com.amazonaws.services.cognitoidp.model.UpdateUserPoolClientRequest Maven / Gradle / Ivy
Show all versions of aws-java-sdk-cognitoidp Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.cognitoidp.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* Represents the request to update the user pool client.
*
*
* @see AWS
* API Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class UpdateUserPoolClientRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* The user pool ID for the user pool where you want to update the user pool client.
*
*/
private String userPoolId;
/**
*
* The ID of the client associated with the user pool.
*
*/
private String clientId;
/**
*
* The client name from the update user pool client request.
*
*/
private String clientName;
/**
*
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the
* time unit for RefreshTokenValidity as seconds, minutes, hours
* , or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new access
* and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of
* 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30
* days.
*
*/
private Integer refreshTokenValidity;
/**
*
* The access token time limit. After this limit expires, your user can't use their access token. To specify the
* time unit for AccessTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set AccessTokenValidity to 10 and TokenValidityUnits
* to hours, your user can authorize access with their access token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one
* hour.
*
*/
private Integer accessTokenValidity;
/**
*
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit
* for IdTokenValidity as seconds, minutes, hours, or
* days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set IdTokenValidity as 10 and TokenValidityUnits as
* hours, your user can authenticate their session with their ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
*
*/
private Integer idTokenValidity;
/**
*
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*
*/
private TokenValidityUnitsType tokenValidityUnits;
/**
*
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any attribute
* in this list. An example of this kind of activity is when your user selects a link to view their profile
* information. Your app makes a GetUser
* API request to retrieve and display your user's profile data.
*
*
* When you don't specify the ReadAttributes for your app client, your app can read the values of
* email_verified, phone_number_verified, and the Standard attributes of your user pool.
* When your user pool has read access to these default attributes, ReadAttributes doesn't return any
* information. Amazon Cognito only populates ReadAttributes in the API response if you have specified
* your own custom set of read attributes.
*
*/
private java.util.List readAttributes;
/**
*
* The list of user attributes that you want your app client to have write access to. After your user authenticates
* in your app, their access token authorizes them to set or modify their own attribute value for any attribute in
* this list. An example of this kind of activity is when you present your user with a form to update their profile
* information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
*
* When you don't specify the WriteAttributes for your app client, your app can write the values of the
* Standard attributes of your user pool. When your user pool has write access to these default attributes,
* WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you have
* mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through
* an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when
* it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*
*/
private java.util.List writeAttributes;
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*/
private java.util.List explicitAuthFlows;
/**
*
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*
*/
private java.util.List supportedIdentityProviders;
/**
*
* A list of allowed redirect (callback) URLs for the IdPs.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*/
private java.util.List callbackURLs;
/**
*
* A list of allowed logout URLs for the IdPs.
*
*/
private java.util.List logoutURLs;
/**
*
* The default redirect URI. Must be in the CallbackURLs list.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*/
private String defaultRedirectURI;
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*/
private java.util.List allowedOAuthFlows;
/**
*
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*
*/
private java.util.List allowedOAuthScopes;
/**
*
* Set to true to use OAuth 2.0 features in your user pool app client.
*
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the following
* features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false
* .
*
*/
private Boolean allowedOAuthFlowsUserPoolClient;
/**
*
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
*
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to
* Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending
* events to Amazon Pinpoint projects within that same Region.
*
*
*/
private AnalyticsConfigurationType analyticsConfiguration;
/**
*
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and
* password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user
* doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account
* confirmation and password recovery return a response indicating a code was sent to a simulated destination. When
* set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't
* exist in the user pool.
*
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors
* aren't prevented.
*
*
*
*/
private String preventUserExistenceErrors;
/**
*
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*
*/
private Boolean enableTokenRevocation;
/**
*
* Activates the propagation of additional user context data. For more information about propagation of user context
* data, see
* Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
* EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*
*/
private Boolean enablePropagateAdditionalUserContextData;
/**
*
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user
* must respond to each authentication challenge before the session expires.
*
*/
private Integer authSessionValidity;
/**
*
* The user pool ID for the user pool where you want to update the user pool client.
*
*
* @param userPoolId
* The user pool ID for the user pool where you want to update the user pool client.
*/
public void setUserPoolId(String userPoolId) {
this.userPoolId = userPoolId;
}
/**
*
* The user pool ID for the user pool where you want to update the user pool client.
