen)&&props.maxLen>2048)throw new Error(`maxLen cannot be greater than 2048 (value: ${props.maxLen}).`);this.minLen=props?.minLen,this.maxLen=props?.maxLen,this.mutable=props?.mutable}bind(){let stringConstraints;return(this.minLen||this.maxLen)&&(stringConstraints={minLen:this.minLen,maxLen:this.maxLen}),{dataType:"String",stringConstraints,mutable:this.mutable}}}exports.StringAttribute=StringAttribute,_a=JSII_RTTI_SYMBOL_1,StringAttribute[_a]={fqn:"aws-cdk-lib.aws_cognito.StringAttribute",version:"2.51.0"};class NumberAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_NumberAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NumberAttribute),error}this.min=props?.min,this.max=props?.max,this.mutable=props?.mutable}bind(){let numberConstraints;return(this.min||this.max)&&(numberConstraints={min:this.min,max:this.max}),{dataType:"Number",numberConstraints,mutable:this.mutable}}}exports.NumberAttribute=NumberAttribute,_b=JSII_RTTI_SYMBOL_1,NumberAttribute[_b]={fqn:"aws-cdk-lib.aws_cognito.NumberAttribute",version:"2.51.0"};class BooleanAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BooleanAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"Boolean",mutable:this.mutable}}}exports.BooleanAttribute=BooleanAttribute,_c=JSII_RTTI_SYMBOL_1,BooleanAttribute[_c]={fqn:"aws-cdk-lib.aws_cognito.BooleanAttribute",version:"2.51.0"};class DateTimeAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DateTimeAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"DateTime",mutable:this.mutable}}}exports.DateTimeAttribute=DateTimeAttribute,_d=JSII_RTTI_SYMBOL_1,DateTimeAttribute[_d]={fqn:"aws-cdk-lib.aws_cognito.DateTimeAttribute",version:"2.51.0"};class ClientAttributes{constructor(){this.attributesSet=new Set}withStandardAttributes(attributes){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_StandardAttributesMask(attributes)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withStandardAttributes),error}let attributesSet=new Set(this.attributesSet);for(const attributeKey in attr_names_1.StandardAttributeNames)if(attributes[attributeKey]===!0){const attributeName=attr_names_1.StandardAttributeNames[attributeKey];attributesSet.add(attributeName)}let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}withCustomAttributes(...attributes){let attributesSet=new Set(this.attributesSet);for(let attribute of attributes)attribute.startsWith("custom:")||(attribute="custom:"+attribute),attributesSet.add(attribute);let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}attributes(){return Array.from(this.attributesSet).sort()}}exports.ClientAttributes=ClientAttributes,_e=JSII_RTTI_SYMBOL_1,ClientAttributes[_e]={fqn:"aws-cdk-lib.aws_cognito.ClientAttributes",version:"2.51.0"};
+"use strict";var _a,_b,_c,_d,_e;Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClientAttributes=exports.DateTimeAttribute=exports.BooleanAttribute=exports.NumberAttribute=exports.StringAttribute=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),attr_names_1=require("./private/attr-names");class StringAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_StringAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,StringAttribute),error}if(props.minLen&&!core_1.Token.isUnresolved(props.minLen)&&props.minLen<0)throw new Error(`minLen cannot be less than 0 (value: ${props.minLen}).`);if(props.maxLen&&!core_1.Token.isUnresolved(props.maxLen)&&props.maxLen>2048)throw new Error(`maxLen cannot be greater than 2048 (value: ${props.maxLen}).`);this.minLen=props?.minLen,this.maxLen=props?.maxLen,this.mutable=props?.mutable}bind(){let stringConstraints;return(this.minLen||this.maxLen)&&(stringConstraints={minLen:this.minLen,maxLen:this.maxLen}),{dataType:"String",stringConstraints,mutable:this.mutable}}}exports.StringAttribute=StringAttribute,_a=JSII_RTTI_SYMBOL_1,StringAttribute[_a]={fqn:"aws-cdk-lib.aws_cognito.StringAttribute",version:"2.51.1"};class NumberAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_NumberAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,NumberAttribute),error}this.min=props?.min,this.max=props?.max,this.mutable=props?.mutable}bind(){let numberConstraints;return(this.min||this.max)&&(numberConstraints={min:this.min,max:this.max}),{dataType:"Number",numberConstraints,mutable:this.mutable}}}exports.NumberAttribute=NumberAttribute,_b=JSII_RTTI_SYMBOL_1,NumberAttribute[_b]={fqn:"aws-cdk-lib.aws_cognito.NumberAttribute",version:"2.51.1"};class BooleanAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,BooleanAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"Boolean",mutable:this.mutable}}}exports.BooleanAttribute=BooleanAttribute,_c=JSII_RTTI_SYMBOL_1,BooleanAttribute[_c]={fqn:"aws-cdk-lib.aws_cognito.BooleanAttribute",version:"2.51.1"};class DateTimeAttribute{constructor(props={}){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_CustomAttributeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DateTimeAttribute),error}this.mutable=props?.mutable}bind(){return{dataType:"DateTime",mutable:this.mutable}}}exports.DateTimeAttribute=DateTimeAttribute,_d=JSII_RTTI_SYMBOL_1,DateTimeAttribute[_d]={fqn:"aws-cdk-lib.aws_cognito.DateTimeAttribute",version:"2.51.1"};class ClientAttributes{constructor(){this.attributesSet=new Set}withStandardAttributes(attributes){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_StandardAttributesMask(attributes)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withStandardAttributes),error}let attributesSet=new Set(this.attributesSet);for(const attributeKey in attr_names_1.StandardAttributeNames)if(attributes[attributeKey]===!0){const attributeName=attr_names_1.StandardAttributeNames[attributeKey];attributesSet.add(attributeName)}let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}withCustomAttributes(...attributes){let attributesSet=new Set(this.attributesSet);for(let attribute of attributes)attribute.startsWith("custom:")||(attribute="custom:"+attribute),attributesSet.add(attribute);let aux=new ClientAttributes;return aux.attributesSet=attributesSet,aux}attributes(){return Array.from(this.attributesSet).sort()}}exports.ClientAttributes=ClientAttributes,_e=JSII_RTTI_SYMBOL_1,ClientAttributes[_e]={fqn:"aws-cdk-lib.aws_cognito.ClientAttributes",version:"2.51.1"};
 //# sourceMappingURL=user-pool-attr.js.map

