Skip to content
Alchemy
GitHubXDiscord

UserPoolClient

The UserPoolClient resource lets you manage AWS Cognito UserPoolClients for your applications, allowing for user authentication and management.

Minimal Example

Section titled “Minimal Example”

Create a basic UserPoolClient with required properties and a couple of common optional settings.

import AWS from "alchemy/aws/control";


const userPoolClient = await AWS.Cognito.UserPoolClient("basicUserPoolClient", {
  UserPoolId: "us-east-1_examplePoolId",
  ClientName: "exampleAppClient",
  GenerateSecret: true,
  CallbackURLs: ["https://example.com/callback"],
  LogoutURLs: ["https://example.com/logout"],
  AllowedOAuthFlows: ["code", "implicit"],
  AllowedOAuthScopes: ["openid", "email"]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a UserPoolClient with advanced token validity settings and additional attributes.

const advancedUserPoolClient = await AWS.Cognito.UserPoolClient("advancedUserPoolClient", {
  UserPoolId: "us-east-1_examplePoolId",
  ClientName: "advancedAppClient",
  AccessTokenValidity: 60, // in minutes
  IdTokenValidity: 60, // in minutes
  RefreshTokenValidity: 30, // in days
  TokenValidityUnits: {
    AccessToken: "minutes",
    IdToken: "minutes",
    RefreshToken: "days"
  },
  ReadAttributes: ["email", "phone_number"],
  WriteAttributes: ["email", "name"]
});

Custom Authentication Flows

Section titled “Custom Authentication Flows”

Set up a UserPoolClient to support explicit authentication flows.

const customAuthUserPoolClient = await AWS.Cognito.UserPoolClient("customAuthUserPoolClient", {
  UserPoolId: "us-east-1_examplePoolId",
  ClientName: "customAuthClient",
  ExplicitAuthFlows: ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_USER_PASSWORD_AUTH"],
  EnablePropagateAdditionalUserContextData: true,
  PreventUserExistenceErrors: "ENABLED"
});

Analytics Configuration

Section titled “Analytics Configuration”

Enable analytics for the UserPoolClient to track user sign-in activities.

const analyticsUserPoolClient = await AWS.Cognito.UserPoolClient("analyticsUserPoolClient", {
  UserPoolId: "us-east-1_examplePoolId",
  ClientName: "analyticsClient",
  AnalyticsConfiguration: {
    ApplicationId: "1234567890",
    RoleArn: "arn:aws:iam::123456789012:role/CognitoAnalyticsRole",
    ExternalId: "exampleExternalId",
    UserDataShared: true
  }
});

These examples demonstrate how to define different configurations for AWS Cognito UserPoolClients using Alchemy, catering to various application needs.