*
*
* @return The user pool ID for the user pool where you want to update the user pool client.
*/
public String getUserPoolId() {
return this.userPoolId;
}
/**
*
* The user pool ID for the user pool where you want to update the user pool client.
*
*
* @param userPoolId
* The user pool ID for the user pool where you want to update the user pool client.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withUserPoolId(String userPoolId) {
setUserPoolId(userPoolId);
return this;
}
/**
*
* The ID of the client associated with the user pool.
*
*
* @param clientId
* The ID of the client associated with the user pool.
*/
public void setClientId(String clientId) {
this.clientId = clientId;
}
/**
*
* The ID of the client associated with the user pool.
*
*
* @return The ID of the client associated with the user pool.
*/
public String getClientId() {
return this.clientId;
}
/**
*
* The ID of the client associated with the user pool.
*
*
* @param clientId
* The ID of the client associated with the user pool.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withClientId(String clientId) {
setClientId(clientId);
return this;
}
/**
*
* The client name from the update user pool client request.
*
*
* @param clientName
* The client name from the update user pool client request.
*/
public void setClientName(String clientName) {
this.clientName = clientName;
}
/**
*
* The client name from the update user pool client request.
*
*
* @return The client name from the update user pool client request.
*/
public String getClientName() {
return this.clientName;
}
/**
*
* The client name from the update user pool client request.
*
*
* @param clientName
* The client name from the update user pool client request.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withClientName(String clientName) {
setClientName(clientName);
return this;
}
/**
*
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the
* time unit for RefreshTokenValidity as seconds, minutes, hours
* , or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new access
* and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of
* 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30
* days.
*
*
* @param refreshTokenValidity
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To
* specify the time unit for RefreshTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new
* access and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default
* value of 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for
* 30 days.
*/
public void setRefreshTokenValidity(Integer refreshTokenValidity) {
this.refreshTokenValidity = refreshTokenValidity;
}
/**
*
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the
* time unit for RefreshTokenValidity as seconds, minutes, hours
* , or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new access
* and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of
* 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30
* days.
*
*
* @return The refresh token time limit. After this limit expires, your user can't use their refresh token. To
* specify the time unit for RefreshTokenValidity as seconds, minutes
* , hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve
* new access and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default
* value of 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for
* 30 days.
*/
public Integer getRefreshTokenValidity() {
return this.refreshTokenValidity;
}
/**
*
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the
* time unit for RefreshTokenValidity as seconds, minutes, hours
* , or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new access
* and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default value of
* 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for 30
* days.
*
*
* @param refreshTokenValidity
* The refresh token time limit. After this limit expires, your user can't use their refresh token. To
* specify the time unit for RefreshTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set RefreshTokenValidity as 10 and
* TokenValidityUnits as days, your user can refresh their session and retrieve new
* access and ID tokens for 10 days.
*
*
* The default time unit for RefreshTokenValidity in an API request is days. You can't set
* RefreshTokenValidity to 0. If you do, Amazon Cognito overrides the value with the default
* value of 30 days. Valid range is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your refresh tokens are valid for
* 30 days.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withRefreshTokenValidity(Integer refreshTokenValidity) {
setRefreshTokenValidity(refreshTokenValidity);
return this;
}
/**
*
* The access token time limit. After this limit expires, your user can't use their access token. To specify the
* time unit for AccessTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set AccessTokenValidity to 10 and TokenValidityUnits
* to hours, your user can authorize access with their access token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one
* hour.
*
*
* @param accessTokenValidity
* The access token time limit. After this limit expires, your user can't use their access token. To specify
* the time unit for AccessTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set AccessTokenValidity to 10 and
* TokenValidityUnits to hours, your user can authorize access with their access
* token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range
* is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for
* one hour.
*/
public void setAccessTokenValidity(Integer accessTokenValidity) {
this.accessTokenValidity = accessTokenValidity;
}
/**
*
* The access token time limit. After this limit expires, your user can't use their access token. To specify the
* time unit for AccessTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set AccessTokenValidity to 10 and TokenValidityUnits
* to hours, your user can authorize access with their access token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one
* hour.