package/aws-cognito/lib/user-pool-client.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b,_c;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolClient=exports.UserPoolClientIdentityProvider=exports.OAuthScope=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),custom_resources_1=require("../../custom-resources"),cognito_generated_1=require("./cognito.generated");class OAuthScope{constructor(scopeName){this.scopeName=scopeName}static custom(name){return new OAuthScope(name)}static resourceServer(server,scope){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_IUserPoolResourceServer(server),jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_ResourceServerScope(scope)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.resourceServer),error}return new OAuthScope(`${server.userPoolResourceServerId}/${scope.scopeName}`)}}exports.OAuthScope=OAuthScope,_a=JSII_RTTI_SYMBOL_1,OAuthScope[_a]={fqn:"aws-cdk-lib.aws_cognito.OAuthScope",version:"2.51.0"},OAuthScope.PHONE=new OAuthScope("phone"),OAuthScope.EMAIL=new OAuthScope("email"),OAuthScope.OPENID=new OAuthScope("openid"),OAuthScope.PROFILE=new OAuthScope("profile"),OAuthScope.COGNITO_ADMIN=new OAuthScope("aws.cognito.signin.user.admin");class UserPoolClientIdentityProvider{constructor(name){this.name=name}static custom(name){return new UserPoolClientIdentityProvider(name)}}exports.UserPoolClientIdentityProvider=UserPoolClientIdentityProvider,_b=JSII_RTTI_SYMBOL_1,UserPoolClientIdentityProvider[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolClientIdentityProvider",version:"2.51.0"},UserPoolClientIdentityProvider.APPLE=new UserPoolClientIdentityProvider("SignInWithApple"),UserPoolClientIdentityProvider.FACEBOOK=new UserPoolClientIdentityProvider("Facebook"),UserPoolClientIdentityProvider.GOOGLE=new UserPoolClientIdentityProvider("Google"),UserPoolClientIdentityProvider.AMAZON=new UserPoolClientIdentityProvider("LoginWithAmazon"),UserPoolClientIdentityProvider.COGNITO=new UserPoolClientIdentityProvider("COGNITO");class UserPoolClient extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolClientProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolClient),error}if(props.disableOAuth&&props.oAuth)throw new Error("OAuth settings cannot be specified when disableOAuth is set.");this.oAuthFlows=props.oAuth?.flows??{implicitCodeGrant:!0,authorizationCodeGrant:!0};let callbackUrls=props.oAuth?.callbackUrls;if(this.oAuthFlows.authorizationCodeGrant||this.oAuthFlows.implicitCodeGrant){if(callbackUrls===void 0)callbackUrls=["https://example.com"];else if(callbackUrls.length===0)throw new Error("callbackUrl must not be empty when codeGrant or implicitGrant OAuth flows are enabled.")}this._generateSecret=props.generateSecret,this.userPool=props.userPool;const resource=new cognito_generated_1.CfnUserPoolClient(this,"Resource",{clientName:props.userPoolClientName,generateSecret:props.generateSecret,userPoolId:props.userPool.userPoolId,explicitAuthFlows:this.configureAuthFlows(props),allowedOAuthFlows:props.disableOAuth?void 0:this.configureOAuthFlows(),allowedOAuthScopes:props.disableOAuth?void 0:this.configureOAuthScopes(props.oAuth),callbackUrLs:callbackUrls&&callbackUrls.length>0&&!props.disableOAuth?callbackUrls:void 0,logoutUrLs:props.oAuth?.logoutUrls,allowedOAuthFlowsUserPoolClient:!props.disableOAuth,preventUserExistenceErrors:this.configurePreventUserExistenceErrors(props.preventUserExistenceErrors),supportedIdentityProviders:this.configureIdentityProviders(props),readAttributes:props.readAttributes?.attributes(),writeAttributes:props.writeAttributes?.attributes(),enableTokenRevocation:props.enableTokenRevocation});this.configureTokenValidity(resource,props),this.userPoolClientId=resource.ref,this._userPoolClientName=props.userPoolClientName}static fromUserPoolClientId(scope,id,userPoolClientId){class Import extends core_1.Resource{constructor(){super(...arguments),this.userPoolClientId=userPoolClientId}get userPoolClientSecret(){throw new Error("UserPool Client Secret is not available for imported Clients")}}return new Import(scope,id)}get userPoolClientName(){if(this._userPoolClientName===void 0)throw new Error("userPoolClientName is available only if specified on the UserPoolClient during initialization");return this._userPoolClientName}get userPoolClientSecret(){if(!this._generateSecret)throw new Error("userPoolClientSecret is available only if generateSecret is set to true.");return this._userPoolClientSecret||(this._userPoolClientSecret=core_1.SecretValue.resourceAttribute(new custom_resources_1.AwsCustomResource(this,"DescribeCognitoUserPoolClient",{resourceType:"Custom::DescribeCognitoUserPoolClient",onCreate:{region:core_1.Stack.of(this).region,service:"CognitoIdentityServiceProvider",action:"describeUserPoolClient",parameters:{UserPoolId:this.userPool.userPoolId,ClientId:this.userPoolClientId},physicalResourceId:custom_resources_1.PhysicalResourceId.of(this.userPoolClientId)},policy:custom_resources_1.AwsCustomResourcePolicy.fromSdkCalls({resources:[this.userPool.userPoolArn]})}).getResponseField("UserPoolClient.ClientSecret"))),this._userPoolClientSecret}configureAuthFlows(props){if(!props.authFlows||Object.keys(props.authFlows).length===0)return;const authFlows=[];return props.authFlows.userPassword&&authFlows.push("ALLOW_USER_PASSWORD_AUTH"),props.authFlows.adminUserPassword&&authFlows.push("ALLOW_ADMIN_USER_PASSWORD_AUTH"),props.authFlows.custom&&authFlows.push("ALLOW_CUSTOM_AUTH"),props.authFlows.userSrp&&authFlows.push("ALLOW_USER_SRP_AUTH"),authFlows.push("ALLOW_REFRESH_TOKEN_AUTH"),authFlows}configureOAuthFlows(){if((this.oAuthFlows.authorizationCodeGrant||this.oAuthFlows.implicitCodeGrant)&&this.oAuthFlows.clientCredentials)throw new Error("clientCredentials OAuth flow cannot be selected along with codeGrant or implicitGrant.");const oAuthFlows=[];if(this.oAuthFlows.clientCredentials&&oAuthFlows.push("client_credentials"),this.oAuthFlows.implicitCodeGrant&&oAuthFlows.push("implicit"),this.oAuthFlows.authorizationCodeGrant&&oAuthFlows.push("code"),oAuthFlows.length!==0)return oAuthFlows}configureOAuthScopes(oAuth){const scopes=oAuth?.scopes??[OAuthScope.PROFILE,OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.COGNITO_ADMIN],scopeNames=new Set(scopes.map(x=>x.scopeName));return[OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.PROFILE].reduce((agg,s)=>agg||scopeNames.has(s.scopeName),!1)&&scopeNames.add(OAuthScope.OPENID.scopeName),Array.from(scopeNames)}configurePreventUserExistenceErrors(prevent){if(prevent!==void 0)return prevent?"ENABLED":"LEGACY"}configureIdentityProviders(props){let providers;if(props.supportedIdentityProviders)providers=props.supportedIdentityProviders.map(p=>p.name);else{const providerSet=new Set(props.userPool.identityProviders.map(p=>p.providerName));providerSet.add("COGNITO"),providers=Array.from(providerSet)}if(providers.length!==0)return Array.from(providers)}configureTokenValidity(resource,props){this.validateDuration("idTokenValidity",core_1.Duration.minutes(5),core_1.Duration.days(1),props.idTokenValidity),this.validateDuration("accessTokenValidity",core_1.Duration.minutes(5),core_1.Duration.days(1),props.accessTokenValidity),this.validateDuration("refreshTokenValidity",core_1.Duration.minutes(60),core_1.Duration.days(10*365),props.refreshTokenValidity),props.refreshTokenValidity&&(this.validateDuration("idTokenValidity",core_1.Duration.minutes(5),props.refreshTokenValidity,props.idTokenValidity),this.validateDuration("accessTokenValidity",core_1.Duration.minutes(5),props.refreshTokenValidity,props.accessTokenValidity)),(props.accessTokenValidity||props.idTokenValidity||props.refreshTokenValidity)&&(resource.tokenValidityUnits={idToken:props.idTokenValidity?"minutes":void 0,accessToken:props.accessTokenValidity?"minutes":void 0,refreshToken:props.refreshTokenValidity?"minutes":void 0}),resource.idTokenValidity=props.idTokenValidity?props.idTokenValidity.toMinutes():void 0,resource.refreshTokenValidity=props.refreshTokenValidity?props.refreshTokenValidity.toMinutes():void 0,resource.accessTokenValidity=props.accessTokenValidity?props.accessTokenValidity.toMinutes():void 0}validateDuration(name,min,max,value){if(value!==void 0&&(value.toMilliseconds()<min.toMilliseconds()||value.toMilliseconds()>max.toMilliseconds()))throw new Error(`${name}: Must be a duration between ${min.toHumanString()} and ${max.toHumanString()} (inclusive); received ${value.toHumanString()}.`)}}exports.UserPoolClient=UserPoolClient,_c=JSII_RTTI_SYMBOL_1,UserPoolClient[_c]={fqn:"aws-cdk-lib.aws_cognito.UserPoolClient",version:"2.51.0"};
+"use strict";var _a,_b,_c;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolClient=exports.UserPoolClientIdentityProvider=exports.OAuthScope=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),custom_resources_1=require("../../custom-resources"),cognito_generated_1=require("./cognito.generated");class OAuthScope{constructor(scopeName){this.scopeName=scopeName}static custom(name){return new OAuthScope(name)}static resourceServer(server,scope){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_IUserPoolResourceServer(server),jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_ResourceServerScope(scope)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.resourceServer),error}return new OAuthScope(`${server.userPoolResourceServerId}/${scope.scopeName}`)}}exports.OAuthScope=OAuthScope,_a=JSII_RTTI_SYMBOL_1,OAuthScope[_a]={fqn:"aws-cdk-lib.aws_cognito.OAuthScope",version:"2.51.1"},OAuthScope.PHONE=new OAuthScope("phone"),OAuthScope.EMAIL=new OAuthScope("email"),OAuthScope.OPENID=new OAuthScope("openid"),OAuthScope.PROFILE=new OAuthScope("profile"),OAuthScope.COGNITO_ADMIN=new OAuthScope("aws.cognito.signin.user.admin");class UserPoolClientIdentityProvider{constructor(name){this.name=name}static custom(name){return new UserPoolClientIdentityProvider(name)}}exports.UserPoolClientIdentityProvider=UserPoolClientIdentityProvider,_b=JSII_RTTI_SYMBOL_1,UserPoolClientIdentityProvider[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolClientIdentityProvider",version:"2.51.1"},UserPoolClientIdentityProvider.APPLE=new UserPoolClientIdentityProvider("SignInWithApple"),UserPoolClientIdentityProvider.FACEBOOK=new UserPoolClientIdentityProvider("Facebook"),UserPoolClientIdentityProvider.GOOGLE=new UserPoolClientIdentityProvider("Google"),UserPoolClientIdentityProvider.AMAZON=new UserPoolClientIdentityProvider("LoginWithAmazon"),UserPoolClientIdentityProvider.COGNITO=new UserPoolClientIdentityProvider("COGNITO");class UserPoolClient extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolClientProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolClient),error}if(props.disableOAuth&&props.oAuth)throw new Error("OAuth settings cannot be specified when disableOAuth is set.");this.oAuthFlows=props.oAuth?.flows??{implicitCodeGrant:!0,authorizationCodeGrant:!0};let callbackUrls=props.oAuth?.callbackUrls;if(this.oAuthFlows.authorizationCodeGrant||this.oAuthFlows.implicitCodeGrant){if(callbackUrls===void 0)callbackUrls=["https://example.com"];else if(callbackUrls.length===0)throw new Error("callbackUrl must not be empty when codeGrant or implicitGrant OAuth flows are enabled.")}this._generateSecret=props.generateSecret,this.userPool=props.userPool;const resource=new cognito_generated_1.CfnUserPoolClient(this,"Resource",{clientName:props.userPoolClientName,generateSecret:props.generateSecret,userPoolId:props.userPool.userPoolId,explicitAuthFlows:this.configureAuthFlows(props),allowedOAuthFlows:props.disableOAuth?void 0:this.configureOAuthFlows(),allowedOAuthScopes:props.disableOAuth?void 0:this.configureOAuthScopes(props.oAuth),callbackUrLs:callbackUrls&&callbackUrls.length>0&&!props.disableOAuth?callbackUrls:void 0,logoutUrLs:props.oAuth?.logoutUrls,allowedOAuthFlowsUserPoolClient:!props.disableOAuth,preventUserExistenceErrors:this.configurePreventUserExistenceErrors(props.preventUserExistenceErrors),supportedIdentityProviders:this.configureIdentityProviders(props),readAttributes:props.readAttributes?.attributes(),writeAttributes:props.writeAttributes?.attributes(),enableTokenRevocation:props.enableTokenRevocation});this.configureTokenValidity(resource,props),this.userPoolClientId=resource.ref,this._userPoolClientName=props.userPoolClientName}static fromUserPoolClientId(scope,id,userPoolClientId){class Import extends core_1.Resource{constructor(){super(...arguments),this.userPoolClientId=userPoolClientId}get userPoolClientSecret(){throw new Error("UserPool Client Secret is not available for imported Clients")}}return new Import(scope,id)}get userPoolClientName(){if(this._userPoolClientName===void 0)throw new Error("userPoolClientName is available only if specified on the UserPoolClient during initialization");return this._userPoolClientName}get userPoolClientSecret(){if(!this._generateSecret)throw new Error("userPoolClientSecret is available only if generateSecret is set to true.");return this._userPoolClientSecret||(this._userPoolClientSecret=core_1.SecretValue.resourceAttribute(new custom_resources_1.AwsCustomResource(this,"DescribeCognitoUserPoolClient",{resourceType:"Custom::DescribeCognitoUserPoolClient",onCreate:{region:core_1.Stack.of(this).region,service:"CognitoIdentityServiceProvider",action:"describeUserPoolClient",parameters:{UserPoolId:this.userPool.userPoolId,ClientId:this.userPoolClientId},physicalResourceId:custom_resources_1.PhysicalResourceId.of(this.userPoolClientId)},policy:custom_resources_1.AwsCustomResourcePolicy.fromSdkCalls({resources:[this.userPool.userPoolArn]})}).getResponseField("UserPoolClient.ClientSecret"))),this._userPoolClientSecret}configureAuthFlows(props){if(!props.authFlows||Object.keys(props.authFlows).length===0)return;const authFlows=[];return props.authFlows.userPassword&&authFlows.push("ALLOW_USER_PASSWORD_AUTH"),props.authFlows.adminUserPassword&&authFlows.push("ALLOW_ADMIN_USER_PASSWORD_AUTH"),props.authFlows.custom&&authFlows.push("ALLOW_CUSTOM_AUTH"),props.authFlows.userSrp&&authFlows.push("ALLOW_USER_SRP_AUTH"),authFlows.push("ALLOW_REFRESH_TOKEN_AUTH"),authFlows}configureOAuthFlows(){if((this.oAuthFlows.authorizationCodeGrant||this.oAuthFlows.implicitCodeGrant)&&this.oAuthFlows.clientCredentials)throw new Error("clientCredentials OAuth flow cannot be selected along with codeGrant or implicitGrant.");const oAuthFlows=[];if(this.oAuthFlows.clientCredentials&&oAuthFlows.push("client_credentials"),this.oAuthFlows.implicitCodeGrant&&oAuthFlows.push("implicit"),this.oAuthFlows.authorizationCodeGrant&&oAuthFlows.push("code"),oAuthFlows.length!==0)return oAuthFlows}configureOAuthScopes(oAuth){const scopes=oAuth?.scopes??[OAuthScope.PROFILE,OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.OPENID,OAuthScope.COGNITO_ADMIN],scopeNames=new Set(scopes.map(x=>x.scopeName));return[OAuthScope.PHONE,OAuthScope.EMAIL,OAuthScope.PROFILE].reduce((agg,s)=>agg||scopeNames.has(s.scopeName),!1)&&scopeNames.add(OAuthScope.OPENID.scopeName),Array.from(scopeNames)}configurePreventUserExistenceErrors(prevent){if(prevent!==void 0)return prevent?"ENABLED":"LEGACY"}configureIdentityProviders(props){let providers;if(props.supportedIdentityProviders)providers=props.supportedIdentityProviders.map(p=>p.name);else{const providerSet=new Set(props.userPool.identityProviders.map(p=>p.providerName));providerSet.add("COGNITO"),providers=Array.from(providerSet)}if(providers.length!==0)return Array.from(providers)}configureTokenValidity(resource,props){this.validateDuration("idTokenValidity",core_1.Duration.minutes(5),core_1.Duration.days(1),props.idTokenValidity),this.validateDuration("accessTokenValidity",core_1.Duration.minutes(5),core_1.Duration.days(1),props.accessTokenValidity),this.validateDuration("refreshTokenValidity",core_1.Duration.minutes(60),core_1.Duration.days(10*365),props.refreshTokenValidity),props.refreshTokenValidity&&(this.validateDuration("idTokenValidity",core_1.Duration.minutes(5),props.refreshTokenValidity,props.idTokenValidity),this.validateDuration("accessTokenValidity",core_1.Duration.minutes(5),props.refreshTokenValidity,props.accessTokenValidity)),(props.accessTokenValidity||props.idTokenValidity||props.refreshTokenValidity)&&(resource.tokenValidityUnits={idToken:props.idTokenValidity?"minutes":void 0,accessToken:props.accessTokenValidity?"minutes":void 0,refreshToken:props.refreshTokenValidity?"minutes":void 0}),resource.idTokenValidity=props.idTokenValidity?props.idTokenValidity.toMinutes():void 0,resource.refreshTokenValidity=props.refreshTokenValidity?props.refreshTokenValidity.toMinutes():void 0,resource.accessTokenValidity=props.accessTokenValidity?props.accessTokenValidity.toMinutes():void 0}validateDuration(name,min,max,value){if(value!==void 0&&(value.toMilliseconds()<min.toMilliseconds()||value.toMilliseconds()>max.toMilliseconds()))throw new Error(`${name}: Must be a duration between ${min.toHumanString()} and ${max.toHumanString()} (inclusive); received ${value.toHumanString()}.`)}}exports.UserPoolClient=UserPoolClient,_c=JSII_RTTI_SYMBOL_1,UserPoolClient[_c]={fqn:"aws-cdk-lib.aws_cognito.UserPoolClient",version:"2.51.1"};
 //# sourceMappingURL=user-pool-client.js.map

package/aws-cognito/lib/user-pool-domain.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolDomain=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),custom_resources_1=require("../../custom-resources"),cognito_generated_1=require("./cognito.generated");class UserPoolDomain extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolDomainProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolDomain),error}if(!!props.customDomain==!!props.cognitoDomain)throw new Error("One of, and only one of, cognitoDomain or customDomain must be specified");if(props.cognitoDomain?.domainPrefix&&!core_1.Token.isUnresolved(props.cognitoDomain?.domainPrefix)&&!/^[a-z0-9-]+$/.test(props.cognitoDomain.domainPrefix))throw new Error("domainPrefix for cognitoDomain can contain only lowercase alphabets, numbers and hyphens");this.isCognitoDomain=!!props.cognitoDomain;const domainName=props.cognitoDomain?.domainPrefix||props.customDomain?.domainName,resource=new cognito_generated_1.CfnUserPoolDomain(this,"Resource",{userPoolId:props.userPool.userPoolId,domain:domainName,customDomainConfig:props.customDomain?{certificateArn:props.customDomain.certificate.certificateArn}:void 0});this.domainName=resource.ref}static fromDomainName(scope,id,userPoolDomainName){class Import extends core_1.Resource{constructor(){super(...arguments),this.domainName=userPoolDomainName}}return new Import(scope,id)}get cloudFrontDomainName(){if(!this.cloudFrontCustomResource){const sdkCall={service:"CognitoIdentityServiceProvider",action:"describeUserPoolDomain",parameters:{Domain:this.domainName},physicalResourceId:custom_resources_1.PhysicalResourceId.of(this.domainName)};this.cloudFrontCustomResource=new custom_resources_1.AwsCustomResource(this,"CloudFrontDomainName",{resourceType:"Custom::UserPoolCloudFrontDomainName",onCreate:sdkCall,onUpdate:sdkCall,policy:custom_resources_1.AwsCustomResourcePolicy.fromSdkCalls({resources:["*"]})})}return this.cloudFrontCustomResource.getResponseField("DomainDescription.CloudFrontDistribution")}baseUrl(options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_BaseUrlOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.baseUrl),error}if(this.isCognitoDomain){const authDomain="auth"+(options?.fips?"-fips":"");return`https://${this.domainName}.${authDomain}.${core_1.Stack.of(this).region}.amazoncognito.com`}return`https://${this.domainName}`}signInUrl(client,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolClient(client),jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_SignInUrlOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.signInUrl),error}let responseType;if(client.oAuthFlows.authorizationCodeGrant)responseType="code";else if(client.oAuthFlows.implicitCodeGrant)responseType="token";else throw new Error("signInUrl is not supported for clients without authorizationCodeGrant or implicitCodeGrant flow enabled");const path=options.signInPath??"/login";return`${this.baseUrl(options)}${path}?client_id=${client.userPoolClientId}&response_type=${responseType}&redirect_uri=${options.redirectUri}`}}exports.UserPoolDomain=UserPoolDomain,_a=JSII_RTTI_SYMBOL_1,UserPoolDomain[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolDomain",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolDomain=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),custom_resources_1=require("../../custom-resources"),cognito_generated_1=require("./cognito.generated");class UserPoolDomain extends core_1.Resource{constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolDomainProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolDomain),error}if(!!props.customDomain==!!props.cognitoDomain)throw new Error("One of, and only one of, cognitoDomain or customDomain must be specified");if(props.cognitoDomain?.domainPrefix&&!core_1.Token.isUnresolved(props.cognitoDomain?.domainPrefix)&&!/^[a-z0-9-]+$/.test(props.cognitoDomain.domainPrefix))throw new Error("domainPrefix for cognitoDomain can contain only lowercase alphabets, numbers and hyphens");this.isCognitoDomain=!!props.cognitoDomain;const domainName=props.cognitoDomain?.domainPrefix||props.customDomain?.domainName,resource=new cognito_generated_1.CfnUserPoolDomain(this,"Resource",{userPoolId:props.userPool.userPoolId,domain:domainName,customDomainConfig:props.customDomain?{certificateArn:props.customDomain.certificate.certificateArn}:void 0});this.domainName=resource.ref}static fromDomainName(scope,id,userPoolDomainName){class Import extends core_1.Resource{constructor(){super(...arguments),this.domainName=userPoolDomainName}}return new Import(scope,id)}get cloudFrontDomainName(){if(!this.cloudFrontCustomResource){const sdkCall={service:"CognitoIdentityServiceProvider",action:"describeUserPoolDomain",parameters:{Domain:this.domainName},physicalResourceId:custom_resources_1.PhysicalResourceId.of(this.domainName)};this.cloudFrontCustomResource=new custom_resources_1.AwsCustomResource(this,"CloudFrontDomainName",{resourceType:"Custom::UserPoolCloudFrontDomainName",onCreate:sdkCall,onUpdate:sdkCall,policy:custom_resources_1.AwsCustomResourcePolicy.fromSdkCalls({resources:["*"]})})}return this.cloudFrontCustomResource.getResponseField("DomainDescription.CloudFrontDistribution")}baseUrl(options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_BaseUrlOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.baseUrl),error}if(this.isCognitoDomain){const authDomain="auth"+(options?.fips?"-fips":"");return`https://${this.domainName}.${authDomain}.${core_1.Stack.of(this).region}.amazoncognito.com`}return`https://${this.domainName}`}signInUrl(client,options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolClient(client),jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_SignInUrlOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.signInUrl),error}let responseType;if(client.oAuthFlows.authorizationCodeGrant)responseType="code";else if(client.oAuthFlows.implicitCodeGrant)responseType="token";else throw new Error("signInUrl is not supported for clients without authorizationCodeGrant or implicitCodeGrant flow enabled");const path=options.signInPath??"/login";return`${this.baseUrl(options)}${path}?client_id=${client.userPoolClientId}&response_type=${responseType}&redirect_uri=${options.redirectUri}`}}exports.UserPoolDomain=UserPoolDomain,_a=JSII_RTTI_SYMBOL_1,UserPoolDomain[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolDomain",version:"2.51.1"};
 //# sourceMappingURL=user-pool-domain.js.map

package/aws-cognito/lib/user-pool-email.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolEmail=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),punycode_1=require("punycode/");class UserPoolEmail{static withCognito(replyTo){return new CognitoEmail(replyTo)}static withSES(options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolSESOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withSES),error}return new SESEmail(options)}}exports.UserPoolEmail=UserPoolEmail,_a=JSII_RTTI_SYMBOL_1,UserPoolEmail[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolEmail",version:"2.51.0"};class CognitoEmail extends UserPoolEmail{constructor(replyTo){super(),this.replyTo=replyTo}_bind(_scope){return{replyToEmailAddress:encodeAndTest(this.replyTo),emailSendingAccount:"COGNITO_DEFAULT"}}}class SESEmail extends UserPoolEmail{constructor(options){super(),this.options=options}_bind(scope){const region=core_1.Stack.of(scope).region;if(core_1.Token.isUnresolved(region)&&!this.options.sesRegion)throw new Error('Your stack region cannot be determined so "sesRegion" is required in SESOptions');let from=this.options.fromEmail;if(this.options.fromName&&(from=`${this.options.fromName} <${this.options.fromEmail}>`),this.options.sesVerifiedDomain&&this.options.fromEmail.split("@").pop()!==this.options.sesVerifiedDomain)throw new Error('"fromEmail" contains a different domain than the "sesVerifiedDomain"');return{from:encodeAndTest(from),replyToEmailAddress:encodeAndTest(this.options.replyTo),configurationSet:this.options.configurationSetName,emailSendingAccount:"DEVELOPER",sourceArn:core_1.Stack.of(scope).formatArn({service:"ses",resource:"identity",resourceName:encodeAndTest(this.options.sesVerifiedDomain??this.options.fromEmail),region:this.options.sesRegion??region})}}}function encodeAndTest(input){if(input){const local=input.split("@")[0];if(!/[\p{ASCII}]+/u.test(local))throw new Error("the local part of the email address must use ASCII characters only");return punycode_1.toASCII(input)}else return}
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolEmail=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),punycode_1=require("punycode/");class UserPoolEmail{static withCognito(replyTo){return new CognitoEmail(replyTo)}static withSES(options){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolSESOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withSES),error}return new SESEmail(options)}}exports.UserPoolEmail=UserPoolEmail,_a=JSII_RTTI_SYMBOL_1,UserPoolEmail[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolEmail",version:"2.51.1"};class CognitoEmail extends UserPoolEmail{constructor(replyTo){super(),this.replyTo=replyTo}_bind(_scope){return{replyToEmailAddress:encodeAndTest(this.replyTo),emailSendingAccount:"COGNITO_DEFAULT"}}}class SESEmail extends UserPoolEmail{constructor(options){super(),this.options=options}_bind(scope){const region=core_1.Stack.of(scope).region;if(core_1.Token.isUnresolved(region)&&!this.options.sesRegion)throw new Error('Your stack region cannot be determined so "sesRegion" is required in SESOptions');let from=this.options.fromEmail;if(this.options.fromName&&(from=`${this.options.fromName} <${this.options.fromEmail}>`),this.options.sesVerifiedDomain&&this.options.fromEmail.split("@").pop()!==this.options.sesVerifiedDomain)throw new Error('"fromEmail" contains a different domain than the "sesVerifiedDomain"');return{from:encodeAndTest(from),replyToEmailAddress:encodeAndTest(this.options.replyTo),configurationSet:this.options.configurationSetName,emailSendingAccount:"DEVELOPER",sourceArn:core_1.Stack.of(scope).formatArn({service:"ses",resource:"identity",resourceName:encodeAndTest(this.options.sesVerifiedDomain??this.options.fromEmail),region:this.options.sesRegion??region})}}}function encodeAndTest(input){if(input){const local=input.split("@")[0];if(!/[\p{ASCII}]+/u.test(local))throw new Error("the local part of the email address must use ASCII characters only");return punycode_1.toASCII(input)}else return}
 //# sourceMappingURL=user-pool-email.js.map