*
*
* @return The access token time limit. After this limit expires, your user can't use their access token. To specify
* the time unit for AccessTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set AccessTokenValidity to 10 and
* TokenValidityUnits to hours, your user can authorize access with their access
* token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range
* is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for
* one hour.
*/
public Integer getAccessTokenValidity() {
return this.accessTokenValidity;
}
/**
*
* The access token time limit. After this limit expires, your user can't use their access token. To specify the
* time unit for AccessTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set AccessTokenValidity to 10 and TokenValidityUnits
* to hours, your user can authorize access with their access token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for one
* hour.
*
*
* @param accessTokenValidity
* The access token time limit. After this limit expires, your user can't use their access token. To specify
* the time unit for AccessTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set AccessTokenValidity to 10 and
* TokenValidityUnits to hours, your user can authorize access with their access
* token for 10 hours.
*
*
* The default time unit for AccessTokenValidity in an API request is hours. Valid range
* is displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your access tokens are valid for
* one hour.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAccessTokenValidity(Integer accessTokenValidity) {
setAccessTokenValidity(accessTokenValidity);
return this;
}
/**
*
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit
* for IdTokenValidity as seconds, minutes, hours, or
* days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set IdTokenValidity as 10 and TokenValidityUnits as
* hours, your user can authenticate their session with their ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
*
*
* @param idTokenValidity
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time
* unit for IdTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
* For example, when you set IdTokenValidity as 10 and
* TokenValidityUnits as hours, your user can authenticate their session with their
* ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one
* hour.
*/
public void setIdTokenValidity(Integer idTokenValidity) {
this.idTokenValidity = idTokenValidity;
}
/**
*
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit
* for IdTokenValidity as seconds, minutes, hours, or
* days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set IdTokenValidity as 10 and TokenValidityUnits as
* hours, your user can authenticate their session with their ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
*
*
* @return The ID token time limit. After this limit expires, your user can't use their ID token. To specify the
* time unit for IdTokenValidity as seconds, minutes,
* hours, or days, set a TokenValidityUnits value in your API
* request.
*
* For example, when you set IdTokenValidity as 10 and
* TokenValidityUnits as hours, your user can authenticate their session with
* their ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one
* hour.
*/
public Integer getIdTokenValidity() {
return this.idTokenValidity;
}
/**
*
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit
* for IdTokenValidity as seconds, minutes, hours, or
* days, set a TokenValidityUnits value in your API request.
*
*
* For example, when you set IdTokenValidity as 10 and TokenValidityUnits as
* hours, your user can authenticate their session with their ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one hour.
*
*
* @param idTokenValidity
* The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time
* unit for IdTokenValidity as seconds, minutes, hours,
* or days, set a TokenValidityUnits value in your API request.
*
* For example, when you set IdTokenValidity as 10 and
* TokenValidityUnits as hours, your user can authenticate their session with their
* ID token for 10 hours.
*
*
* The default time unit for IdTokenValidity in an API request is hours. Valid range is
* displayed below in seconds.
*
*
* If you don't specify otherwise in the configuration of your app client, your ID tokens are valid for one
* hour.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withIdTokenValidity(Integer idTokenValidity) {
setIdTokenValidity(idTokenValidity);
return this;
}
/**
*
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*
*
* @param tokenValidityUnits
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*/
public void setTokenValidityUnits(TokenValidityUnitsType tokenValidityUnits) {
this.tokenValidityUnits = tokenValidityUnits;
}
/**
*
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*
*
* @return The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*/
public TokenValidityUnitsType getTokenValidityUnits() {
return this.tokenValidityUnits;
}
/**
*
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
*
*
* @param tokenValidityUnits
* The time units you use when you set the duration of ID, access, and refresh tokens. The default unit for
* RefreshToken is days, and the default for ID and access tokens is hours.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withTokenValidityUnits(TokenValidityUnitsType tokenValidityUnits) {
setTokenValidityUnits(tokenValidityUnits);
return this;
}
/**
*
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any attribute
* in this list. An example of this kind of activity is when your user selects a link to view their profile
* information. Your app makes a GetUser
* API request to retrieve and display your user's profile data.
*
*
* When you don't specify the ReadAttributes for your app client, your app can read the values of
* email_verified, phone_number_verified, and the Standard attributes of your user pool.