package/aws-cognito/lib/user-pool-idp.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProvider=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core");class UserPoolIdentityProvider{constructor(){}static fromProviderName(scope,id,providerName){class Import extends core_1.Resource{constructor(){super(...arguments),this.providerName=providerName}}return new Import(scope,id)}}exports.UserPoolIdentityProvider=UserPoolIdentityProvider,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProvider[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProvider",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProvider=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core");class UserPoolIdentityProvider{constructor(){}static fromProviderName(scope,id,providerName){class Import extends core_1.Resource{constructor(){super(...arguments),this.providerName=providerName}}return new Import(scope,id)}}exports.UserPoolIdentityProvider=UserPoolIdentityProvider,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProvider[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProvider",version:"2.51.1"};
 //# sourceMappingURL=user-pool-idp.js.map

package/aws-cognito/lib/user-pool-idps/amazon.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderAmazon=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderAmazon extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAmazonProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderAmazon),error}const scopes=props.scopes??["profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"LoginWithAmazon",providerType:"LoginWithAmazon",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderAmazon=UserPoolIdentityProviderAmazon,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderAmazon[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderAmazon=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderAmazon extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAmazonProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderAmazon),error}const scopes=props.scopes??["profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"LoginWithAmazon",providerType:"LoginWithAmazon",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderAmazon=UserPoolIdentityProviderAmazon,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderAmazon[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderAmazon",version:"2.51.1"};
 //# sourceMappingURL=amazon.js.map

package/aws-cognito/lib/user-pool-idps/apple.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderApple=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderApple extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAppleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderApple),error}const scopes=props.scopes??["name"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"SignInWithApple",providerType:"SignInWithApple",providerDetails:{client_id:props.clientId,team_id:props.teamId,key_id:props.keyId,private_key:props.privateKey,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderApple=UserPoolIdentityProviderApple,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderApple[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderApple",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderApple=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderApple extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderAppleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderApple),error}const scopes=props.scopes??["name"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"SignInWithApple",providerType:"SignInWithApple",providerDetails:{client_id:props.clientId,team_id:props.teamId,key_id:props.keyId,private_key:props.privateKey,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderApple=UserPoolIdentityProviderApple,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderApple[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderApple",version:"2.51.1"};
 //# sourceMappingURL=apple.js.map

package/aws-cognito/lib/user-pool-idps/base.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.ProviderAttribute=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");class ProviderAttribute{constructor(attributeName){this.attributeName=attributeName}static other(attributeName){return new ProviderAttribute(attributeName)}}exports.ProviderAttribute=ProviderAttribute,_a=JSII_RTTI_SYMBOL_1,ProviderAttribute[_a]={fqn:"aws-cdk-lib.aws_cognito.ProviderAttribute",version:"2.51.0"},ProviderAttribute.APPLE_EMAIL=new ProviderAttribute("email"),ProviderAttribute.APPLE_NAME=new ProviderAttribute("name"),ProviderAttribute.APPLE_FIRST_NAME=new ProviderAttribute("firstName"),ProviderAttribute.APPLE_LAST_NAME=new ProviderAttribute("lastName"),ProviderAttribute.AMAZON_USER_ID=new ProviderAttribute("user_id"),ProviderAttribute.AMAZON_EMAIL=new ProviderAttribute("email"),ProviderAttribute.AMAZON_NAME=new ProviderAttribute("name"),ProviderAttribute.AMAZON_POSTAL_CODE=new ProviderAttribute("postal_code"),ProviderAttribute.FACEBOOK_ID=new ProviderAttribute("id"),ProviderAttribute.FACEBOOK_BIRTHDAY=new ProviderAttribute("birthday"),ProviderAttribute.FACEBOOK_EMAIL=new ProviderAttribute("email"),ProviderAttribute.FACEBOOK_NAME=new ProviderAttribute("name"),ProviderAttribute.FACEBOOK_FIRST_NAME=new ProviderAttribute("first_name"),ProviderAttribute.FACEBOOK_LAST_NAME=new ProviderAttribute("last_name"),ProviderAttribute.FACEBOOK_MIDDLE_NAME=new ProviderAttribute("middle_name"),ProviderAttribute.FACEBOOK_GENDER=new ProviderAttribute("gender"),ProviderAttribute.FACEBOOK_LOCALE=new ProviderAttribute("locale"),ProviderAttribute.GOOGLE_NAMES=new ProviderAttribute("names"),ProviderAttribute.GOOGLE_GENDER=new ProviderAttribute("gender"),ProviderAttribute.GOOGLE_BIRTHDAYS=new ProviderAttribute("birthdays"),ProviderAttribute.GOOGLE_PHONE_NUMBERS=new ProviderAttribute("phoneNumbers"),ProviderAttribute.GOOGLE_EMAIL=new ProviderAttribute("email"),ProviderAttribute.GOOGLE_NAME=new ProviderAttribute("name"),ProviderAttribute.GOOGLE_PICTURE=new ProviderAttribute("picture"),ProviderAttribute.GOOGLE_GIVEN_NAME=new ProviderAttribute("given_name"),ProviderAttribute.GOOGLE_FAMILY_NAME=new ProviderAttribute("family_name");
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.ProviderAttribute=void 0;const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");class ProviderAttribute{constructor(attributeName){this.attributeName=attributeName}static other(attributeName){return new ProviderAttribute(attributeName)}}exports.ProviderAttribute=ProviderAttribute,_a=JSII_RTTI_SYMBOL_1,ProviderAttribute[_a]={fqn:"aws-cdk-lib.aws_cognito.ProviderAttribute",version:"2.51.1"},ProviderAttribute.APPLE_EMAIL=new ProviderAttribute("email"),ProviderAttribute.APPLE_NAME=new ProviderAttribute("name"),ProviderAttribute.APPLE_FIRST_NAME=new ProviderAttribute("firstName"),ProviderAttribute.APPLE_LAST_NAME=new ProviderAttribute("lastName"),ProviderAttribute.AMAZON_USER_ID=new ProviderAttribute("user_id"),ProviderAttribute.AMAZON_EMAIL=new ProviderAttribute("email"),ProviderAttribute.AMAZON_NAME=new ProviderAttribute("name"),ProviderAttribute.AMAZON_POSTAL_CODE=new ProviderAttribute("postal_code"),ProviderAttribute.FACEBOOK_ID=new ProviderAttribute("id"),ProviderAttribute.FACEBOOK_BIRTHDAY=new ProviderAttribute("birthday"),ProviderAttribute.FACEBOOK_EMAIL=new ProviderAttribute("email"),ProviderAttribute.FACEBOOK_NAME=new ProviderAttribute("name"),ProviderAttribute.FACEBOOK_FIRST_NAME=new ProviderAttribute("first_name"),ProviderAttribute.FACEBOOK_LAST_NAME=new ProviderAttribute("last_name"),ProviderAttribute.FACEBOOK_MIDDLE_NAME=new ProviderAttribute("middle_name"),ProviderAttribute.FACEBOOK_GENDER=new ProviderAttribute("gender"),ProviderAttribute.FACEBOOK_LOCALE=new ProviderAttribute("locale"),ProviderAttribute.GOOGLE_NAMES=new ProviderAttribute("names"),ProviderAttribute.GOOGLE_GENDER=new ProviderAttribute("gender"),ProviderAttribute.GOOGLE_BIRTHDAYS=new ProviderAttribute("birthdays"),ProviderAttribute.GOOGLE_PHONE_NUMBERS=new ProviderAttribute("phoneNumbers"),ProviderAttribute.GOOGLE_EMAIL=new ProviderAttribute("email"),ProviderAttribute.GOOGLE_NAME=new ProviderAttribute("name"),ProviderAttribute.GOOGLE_PICTURE=new ProviderAttribute("picture"),ProviderAttribute.GOOGLE_GIVEN_NAME=new ProviderAttribute("given_name"),ProviderAttribute.GOOGLE_FAMILY_NAME=new ProviderAttribute("family_name");
 //# sourceMappingURL=base.js.map

package/aws-cognito/lib/user-pool-idps/facebook.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderFacebook=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderFacebook extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderFacebookProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderFacebook),error}const scopes=props.scopes??["public_profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"Facebook",providerType:"Facebook",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(","),api_version:props.apiVersion},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderFacebook=UserPoolIdentityProviderFacebook,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderFacebook[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderFacebook",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderFacebook=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderFacebook extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderFacebookProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderFacebook),error}const scopes=props.scopes??["public_profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"Facebook",providerType:"Facebook",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(","),api_version:props.apiVersion},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderFacebook=UserPoolIdentityProviderFacebook,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderFacebook[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderFacebook",version:"2.51.1"};
 //# sourceMappingURL=facebook.js.map

package/aws-cognito/lib/user-pool-idps/google.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderGoogle=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderGoogle extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderGoogleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderGoogle),error}const scopes=props.scopes??["profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"Google",providerType:"Google",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderGoogle=UserPoolIdentityProviderGoogle,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderGoogle[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderGoogle=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");class UserPoolIdentityProviderGoogle extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderGoogleProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderGoogle),error}const scopes=props.scopes??["profile"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:"Google",providerType:"Google",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" ")},attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}}exports.UserPoolIdentityProviderGoogle=UserPoolIdentityProviderGoogle,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderGoogle[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderGoogle",version:"2.51.1"};
 //# sourceMappingURL=google.js.map

package/aws-cognito/lib/user-pool-idps/oidc.js

@@ -1,2 +1,2 @@
-"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderOidc=exports.OidcAttributeRequestMethod=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../../core"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");var OidcAttributeRequestMethod;(function(OidcAttributeRequestMethod2){OidcAttributeRequestMethod2.GET="GET",OidcAttributeRequestMethod2.POST="POST"})(OidcAttributeRequestMethod=exports.OidcAttributeRequestMethod||(exports.OidcAttributeRequestMethod={}));class UserPoolIdentityProviderOidc extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderOidcProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderOidc),error}if(props.name&&!core_1.Token.isUnresolved(props.name)&&(props.name.length<3||props.name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${props.name} (${props.name.length} characters)`);const scopes=props.scopes??["openid"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:this.getProviderName(props.name),providerType:"OIDC",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" "),attributes_request_method:props.attributeRequestMethod??OidcAttributeRequestMethod.GET,oidc_issuer:props.issuerUrl,authorize_url:props.endpoints?.authorization,token_url:props.endpoints?.token,attributes_url:props.endpoints?.userInfo,jwks_uri:props.endpoints?.jwksUri},idpIdentifiers:props.identifiers,attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}getProviderName(name){if(name){if(!core_1.Token.isUnresolved(name)&&(name.length<3||name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`);return name}const uniqueId=core_1.Names.uniqueId(this);return uniqueId.length<3?`${uniqueId}oidc`:uniqueId.length>32?uniqueId.substring(0,16)+uniqueId.substring(uniqueId.length-16):uniqueId}}exports.UserPoolIdentityProviderOidc=UserPoolIdentityProviderOidc,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderOidc[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderOidc",version:"2.51.0"};
+"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderOidc=exports.OidcAttributeRequestMethod=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../../core"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");var OidcAttributeRequestMethod;(function(OidcAttributeRequestMethod2){OidcAttributeRequestMethod2.GET="GET",OidcAttributeRequestMethod2.POST="POST"})(OidcAttributeRequestMethod=exports.OidcAttributeRequestMethod||(exports.OidcAttributeRequestMethod={}));class UserPoolIdentityProviderOidc extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderOidcProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderOidc),error}if(props.name&&!core_1.Token.isUnresolved(props.name)&&(props.name.length<3||props.name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${props.name} (${props.name.length} characters)`);const scopes=props.scopes??["openid"],resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:this.getProviderName(props.name),providerType:"OIDC",providerDetails:{client_id:props.clientId,client_secret:props.clientSecret,authorize_scopes:scopes.join(" "),attributes_request_method:props.attributeRequestMethod??OidcAttributeRequestMethod.GET,oidc_issuer:props.issuerUrl,authorize_url:props.endpoints?.authorization,token_url:props.endpoints?.token,attributes_url:props.endpoints?.userInfo,jwks_uri:props.endpoints?.jwksUri},idpIdentifiers:props.identifiers,attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}getProviderName(name){if(name){if(!core_1.Token.isUnresolved(name)&&(name.length<3||name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`);return name}const uniqueId=core_1.Names.uniqueId(this);return uniqueId.length<3?`${uniqueId}oidc`:uniqueId.length>32?uniqueId.substring(0,16)+uniqueId.substring(uniqueId.length-16):uniqueId}}exports.UserPoolIdentityProviderOidc=UserPoolIdentityProviderOidc,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderOidc[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderOidc",version:"2.51.1"};
 //# sourceMappingURL=oidc.js.map