* When your user pool has read access to these default attributes, ReadAttributes doesn't return any
* information. Amazon Cognito only populates ReadAttributes in the API response if you have specified
* your own custom set of read attributes.
*
*
* @return The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any
* attribute in this list. An example of this kind of activity is when your user selects a link to view
* their profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
*
* When you don't specify the ReadAttributes for your app client, your app can read the values
* of email_verified, phone_number_verified, and the Standard attributes of your
* user pool. When your user pool has read access to these default attributes, ReadAttributes
* doesn't return any information. Amazon Cognito only populates ReadAttributes in the API
* response if you have specified your own custom set of read attributes.
*/
public java.util.List getReadAttributes() {
return readAttributes;
}
/**
*
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any attribute
* in this list. An example of this kind of activity is when your user selects a link to view their profile
* information. Your app makes a GetUser
* API request to retrieve and display your user's profile data.
*
*
* When you don't specify the ReadAttributes for your app client, your app can read the values of
* email_verified, phone_number_verified, and the Standard attributes of your user pool.
* When your user pool has read access to these default attributes, ReadAttributes doesn't return any
* information. Amazon Cognito only populates ReadAttributes in the API response if you have specified
* your own custom set of read attributes.
*
*
* @param readAttributes
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any
* attribute in this list. An example of this kind of activity is when your user selects a link to view their
* profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
*
* When you don't specify the ReadAttributes for your app client, your app can read the values
* of email_verified, phone_number_verified, and the Standard attributes of your
* user pool. When your user pool has read access to these default attributes, ReadAttributes
* doesn't return any information. Amazon Cognito only populates ReadAttributes in the API
* response if you have specified your own custom set of read attributes.
*/
public void setReadAttributes(java.util.Collection readAttributes) {
if (readAttributes == null) {
this.readAttributes = null;
return;
}
this.readAttributes = new java.util.ArrayList(readAttributes);
}
/**
*
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any attribute
* in this list. An example of this kind of activity is when your user selects a link to view their profile
* information. Your app makes a GetUser
* API request to retrieve and display your user's profile data.
*
*
* When you don't specify the ReadAttributes for your app client, your app can read the values of
* email_verified, phone_number_verified, and the Standard attributes of your user pool.
* When your user pool has read access to these default attributes, ReadAttributes doesn't return any
* information. Amazon Cognito only populates ReadAttributes in the API response if you have specified
* your own custom set of read attributes.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setReadAttributes(java.util.Collection)} or {@link #withReadAttributes(java.util.Collection)} if you want
* to override the existing values.
*
*
* @param readAttributes
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any
* attribute in this list. An example of this kind of activity is when your user selects a link to view their
* profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
*
* When you don't specify the ReadAttributes for your app client, your app can read the values
* of email_verified, phone_number_verified, and the Standard attributes of your
* user pool. When your user pool has read access to these default attributes, ReadAttributes
* doesn't return any information. Amazon Cognito only populates ReadAttributes in the API
* response if you have specified your own custom set of read attributes.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withReadAttributes(String... readAttributes) {
if (this.readAttributes == null) {
setReadAttributes(new java.util.ArrayList(readAttributes.length));
}
for (String ele : readAttributes) {
this.readAttributes.add(ele);
}
return this;
}
/**
*
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any attribute
* in this list. An example of this kind of activity is when your user selects a link to view their profile
* information. Your app makes a GetUser
* API request to retrieve and display your user's profile data.
*
*
* When you don't specify the ReadAttributes for your app client, your app can read the values of
* email_verified, phone_number_verified, and the Standard attributes of your user pool.
* When your user pool has read access to these default attributes, ReadAttributes doesn't return any
* information. Amazon Cognito only populates ReadAttributes in the API response if you have specified
* your own custom set of read attributes.
*
*
* @param readAttributes
* The list of user attributes that you want your app client to have read-only access to. After your user
* authenticates in your app, their access token authorizes them to read their own attribute value for any
* attribute in this list. An example of this kind of activity is when your user selects a link to view their
* profile information. Your app makes a GetUser API request to retrieve and display your user's profile data.
*
* When you don't specify the ReadAttributes for your app client, your app can read the values
* of email_verified, phone_number_verified, and the Standard attributes of your
* user pool. When your user pool has read access to these default attributes, ReadAttributes
* doesn't return any information. Amazon Cognito only populates ReadAttributes in the API
* response if you have specified your own custom set of read attributes.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withReadAttributes(java.util.Collection readAttributes) {
setReadAttributes(readAttributes);
return this;
}
/**
*
* The list of user attributes that you want your app client to have write access to. After your user authenticates
* in your app, their access token authorizes them to set or modify their own attribute value for any attribute in
* this list. An example of this kind of activity is when you present your user with a form to update their profile
* information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
*
* When you don't specify the WriteAttributes for your app client, your app can write the values of the
* Standard attributes of your user pool. When your user pool has write access to these default attributes,
* WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you have
* mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through
* an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when
* it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*
*
* @return The list of user attributes that you want your app client to have write access to. After your user
* authenticates in your app, their access token authorizes them to set or modify their own attribute value
* for any attribute in this list. An example of this kind of activity is when you present your user with a
* form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
* When you don't specify the WriteAttributes for your app client, your app can write the
* values of the Standard attributes of your user pool. When your user pool has write access to these
* default attributes, WriteAttributes doesn't return any information. Amazon Cognito only
* populates WriteAttributes in the API response if you have specified your own custom set of
* write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that
* you have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your
* application through an IdP. If your app client does not have write access to a mapped attribute, Amazon
* Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*/
public java.util.List getWriteAttributes() {
return writeAttributes;
}
/**
*
* The list of user attributes that you want your app client to have write access to. After your user authenticates
* in your app, their access token authorizes them to set or modify their own attribute value for any attribute in
* this list. An example of this kind of activity is when you present your user with a form to update their profile
* information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
*
* When you don't specify the WriteAttributes for your app client, your app can write the values of the
* Standard attributes of your user pool. When your user pool has write access to these default attributes,
* WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you have
* mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through
* an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when
* it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*
*
* @param writeAttributes
* The list of user attributes that you want your app client to have write access to. After your user
* authenticates in your app, their access token authorizes them to set or modify their own attribute value
* for any attribute in this list. An example of this kind of activity is when you present your user with a
* form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
* When you don't specify the WriteAttributes for your app client, your app can write the values
* of the Standard attributes of your user pool. When your user pool has write access to these default
* attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write
* attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you
* have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your
* application through an IdP. If your app client does not have write access to a mapped attribute, Amazon
* Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*/
public void setWriteAttributes(java.util.Collection writeAttributes) {
if (writeAttributes == null) {
this.writeAttributes = null;
return;
}
this.writeAttributes = new java.util.ArrayList(writeAttributes);
}
/**
*
* The list of user attributes that you want your app client to have write access to. After your user authenticates
* in your app, their access token authorizes them to set or modify their own attribute value for any attribute in
* this list. An example of this kind of activity is when you present your user with a form to update their profile
* information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
*
* When you don't specify the WriteAttributes for your app client, your app can write the values of the
* Standard attributes of your user pool. When your user pool has write access to these default attributes,
* WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you have
* mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through
* an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when
* it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setWriteAttributes(java.util.Collection)} or {@link #withWriteAttributes(java.util.Collection)} if you
* want to override the existing values.
*
*
* @param writeAttributes
* The list of user attributes that you want your app client to have write access to. After your user
* authenticates in your app, their access token authorizes them to set or modify their own attribute value
* for any attribute in this list. An example of this kind of activity is when you present your user with a
* form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
* When you don't specify the WriteAttributes for your app client, your app can write the values
* of the Standard attributes of your user pool. When your user pool has write access to these default
* attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write
* attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you
* have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your
* application through an IdP. If your app client does not have write access to a mapped attribute, Amazon
* Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withWriteAttributes(String... writeAttributes) {
if (this.writeAttributes == null) {
setWriteAttributes(new java.util.ArrayList(writeAttributes.length));
}
for (String ele : writeAttributes) {
this.writeAttributes.add(ele);
}
return this;
}
/**
*
* The list of user attributes that you want your app client to have write access to. After your user authenticates
* in your app, their access token authorizes them to set or modify their own attribute value for any attribute in
* this list. An example of this kind of activity is when you present your user with a form to update their profile
* information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
*
* When you don't specify the WriteAttributes for your app client, your app can write the values of the
* Standard attributes of your user pool. When your user pool has write access to these default attributes,
* WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you have
* mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your application through
* an IdP. If your app client does not have write access to a mapped attribute, Amazon Cognito throws an error when
* it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
*
*
* @param writeAttributes
* The list of user attributes that you want your app client to have write access to. After your user
* authenticates in your app, their access token authorizes them to set or modify their own attribute value
* for any attribute in this list. An example of this kind of activity is when you present your user with a
* form to update their profile information and they change their last name. Your app then makes an UpdateUserAttributes API request and sets family_name to the new value.