package/aws-cognito/lib/user-pool-idps/saml.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderSaml=exports.UserPoolIdentityProviderSamlMetadata=exports.UserPoolIdentityProviderSamlMetadataType=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../../core"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");var UserPoolIdentityProviderSamlMetadataType;(function(UserPoolIdentityProviderSamlMetadataType2){UserPoolIdentityProviderSamlMetadataType2.URL="url",UserPoolIdentityProviderSamlMetadataType2.FILE="file"})(UserPoolIdentityProviderSamlMetadataType=exports.UserPoolIdentityProviderSamlMetadataType||(exports.UserPoolIdentityProviderSamlMetadataType={}));class UserPoolIdentityProviderSamlMetadata{constructor(metadataContent,metadataType){this.metadataContent=metadataContent,this.metadataType=metadataType}static url(url){return new UserPoolIdentityProviderSamlMetadata(url,UserPoolIdentityProviderSamlMetadataType.URL)}static file(fileContent){return new UserPoolIdentityProviderSamlMetadata(fileContent,UserPoolIdentityProviderSamlMetadataType.FILE)}}exports.UserPoolIdentityProviderSamlMetadata=UserPoolIdentityProviderSamlMetadata,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderSamlMetadata[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderSamlMetadata",version:"2.51.0"};class UserPoolIdentityProviderSaml extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderSamlProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderSaml),error}this.validateName(props.name);const{metadataType,metadataContent}=props.metadata,resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:this.getProviderName(props.name),providerType:"SAML",providerDetails:{IDPSignout:props.idpSignout??!1,MetadataURL:metadataType===UserPoolIdentityProviderSamlMetadataType.URL?metadataContent:void 0,MetadataFile:metadataType===UserPoolIdentityProviderSamlMetadataType.FILE?metadataContent:void 0},idpIdentifiers:props.identifiers,attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}getProviderName(name){if(name)return this.validateName(name),name;const uniqueName=core_1.Names.uniqueResourceName(this,{maxLength:32});return uniqueName.length<3?`${uniqueName}saml`:uniqueName}validateName(name){if(name&&!core_1.Token.isUnresolved(name)&&(name.length<3||name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`)}}exports.UserPoolIdentityProviderSaml=UserPoolIdentityProviderSaml,_b=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderSaml[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderSaml",version:"2.51.0"};
+"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolIdentityProviderSaml=exports.UserPoolIdentityProviderSamlMetadata=exports.UserPoolIdentityProviderSamlMetadataType=void 0;const jsiiDeprecationWarnings=require("../../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../../core"),cognito_generated_1=require("../cognito.generated"),user_pool_idp_base_1=require("./private/user-pool-idp-base");var UserPoolIdentityProviderSamlMetadataType;(function(UserPoolIdentityProviderSamlMetadataType2){UserPoolIdentityProviderSamlMetadataType2.URL="url",UserPoolIdentityProviderSamlMetadataType2.FILE="file"})(UserPoolIdentityProviderSamlMetadataType=exports.UserPoolIdentityProviderSamlMetadataType||(exports.UserPoolIdentityProviderSamlMetadataType={}));class UserPoolIdentityProviderSamlMetadata{constructor(metadataContent,metadataType){this.metadataContent=metadataContent,this.metadataType=metadataType}static url(url){return new UserPoolIdentityProviderSamlMetadata(url,UserPoolIdentityProviderSamlMetadataType.URL)}static file(fileContent){return new UserPoolIdentityProviderSamlMetadata(fileContent,UserPoolIdentityProviderSamlMetadataType.FILE)}}exports.UserPoolIdentityProviderSamlMetadata=UserPoolIdentityProviderSamlMetadata,_a=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderSamlMetadata[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderSamlMetadata",version:"2.51.1"};class UserPoolIdentityProviderSaml extends user_pool_idp_base_1.UserPoolIdentityProviderBase{constructor(scope,id,props){super(scope,id,props);try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolIdentityProviderSamlProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolIdentityProviderSaml),error}this.validateName(props.name);const{metadataType,metadataContent}=props.metadata,resource=new cognito_generated_1.CfnUserPoolIdentityProvider(this,"Resource",{userPoolId:props.userPool.userPoolId,providerName:this.getProviderName(props.name),providerType:"SAML",providerDetails:{IDPSignout:props.idpSignout??!1,MetadataURL:metadataType===UserPoolIdentityProviderSamlMetadataType.URL?metadataContent:void 0,MetadataFile:metadataType===UserPoolIdentityProviderSamlMetadataType.FILE?metadataContent:void 0},idpIdentifiers:props.identifiers,attributeMapping:super.configureAttributeMapping()});this.providerName=super.getResourceNameAttribute(resource.ref)}getProviderName(name){if(name)return this.validateName(name),name;const uniqueName=core_1.Names.uniqueResourceName(this,{maxLength:32});return uniqueName.length<3?`${uniqueName}saml`:uniqueName}validateName(name){if(name&&!core_1.Token.isUnresolved(name)&&(name.length<3||name.length>32))throw new Error(`Expected provider name to be between 3 and 32 characters, received ${name} (${name.length} characters)`)}}exports.UserPoolIdentityProviderSaml=UserPoolIdentityProviderSaml,_b=JSII_RTTI_SYMBOL_1,UserPoolIdentityProviderSaml[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolIdentityProviderSaml",version:"2.51.1"};
 //# sourceMappingURL=saml.js.map

package/aws-cognito/lib/user-pool-resource-server.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolResourceServer=exports.ResourceServerScope=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),cognito_generated_1=require("./cognito.generated");class ResourceServerScope{constructor(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_ResourceServerScopeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ResourceServerScope),error}this.scopeName=props.scopeName,this.scopeDescription=props.scopeDescription}}exports.ResourceServerScope=ResourceServerScope,_a=JSII_RTTI_SYMBOL_1,ResourceServerScope[_a]={fqn:"aws-cdk-lib.aws_cognito.ResourceServerScope",version:"2.51.0"};class UserPoolResourceServer extends core_1.Resource{constructor(scope,id,props){super(scope,id,{physicalName:props.identifier});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolResourceServerProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolResourceServer),error}const resource=new cognito_generated_1.CfnUserPoolResourceServer(this,"Resource",{identifier:this.physicalName,name:props.userPoolResourceServerName??this.physicalName,scopes:props.scopes,userPoolId:props.userPool.userPoolId});this.userPoolResourceServerId=resource.ref}static fromUserPoolResourceServerId(scope,id,userPoolResourceServerId){class Import extends core_1.Resource{constructor(){super(...arguments),this.userPoolResourceServerId=userPoolResourceServerId}}return new Import(scope,id)}}exports.UserPoolResourceServer=UserPoolResourceServer,_b=JSII_RTTI_SYMBOL_1,UserPoolResourceServer[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolResourceServer",version:"2.51.0"};
+"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPoolResourceServer=exports.ResourceServerScope=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),core_1=require("../../core"),cognito_generated_1=require("./cognito.generated");class ResourceServerScope{constructor(props){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_ResourceServerScopeProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ResourceServerScope),error}this.scopeName=props.scopeName,this.scopeDescription=props.scopeDescription}}exports.ResourceServerScope=ResourceServerScope,_a=JSII_RTTI_SYMBOL_1,ResourceServerScope[_a]={fqn:"aws-cdk-lib.aws_cognito.ResourceServerScope",version:"2.51.1"};class UserPoolResourceServer extends core_1.Resource{constructor(scope,id,props){super(scope,id,{physicalName:props.identifier});try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolResourceServerProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPoolResourceServer),error}const resource=new cognito_generated_1.CfnUserPoolResourceServer(this,"Resource",{identifier:this.physicalName,name:props.userPoolResourceServerName??this.physicalName,scopes:props.scopes,userPoolId:props.userPool.userPoolId});this.userPoolResourceServerId=resource.ref}static fromUserPoolResourceServerId(scope,id,userPoolResourceServerId){class Import extends core_1.Resource{constructor(){super(...arguments),this.userPoolResourceServerId=userPoolResourceServerId}}return new Import(scope,id)}}exports.UserPoolResourceServer=UserPoolResourceServer,_b=JSII_RTTI_SYMBOL_1,UserPoolResourceServer[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPoolResourceServer",version:"2.51.1"};
 //# sourceMappingURL=user-pool-resource-server.js.map

package/aws-cognito/lib/user-pool.js

@@ -1,2 +1,2 @@
-"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPool=exports.AccountRecovery=exports.Mfa=exports.VerificationEmailStyle=exports.UserPoolOperation=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),aws_iam_1=require("../../aws-iam"),core_1=require("../../core"),punycode_1=require("punycode/"),cognito_generated_1=require("./cognito.generated"),attr_names_1=require("./private/attr-names"),user_pool_client_1=require("./user-pool-client"),user_pool_domain_1=require("./user-pool-domain"),user_pool_resource_server_1=require("./user-pool-resource-server");class UserPoolOperation{constructor(operationName){this.operationName=operationName}static of(name){const lowerCamelCase=name.charAt(0).toLowerCase()+name.slice(1);return new UserPoolOperation(lowerCamelCase)}}exports.UserPoolOperation=UserPoolOperation,_a=JSII_RTTI_SYMBOL_1,UserPoolOperation[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolOperation",version:"2.51.0"},UserPoolOperation.CREATE_AUTH_CHALLENGE=new UserPoolOperation("createAuthChallenge"),UserPoolOperation.CUSTOM_MESSAGE=new UserPoolOperation("customMessage"),UserPoolOperation.DEFINE_AUTH_CHALLENGE=new UserPoolOperation("defineAuthChallenge"),UserPoolOperation.POST_AUTHENTICATION=new UserPoolOperation("postAuthentication"),UserPoolOperation.POST_CONFIRMATION=new UserPoolOperation("postConfirmation"),UserPoolOperation.PRE_AUTHENTICATION=new UserPoolOperation("preAuthentication"),UserPoolOperation.PRE_SIGN_UP=new UserPoolOperation("preSignUp"),UserPoolOperation.PRE_TOKEN_GENERATION=new UserPoolOperation("preTokenGeneration"),UserPoolOperation.USER_MIGRATION=new UserPoolOperation("userMigration"),UserPoolOperation.VERIFY_AUTH_CHALLENGE_RESPONSE=new UserPoolOperation("verifyAuthChallengeResponse"),UserPoolOperation.CUSTOM_EMAIL_SENDER=new UserPoolOperation("customEmailSender"),UserPoolOperation.CUSTOM_SMS_SENDER=new UserPoolOperation("customSmsSender");var VerificationEmailStyle;(function(VerificationEmailStyle2){VerificationEmailStyle2.CODE="CONFIRM_WITH_CODE",VerificationEmailStyle2.LINK="CONFIRM_WITH_LINK"})(VerificationEmailStyle=exports.VerificationEmailStyle||(exports.VerificationEmailStyle={}));var Mfa;(function(Mfa2){Mfa2.OFF="OFF",Mfa2.OPTIONAL="OPTIONAL",Mfa2.REQUIRED="ON"})(Mfa=exports.Mfa||(exports.Mfa={}));var AccountRecovery;(function(AccountRecovery2){AccountRecovery2[AccountRecovery2.EMAIL_AND_PHONE_WITHOUT_MFA=0]="EMAIL_AND_PHONE_WITHOUT_MFA",AccountRecovery2[AccountRecovery2.PHONE_WITHOUT_MFA_AND_EMAIL=1]="PHONE_WITHOUT_MFA_AND_EMAIL",AccountRecovery2[AccountRecovery2.EMAIL_ONLY=2]="EMAIL_ONLY",AccountRecovery2[AccountRecovery2.PHONE_ONLY_WITHOUT_MFA=3]="PHONE_ONLY_WITHOUT_MFA",AccountRecovery2[AccountRecovery2.PHONE_AND_EMAIL=4]="PHONE_AND_EMAIL",AccountRecovery2[AccountRecovery2.NONE=5]="NONE"})(AccountRecovery=exports.AccountRecovery||(exports.AccountRecovery={}));class UserPoolBase extends core_1.Resource{constructor(){super(...arguments),this.identityProviders=[]}addClient(id,options){return new user_pool_client_1.UserPoolClient(this,id,{userPool:this,...options})}addDomain(id,options){return new user_pool_domain_1.UserPoolDomain(this,id,{userPool:this,...options})}addResourceServer(id,options){return new user_pool_resource_server_1.UserPoolResourceServer(this,id,{userPool:this,...options})}registerIdentityProvider(provider){this.identityProviders.push(provider)}grant(grantee,...actions){return aws_iam_1.Grant.addToPrincipal({grantee,actions,resourceArns:[this.userPoolArn],scope:this})}}class UserPool extends UserPoolBase{constructor(scope,id,props={}){super(scope,id),this.triggers={};try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPool),error}const signIn=this.signInConfiguration(props);if(props.customSenderKmsKey){const kmsKey=props.customSenderKmsKey;this.triggers.kmsKeyId=kmsKey.keyArn}if(props.lambdaTriggers)for(const t of Object.keys(props.lambdaTriggers)){let trigger;switch(t){case"customSmsSender":case"customEmailSender":if(!this.triggers.kmsKeyId)throw new Error("you must specify a KMS key if you are using customSmsSender or customEmailSender.");trigger=props.lambdaTriggers[t];const version="V1_0";trigger!==void 0&&(this.addLambdaPermission(trigger,t),this.triggers[t]={lambdaArn:trigger.functionArn,lambdaVersion:version});break;default:trigger=props.lambdaTriggers[t],trigger!==void 0&&(this.addLambdaPermission(trigger,t),this.triggers[t]=trigger.functionArn);break}}const verificationMessageTemplate=this.verificationMessageConfiguration(props);let emailVerificationMessage,emailVerificationSubject;verificationMessageTemplate.defaultEmailOption===VerificationEmailStyle.CODE&&(emailVerificationMessage=verificationMessageTemplate.emailMessage,emailVerificationSubject=verificationMessageTemplate.emailSubject);const smsVerificationMessage=verificationMessageTemplate.smsMessage,inviteMessageTemplate={emailMessage:props.userInvitation?.emailBody,emailSubject:props.userInvitation?.emailSubject,smsMessage:props.userInvitation?.smsMessage},adminCreateUserConfig={allowAdminCreateUserOnly:!(props.selfSignUpEnabled??!1),inviteMessageTemplate:props.userInvitation!==void 0?inviteMessageTemplate:void 0},passwordPolicy=this.configurePasswordPolicy(props);if(props.email&&props.emailSettings)throw new Error('you must either provide "email" or "emailSettings", but not both');const emailConfiguration=props.email?props.email._bind(this):undefinedIfNoKeys({from:encodePuny(props.emailSettings?.from),replyToEmailAddress:encodePuny(props.emailSettings?.replyTo)}),userPool=new cognito_generated_1.CfnUserPool(this,"Resource",{userPoolName:props.userPoolName,usernameAttributes:signIn.usernameAttrs,aliasAttributes:signIn.aliasAttrs,autoVerifiedAttributes:signIn.autoVerifyAttrs,lambdaConfig:core_1.Lazy.any({produce:()=>undefinedIfNoKeys(this.triggers)}),smsAuthenticationMessage:this.mfaMessage(props),smsConfiguration:this.smsConfiguration(props),adminCreateUserConfig,emailVerificationMessage,emailVerificationSubject,smsVerificationMessage,verificationMessageTemplate,schema:this.schemaConfiguration(props),mfaConfiguration:props.mfa,enabledMfas:this.mfaConfiguration(props),policies:passwordPolicy!==void 0?{passwordPolicy}:void 0,emailConfiguration,usernameConfiguration:undefinedIfNoKeys({caseSensitive:props.signInCaseSensitive}),accountRecoverySetting:this.accountRecovery(props),deviceConfiguration:props.deviceTracking,userAttributeUpdateSettings:this.configureUserAttributeChanges(props),deletionProtection:defaultDeletionProtection(props.deletionProtection)});userPool.applyRemovalPolicy(props.removalPolicy),this.userPoolId=userPool.ref,this.userPoolArn=userPool.attrArn,this.userPoolProviderName=userPool.attrProviderName,this.userPoolProviderUrl=userPool.attrProviderUrl}static fromUserPoolId(scope,id,userPoolId){let userPoolArn=core_1.Stack.of(scope).formatArn({service:"cognito-idp",resource:"userpool",resourceName:userPoolId});return UserPool.fromUserPoolArn(scope,id,userPoolArn)}static fromUserPoolArn(scope,id,userPoolArn){const arnParts=core_1.Stack.of(scope).splitArn(userPoolArn,core_1.ArnFormat.SLASH_RESOURCE_NAME);if(!arnParts.resourceName)throw new Error("invalid user pool ARN");const userPoolId=arnParts.resourceName;class ImportedUserPool extends UserPoolBase{constructor(){super(scope,id,{account:arnParts.account,region:arnParts.region}),this.userPoolArn=userPoolArn,this.userPoolId=userPoolId}}return new ImportedUserPool}addTrigger(operation,fn){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolOperation(operation),jsiiDeprecationWarnings.aws_cdk_lib_aws_lambda_IFunction(fn)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addTrigger),error}if(operation.operationName in this.triggers)throw new Error(`A trigger for the operation ${operation.operationName} already exists.`);switch(this.addLambdaPermission(fn,operation.operationName),operation.operationName){case"customEmailSender":case"customSmsSender":if(!this.triggers.kmsKeyId)throw new Error("you must specify a KMS key if you are using customSmsSender or customEmailSender.");this.triggers[operation.operationName]={lambdaArn:fn.functionArn,lambdaVersion:"V1_0"};break;default:this.triggers[operation.operationName]=fn.functionArn}}addLambdaPermission(fn,name){const capitalize=name.charAt(0).toUpperCase()+name.slice(1);fn.addPermission(`${capitalize}Cognito`,{principal:new aws_iam_1.ServicePrincipal("cognito-idp.amazonaws.com"),sourceArn:core_1.Lazy.string({produce:()=>this.userPoolArn}),scope:this})}mfaMessage(props){const CODE_TEMPLATE="{####}",message=props.mfaMessage;if(message&&!core_1.Token.isUnresolved(message)){if(!message.includes(CODE_TEMPLATE))throw new Error(`MFA message must contain the template string '${CODE_TEMPLATE}'`);if(message.length>140)throw new Error(`MFA message must be between ${CODE_TEMPLATE.length} and ${140} characters`)}return message}verificationMessageConfiguration(props){const CODE_TEMPLATE="{####}",VERIFY_EMAIL_TEMPLATE="{##Verify Email##}",emailStyle=props.userVerification?.emailStyle??VerificationEmailStyle.CODE,emailSubject=props.userVerification?.emailSubject??"Verify your new account",smsMessage=props.userVerification?.smsMessage??`The verification code to your new account is ${CODE_TEMPLATE}`;if(emailStyle===VerificationEmailStyle.CODE){const emailMessage=props.userVerification?.emailBody??`The verification code to your new account is ${CODE_TEMPLATE}`;if(!core_1.Token.isUnresolved(emailMessage)&&emailMessage.indexOf(CODE_TEMPLATE)<0)throw new Error(`Verification email body must contain the template string '${CODE_TEMPLATE}'`);if(!core_1.Token.isUnresolved(smsMessage)&&smsMessage.indexOf(CODE_TEMPLATE)<0)throw new Error(`SMS message must contain the template string '${CODE_TEMPLATE}'`);return{defaultEmailOption:VerificationEmailStyle.CODE,emailMessage,emailSubject,smsMessage}}else{const emailMessage=props.userVerification?.emailBody??`Verify your account by clicking on ${VERIFY_EMAIL_TEMPLATE}`;if(!core_1.Token.isUnresolved(emailMessage)&&emailMessage.indexOf(VERIFY_EMAIL_TEMPLATE)<0)throw new Error(`Verification email body must contain the template string '${VERIFY_EMAIL_TEMPLATE}'`);return{defaultEmailOption:VerificationEmailStyle.LINK,emailMessageByLink:emailMessage,emailSubjectByLink:emailSubject,smsMessage}}}signInConfiguration(props){let aliasAttrs,usernameAttrs,autoVerifyAttrs;const signIn=props.signInAliases??{username:!0};if(signIn.preferredUsername&&!signIn.username)throw new Error("username signIn must be enabled if preferredUsername is enabled");return signIn.username?(aliasAttrs=[],signIn.email&&aliasAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&aliasAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber),signIn.preferredUsername&&aliasAttrs.push(attr_names_1.StandardAttributeNames.preferredUsername),aliasAttrs.length===0&&(aliasAttrs=void 0)):(usernameAttrs=[],signIn.email&&usernameAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&usernameAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)),props.autoVerify?(autoVerifyAttrs=[],props.autoVerify.email&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.email),props.autoVerify.phone&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)):(signIn.email||signIn.phone)&&(autoVerifyAttrs=[],signIn.email&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)),{usernameAttrs,aliasAttrs,autoVerifyAttrs}}smsConfiguration(props){if(props.enableSmsRole===!1&&props.smsRole)throw new Error("enableSmsRole cannot be disabled when smsRole is specified");if(props.smsRole)return{snsCallerArn:props.smsRole.roleArn,externalId:props.smsRoleExternalId,snsRegion:props.snsRegion};if(props.enableSmsRole===!1)return;const mfaConfiguration=this.mfaConfiguration(props),phoneVerification=props.signInAliases?.phone===!0||props.autoVerify?.phone===!0;if(!(mfaConfiguration?.includes("SMS_MFA")||phoneVerification)&&props.enableSmsRole===void 0)return;const smsRoleExternalId=core_1.Names.uniqueId(this).slice(0,1223),smsRole=props.smsRole??new aws_iam_1.Role(this,"smsRole",{assumedBy:new aws_iam_1.ServicePrincipal("cognito-idp.amazonaws.com",{conditions:{StringEquals:{"sts:ExternalId":smsRoleExternalId}}}),inlinePolicies:{"sns-publish":new aws_iam_1.PolicyDocument({statements:[new aws_iam_1.PolicyStatement({actions:["sns:Publish"],resources:["*"]})]})}});return{externalId:smsRoleExternalId,snsCallerArn:smsRole.roleArn,snsRegion:props.snsRegion}}mfaConfiguration(props){if(!(props.mfa===void 0||props.mfa===Mfa.OFF)){if(props.mfaSecondFactor===void 0&&(props.mfa===Mfa.OPTIONAL||props.mfa===Mfa.REQUIRED))return["SMS_MFA"];{const enabledMfas=[];return props.mfaSecondFactor.sms&&enabledMfas.push("SMS_MFA"),props.mfaSecondFactor.otp&&enabledMfas.push("SOFTWARE_TOKEN_MFA"),enabledMfas}}}configurePasswordPolicy(props){const tempPasswordValidity=props.passwordPolicy?.tempPasswordValidity;if(tempPasswordValidity!==void 0&&tempPasswordValidity.toDays()>core_1.Duration.days(365).toDays())throw new Error(`tempPasswordValidity cannot be greater than 365 days (received: ${tempPasswordValidity.toDays()})`);const minLength=props.passwordPolicy?props.passwordPolicy.minLength??8:void 0;if(minLength!==void 0&&(minLength<6||minLength>99))throw new Error(`minLength for password must be between 6 and 99 (received: ${minLength})`);return undefinedIfNoKeys({temporaryPasswordValidityDays:tempPasswordValidity?.toDays({integral:!0}),minimumLength:minLength,requireLowercase:props.passwordPolicy?.requireLowercase,requireUppercase:props.passwordPolicy?.requireUppercase,requireNumbers:props.passwordPolicy?.requireDigits,requireSymbols:props.passwordPolicy?.requireSymbols})}schemaConfiguration(props){const schema=[];if(props.standardAttributes){const stdAttributes=Object.entries(props.standardAttributes).filter(([,attr])=>!!attr).map(([attrName,attr])=>({name:attr_names_1.StandardAttributeNames[attrName],mutable:attr.mutable??!0,required:attr.required??!1}));schema.push(...stdAttributes)}if(props.customAttributes){const customAttrs=Object.keys(props.customAttributes).map(attrName=>{const attrConfig=props.customAttributes[attrName].bind(),numberConstraints={minValue:attrConfig.numberConstraints?.min?.toString(),maxValue:attrConfig.numberConstraints?.max?.toString()},stringConstraints={minLength:attrConfig.stringConstraints?.minLen?.toString(),maxLength:attrConfig.stringConstraints?.maxLen?.toString()};return{name:attrName,attributeDataType:attrConfig.dataType,numberAttributeConstraints:attrConfig.numberConstraints?numberConstraints:void 0,stringAttributeConstraints:attrConfig.stringConstraints?stringConstraints:void 0,mutable:attrConfig.mutable}});schema.push(...customAttrs)}if(schema.length!==0)return schema}accountRecovery(props){const accountRecovery=props.accountRecovery??AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL;switch(accountRecovery){case AccountRecovery.EMAIL_AND_PHONE_WITHOUT_MFA:return{recoveryMechanisms:[{name:"verified_email",priority:1},{name:"verified_phone_number",priority:2}]};case AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL:return{recoveryMechanisms:[{name:"verified_phone_number",priority:1},{name:"verified_email",priority:2}]};case AccountRecovery.EMAIL_ONLY:return{recoveryMechanisms:[{name:"verified_email",priority:1}]};case AccountRecovery.PHONE_ONLY_WITHOUT_MFA:return{recoveryMechanisms:[{name:"verified_phone_number",priority:1}]};case AccountRecovery.NONE:return{recoveryMechanisms:[{name:"admin_only",priority:1}]};case AccountRecovery.PHONE_AND_EMAIL:return;default:throw new Error(`Unsupported AccountRecovery type - ${accountRecovery}`)}}configureUserAttributeChanges(props){if(!props.keepOriginal)return;const attributesRequireVerificationBeforeUpdate=[];return props.keepOriginal.email&&attributesRequireVerificationBeforeUpdate.push(attr_names_1.StandardAttributeNames.email),props.keepOriginal.phone&&attributesRequireVerificationBeforeUpdate.push(attr_names_1.StandardAttributeNames.phoneNumber),{attributesRequireVerificationBeforeUpdate}}}exports.UserPool=UserPool,_b=JSII_RTTI_SYMBOL_1,UserPool[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPool",version:"2.51.0"};function undefinedIfNoKeys(struct){return Object.values(struct).every(val=>val===void 0)?void 0:struct}function encodePuny(input){return input!==void 0?punycode_1.toASCII(input):input}function defaultDeletionProtection(deletionProtection){if(deletionProtection===!0)return"ACTIVE";if(deletionProtection===!1)return"INACTIVE"}
+"use strict";var _a,_b;Object.defineProperty(exports,"__esModule",{value:!0}),exports.UserPool=exports.AccountRecovery=exports.Mfa=exports.VerificationEmailStyle=exports.UserPoolOperation=void 0;const jsiiDeprecationWarnings=require("../../.warnings.jsii.js"),JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti"),aws_iam_1=require("../../aws-iam"),core_1=require("../../core"),punycode_1=require("punycode/"),cognito_generated_1=require("./cognito.generated"),attr_names_1=require("./private/attr-names"),user_pool_client_1=require("./user-pool-client"),user_pool_domain_1=require("./user-pool-domain"),user_pool_resource_server_1=require("./user-pool-resource-server");class UserPoolOperation{constructor(operationName){this.operationName=operationName}static of(name){const lowerCamelCase=name.charAt(0).toLowerCase()+name.slice(1);return new UserPoolOperation(lowerCamelCase)}}exports.UserPoolOperation=UserPoolOperation,_a=JSII_RTTI_SYMBOL_1,UserPoolOperation[_a]={fqn:"aws-cdk-lib.aws_cognito.UserPoolOperation",version:"2.51.1"},UserPoolOperation.CREATE_AUTH_CHALLENGE=new UserPoolOperation("createAuthChallenge"),UserPoolOperation.CUSTOM_MESSAGE=new UserPoolOperation("customMessage"),UserPoolOperation.DEFINE_AUTH_CHALLENGE=new UserPoolOperation("defineAuthChallenge"),UserPoolOperation.POST_AUTHENTICATION=new UserPoolOperation("postAuthentication"),UserPoolOperation.POST_CONFIRMATION=new UserPoolOperation("postConfirmation"),UserPoolOperation.PRE_AUTHENTICATION=new UserPoolOperation("preAuthentication"),UserPoolOperation.PRE_SIGN_UP=new UserPoolOperation("preSignUp"),UserPoolOperation.PRE_TOKEN_GENERATION=new UserPoolOperation("preTokenGeneration"),UserPoolOperation.USER_MIGRATION=new UserPoolOperation("userMigration"),UserPoolOperation.VERIFY_AUTH_CHALLENGE_RESPONSE=new UserPoolOperation("verifyAuthChallengeResponse"),UserPoolOperation.CUSTOM_EMAIL_SENDER=new UserPoolOperation("customEmailSender"),UserPoolOperation.CUSTOM_SMS_SENDER=new UserPoolOperation("customSmsSender");var VerificationEmailStyle;(function(VerificationEmailStyle2){VerificationEmailStyle2.CODE="CONFIRM_WITH_CODE",VerificationEmailStyle2.LINK="CONFIRM_WITH_LINK"})(VerificationEmailStyle=exports.VerificationEmailStyle||(exports.VerificationEmailStyle={}));var Mfa;(function(Mfa2){Mfa2.OFF="OFF",Mfa2.OPTIONAL="OPTIONAL",Mfa2.REQUIRED="ON"})(Mfa=exports.Mfa||(exports.Mfa={}));var AccountRecovery;(function(AccountRecovery2){AccountRecovery2[AccountRecovery2.EMAIL_AND_PHONE_WITHOUT_MFA=0]="EMAIL_AND_PHONE_WITHOUT_MFA",AccountRecovery2[AccountRecovery2.PHONE_WITHOUT_MFA_AND_EMAIL=1]="PHONE_WITHOUT_MFA_AND_EMAIL",AccountRecovery2[AccountRecovery2.EMAIL_ONLY=2]="EMAIL_ONLY",AccountRecovery2[AccountRecovery2.PHONE_ONLY_WITHOUT_MFA=3]="PHONE_ONLY_WITHOUT_MFA",AccountRecovery2[AccountRecovery2.PHONE_AND_EMAIL=4]="PHONE_AND_EMAIL",AccountRecovery2[AccountRecovery2.NONE=5]="NONE"})(AccountRecovery=exports.AccountRecovery||(exports.AccountRecovery={}));class UserPoolBase extends core_1.Resource{constructor(){super(...arguments),this.identityProviders=[]}addClient(id,options){return new user_pool_client_1.UserPoolClient(this,id,{userPool:this,...options})}addDomain(id,options){return new user_pool_domain_1.UserPoolDomain(this,id,{userPool:this,...options})}addResourceServer(id,options){return new user_pool_resource_server_1.UserPoolResourceServer(this,id,{userPool:this,...options})}registerIdentityProvider(provider){this.identityProviders.push(provider)}grant(grantee,...actions){return aws_iam_1.Grant.addToPrincipal({grantee,actions,resourceArns:[this.userPoolArn],scope:this})}}class UserPool extends UserPoolBase{constructor(scope,id,props={}){super(scope,id),this.triggers={};try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,UserPool),error}const signIn=this.signInConfiguration(props);if(props.customSenderKmsKey){const kmsKey=props.customSenderKmsKey;this.triggers.kmsKeyId=kmsKey.keyArn}if(props.lambdaTriggers)for(const t of Object.keys(props.lambdaTriggers)){let trigger;switch(t){case"customSmsSender":case"customEmailSender":if(!this.triggers.kmsKeyId)throw new Error("you must specify a KMS key if you are using customSmsSender or customEmailSender.");trigger=props.lambdaTriggers[t];const version="V1_0";trigger!==void 0&&(this.addLambdaPermission(trigger,t),this.triggers[t]={lambdaArn:trigger.functionArn,lambdaVersion:version});break;default:trigger=props.lambdaTriggers[t],trigger!==void 0&&(this.addLambdaPermission(trigger,t),this.triggers[t]=trigger.functionArn);break}}const verificationMessageTemplate=this.verificationMessageConfiguration(props);let emailVerificationMessage,emailVerificationSubject;verificationMessageTemplate.defaultEmailOption===VerificationEmailStyle.CODE&&(emailVerificationMessage=verificationMessageTemplate.emailMessage,emailVerificationSubject=verificationMessageTemplate.emailSubject);const smsVerificationMessage=verificationMessageTemplate.smsMessage,inviteMessageTemplate={emailMessage:props.userInvitation?.emailBody,emailSubject:props.userInvitation?.emailSubject,smsMessage:props.userInvitation?.smsMessage},adminCreateUserConfig={allowAdminCreateUserOnly:!(props.selfSignUpEnabled??!1),inviteMessageTemplate:props.userInvitation!==void 0?inviteMessageTemplate:void 0},passwordPolicy=this.configurePasswordPolicy(props);if(props.email&&props.emailSettings)throw new Error('you must either provide "email" or "emailSettings", but not both');const emailConfiguration=props.email?props.email._bind(this):undefinedIfNoKeys({from:encodePuny(props.emailSettings?.from),replyToEmailAddress:encodePuny(props.emailSettings?.replyTo)}),userPool=new cognito_generated_1.CfnUserPool(this,"Resource",{userPoolName:props.userPoolName,usernameAttributes:signIn.usernameAttrs,aliasAttributes:signIn.aliasAttrs,autoVerifiedAttributes:signIn.autoVerifyAttrs,lambdaConfig:core_1.Lazy.any({produce:()=>undefinedIfNoKeys(this.triggers)}),smsAuthenticationMessage:this.mfaMessage(props),smsConfiguration:this.smsConfiguration(props),adminCreateUserConfig,emailVerificationMessage,emailVerificationSubject,smsVerificationMessage,verificationMessageTemplate,schema:this.schemaConfiguration(props),mfaConfiguration:props.mfa,enabledMfas:this.mfaConfiguration(props),policies:passwordPolicy!==void 0?{passwordPolicy}:void 0,emailConfiguration,usernameConfiguration:undefinedIfNoKeys({caseSensitive:props.signInCaseSensitive}),accountRecoverySetting:this.accountRecovery(props),deviceConfiguration:props.deviceTracking,userAttributeUpdateSettings:this.configureUserAttributeChanges(props),deletionProtection:defaultDeletionProtection(props.deletionProtection)});userPool.applyRemovalPolicy(props.removalPolicy),this.userPoolId=userPool.ref,this.userPoolArn=userPool.attrArn,this.userPoolProviderName=userPool.attrProviderName,this.userPoolProviderUrl=userPool.attrProviderUrl}static fromUserPoolId(scope,id,userPoolId){let userPoolArn=core_1.Stack.of(scope).formatArn({service:"cognito-idp",resource:"userpool",resourceName:userPoolId});return UserPool.fromUserPoolArn(scope,id,userPoolArn)}static fromUserPoolArn(scope,id,userPoolArn){const arnParts=core_1.Stack.of(scope).splitArn(userPoolArn,core_1.ArnFormat.SLASH_RESOURCE_NAME);if(!arnParts.resourceName)throw new Error("invalid user pool ARN");const userPoolId=arnParts.resourceName;class ImportedUserPool extends UserPoolBase{constructor(){super(scope,id,{account:arnParts.account,region:arnParts.region}),this.userPoolArn=userPoolArn,this.userPoolId=userPoolId}}return new ImportedUserPool}addTrigger(operation,fn){try{jsiiDeprecationWarnings.aws_cdk_lib_aws_cognito_UserPoolOperation(operation),jsiiDeprecationWarnings.aws_cdk_lib_aws_lambda_IFunction(fn)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addTrigger),error}if(operation.operationName in this.triggers)throw new Error(`A trigger for the operation ${operation.operationName} already exists.`);switch(this.addLambdaPermission(fn,operation.operationName),operation.operationName){case"customEmailSender":case"customSmsSender":if(!this.triggers.kmsKeyId)throw new Error("you must specify a KMS key if you are using customSmsSender or customEmailSender.");this.triggers[operation.operationName]={lambdaArn:fn.functionArn,lambdaVersion:"V1_0"};break;default:this.triggers[operation.operationName]=fn.functionArn}}addLambdaPermission(fn,name){const capitalize=name.charAt(0).toUpperCase()+name.slice(1);fn.addPermission(`${capitalize}Cognito`,{principal:new aws_iam_1.ServicePrincipal("cognito-idp.amazonaws.com"),sourceArn:core_1.Lazy.string({produce:()=>this.userPoolArn}),scope:this})}mfaMessage(props){const CODE_TEMPLATE="{####}",message=props.mfaMessage;if(message&&!core_1.Token.isUnresolved(message)){if(!message.includes(CODE_TEMPLATE))throw new Error(`MFA message must contain the template string '${CODE_TEMPLATE}'`);if(message.length>140)throw new Error(`MFA message must be between ${CODE_TEMPLATE.length} and ${140} characters`)}return message}verificationMessageConfiguration(props){const CODE_TEMPLATE="{####}",VERIFY_EMAIL_TEMPLATE="{##Verify Email##}",emailStyle=props.userVerification?.emailStyle??VerificationEmailStyle.CODE,emailSubject=props.userVerification?.emailSubject??"Verify your new account",smsMessage=props.userVerification?.smsMessage??`The verification code to your new account is ${CODE_TEMPLATE}`;if(emailStyle===VerificationEmailStyle.CODE){const emailMessage=props.userVerification?.emailBody??`The verification code to your new account is ${CODE_TEMPLATE}`;if(!core_1.Token.isUnresolved(emailMessage)&&emailMessage.indexOf(CODE_TEMPLATE)<0)throw new Error(`Verification email body must contain the template string '${CODE_TEMPLATE}'`);if(!core_1.Token.isUnresolved(smsMessage)&&smsMessage.indexOf(CODE_TEMPLATE)<0)throw new Error(`SMS message must contain the template string '${CODE_TEMPLATE}'`);return{defaultEmailOption:VerificationEmailStyle.CODE,emailMessage,emailSubject,smsMessage}}else{const emailMessage=props.userVerification?.emailBody??`Verify your account by clicking on ${VERIFY_EMAIL_TEMPLATE}`;if(!core_1.Token.isUnresolved(emailMessage)&&emailMessage.indexOf(VERIFY_EMAIL_TEMPLATE)<0)throw new Error(`Verification email body must contain the template string '${VERIFY_EMAIL_TEMPLATE}'`);return{defaultEmailOption:VerificationEmailStyle.LINK,emailMessageByLink:emailMessage,emailSubjectByLink:emailSubject,smsMessage}}}signInConfiguration(props){let aliasAttrs,usernameAttrs,autoVerifyAttrs;const signIn=props.signInAliases??{username:!0};if(signIn.preferredUsername&&!signIn.username)throw new Error("username signIn must be enabled if preferredUsername is enabled");return signIn.username?(aliasAttrs=[],signIn.email&&aliasAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&aliasAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber),signIn.preferredUsername&&aliasAttrs.push(attr_names_1.StandardAttributeNames.preferredUsername),aliasAttrs.length===0&&(aliasAttrs=void 0)):(usernameAttrs=[],signIn.email&&usernameAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&usernameAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)),props.autoVerify?(autoVerifyAttrs=[],props.autoVerify.email&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.email),props.autoVerify.phone&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)):(signIn.email||signIn.phone)&&(autoVerifyAttrs=[],signIn.email&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.email),signIn.phone&&autoVerifyAttrs.push(attr_names_1.StandardAttributeNames.phoneNumber)),{usernameAttrs,aliasAttrs,autoVerifyAttrs}}smsConfiguration(props){if(props.enableSmsRole===!1&&props.smsRole)throw new Error("enableSmsRole cannot be disabled when smsRole is specified");if(props.smsRole)return{snsCallerArn:props.smsRole.roleArn,externalId:props.smsRoleExternalId,snsRegion:props.snsRegion};if(props.enableSmsRole===!1)return;const mfaConfiguration=this.mfaConfiguration(props),phoneVerification=props.signInAliases?.phone===!0||props.autoVerify?.phone===!0;if(!(mfaConfiguration?.includes("SMS_MFA")||phoneVerification)&&props.enableSmsRole===void 0)return;const smsRoleExternalId=core_1.Names.uniqueId(this).slice(0,1223),smsRole=props.smsRole??new aws_iam_1.Role(this,"smsRole",{assumedBy:new aws_iam_1.ServicePrincipal("cognito-idp.amazonaws.com",{conditions:{StringEquals:{"sts:ExternalId":smsRoleExternalId}}}),inlinePolicies:{"sns-publish":new aws_iam_1.PolicyDocument({statements:[new aws_iam_1.PolicyStatement({actions:["sns:Publish"],resources:["*"]})]})}});return{externalId:smsRoleExternalId,snsCallerArn:smsRole.roleArn,snsRegion:props.snsRegion}}mfaConfiguration(props){if(!(props.mfa===void 0||props.mfa===Mfa.OFF)){if(props.mfaSecondFactor===void 0&&(props.mfa===Mfa.OPTIONAL||props.mfa===Mfa.REQUIRED))return["SMS_MFA"];{const enabledMfas=[];return props.mfaSecondFactor.sms&&enabledMfas.push("SMS_MFA"),props.mfaSecondFactor.otp&&enabledMfas.push("SOFTWARE_TOKEN_MFA"),enabledMfas}}}configurePasswordPolicy(props){const tempPasswordValidity=props.passwordPolicy?.tempPasswordValidity;if(tempPasswordValidity!==void 0&&tempPasswordValidity.toDays()>core_1.Duration.days(365).toDays())throw new Error(`tempPasswordValidity cannot be greater than 365 days (received: ${tempPasswordValidity.toDays()})`);const minLength=props.passwordPolicy?props.passwordPolicy.minLength??8:void 0;if(minLength!==void 0&&(minLength<6||minLength>99))throw new Error(`minLength for password must be between 6 and 99 (received: ${minLength})`);return undefinedIfNoKeys({temporaryPasswordValidityDays:tempPasswordValidity?.toDays({integral:!0}),minimumLength:minLength,requireLowercase:props.passwordPolicy?.requireLowercase,requireUppercase:props.passwordPolicy?.requireUppercase,requireNumbers:props.passwordPolicy?.requireDigits,requireSymbols:props.passwordPolicy?.requireSymbols})}schemaConfiguration(props){const schema=[];if(props.standardAttributes){const stdAttributes=Object.entries(props.standardAttributes).filter(([,attr])=>!!attr).map(([attrName,attr])=>({name:attr_names_1.StandardAttributeNames[attrName],mutable:attr.mutable??!0,required:attr.required??!1}));schema.push(...stdAttributes)}if(props.customAttributes){const customAttrs=Object.keys(props.customAttributes).map(attrName=>{const attrConfig=props.customAttributes[attrName].bind(),numberConstraints={minValue:attrConfig.numberConstraints?.min?.toString(),maxValue:attrConfig.numberConstraints?.max?.toString()},stringConstraints={minLength:attrConfig.stringConstraints?.minLen?.toString(),maxLength:attrConfig.stringConstraints?.maxLen?.toString()};return{name:attrName,attributeDataType:attrConfig.dataType,numberAttributeConstraints:attrConfig.numberConstraints?numberConstraints:void 0,stringAttributeConstraints:attrConfig.stringConstraints?stringConstraints:void 0,mutable:attrConfig.mutable}});schema.push(...customAttrs)}if(schema.length!==0)return schema}accountRecovery(props){const accountRecovery=props.accountRecovery??AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL;switch(accountRecovery){case AccountRecovery.EMAIL_AND_PHONE_WITHOUT_MFA:return{recoveryMechanisms:[{name:"verified_email",priority:1},{name:"verified_phone_number",priority:2}]};case AccountRecovery.PHONE_WITHOUT_MFA_AND_EMAIL:return{recoveryMechanisms:[{name:"verified_phone_number",priority:1},{name:"verified_email",priority:2}]};case AccountRecovery.EMAIL_ONLY:return{recoveryMechanisms:[{name:"verified_email",priority:1}]};case AccountRecovery.PHONE_ONLY_WITHOUT_MFA:return{recoveryMechanisms:[{name:"verified_phone_number",priority:1}]};case AccountRecovery.NONE:return{recoveryMechanisms:[{name:"admin_only",priority:1}]};case AccountRecovery.PHONE_AND_EMAIL:return;default:throw new Error(`Unsupported AccountRecovery type - ${accountRecovery}`)}}configureUserAttributeChanges(props){if(!props.keepOriginal)return;const attributesRequireVerificationBeforeUpdate=[];return props.keepOriginal.email&&attributesRequireVerificationBeforeUpdate.push(attr_names_1.StandardAttributeNames.email),props.keepOriginal.phone&&attributesRequireVerificationBeforeUpdate.push(attr_names_1.StandardAttributeNames.phoneNumber),{attributesRequireVerificationBeforeUpdate}}}exports.UserPool=UserPool,_b=JSII_RTTI_SYMBOL_1,UserPool[_b]={fqn:"aws-cdk-lib.aws_cognito.UserPool",version:"2.51.1"};function undefinedIfNoKeys(struct){return Object.values(struct).every(val=>val===void 0)?void 0:struct}function encodePuny(input){return input!==void 0?punycode_1.toASCII(input):input}function defaultDeletionProtection(deletionProtection){if(deletionProtection===!0)return"ACTIVE";if(deletionProtection===!1)return"INACTIVE"}
 //# sourceMappingURL=user-pool.js.map