*
* When you don't specify the WriteAttributes for your app client, your app can write the values
* of the Standard attributes of your user pool. When your user pool has write access to these default
* attributes, WriteAttributes doesn't return any information. Amazon Cognito only populates
* WriteAttributes in the API response if you have specified your own custom set of write
* attributes.
*
*
* If your app client allows users to sign in through an IdP, this array must include all attributes that you
* have mapped to IdP attributes. Amazon Cognito updates mapped attributes when users sign in to your
* application through an IdP. If your app client does not have write access to a mapped attribute, Amazon
* Cognito throws an error when it tries to update the attribute. For more information, see Specifying IdP Attribute Mappings for Your user pool.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withWriteAttributes(java.util.Collection writeAttributes) {
setWriteAttributes(writeAttributes);
return this;
}
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*
* @return The authentication flows that you want your user pool client to support. For each app client in your user
* pool, you can sign in your users with any combination of one or more flows, including with a user name
* and Secure Remote Password (SRP), a user name and password, or a custom authentication process that you
* define with Lambda functions.
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and
* ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting.
* With this authentication flow, your app passes a user name and password to Amazon Cognito in the request,
* instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon
* Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH,
* CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy
* ExplicitAuthFlows values to user pool clients at the same time as values that begin with
* ALLOW_, like ALLOW_USER_SRP_AUTH.
* @see ExplicitAuthFlowsType
*/
public java.util.List getExplicitAuthFlows() {
return explicitAuthFlows;
}
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*
* @param explicitAuthFlows
* The authentication flows that you want your user pool client to support. For each app client in your user
* pool, you can sign in your users with any combination of one or more flows, including with a user name and
* Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define
* with Lambda functions.
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and
* ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting.
* With this authentication flow, your app passes a user name and password to Amazon Cognito in the request,
* instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon
* Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH,
* CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy
* ExplicitAuthFlows values to user pool clients at the same time as values that begin with
* ALLOW_, like ALLOW_USER_SRP_AUTH.
* @see ExplicitAuthFlowsType
*/
public void setExplicitAuthFlows(java.util.Collection explicitAuthFlows) {
if (explicitAuthFlows == null) {
this.explicitAuthFlows = null;
return;
}
this.explicitAuthFlows = new java.util.ArrayList(explicitAuthFlows);
}
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setExplicitAuthFlows(java.util.Collection)} or {@link #withExplicitAuthFlows(java.util.Collection)} if
* you want to override the existing values.
*
*
* @param explicitAuthFlows
* The authentication flows that you want your user pool client to support. For each app client in your user
* pool, you can sign in your users with any combination of one or more flows, including with a user name and
* Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define
* with Lambda functions.
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and
* ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting.
* With this authentication flow, your app passes a user name and password to Amazon Cognito in the request,
* instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon
* Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH,
* CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy
* ExplicitAuthFlows values to user pool clients at the same time as values that begin with
* ALLOW_, like ALLOW_USER_SRP_AUTH.
* @return Returns a reference to this object so that method calls can be chained together.
* @see ExplicitAuthFlowsType
*/
public UpdateUserPoolClientRequest withExplicitAuthFlows(String... explicitAuthFlows) {
if (this.explicitAuthFlows == null) {
setExplicitAuthFlows(new java.util.ArrayList(explicitAuthFlows.length));
}
for (String ele : explicitAuthFlows) {
this.explicitAuthFlows.add(ele);
}
return this;
}
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*
* @param explicitAuthFlows
* The authentication flows that you want your user pool client to support. For each app client in your user
* pool, you can sign in your users with any combination of one or more flows, including with a user name and
* Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define
* with Lambda functions.
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and
* ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting.
* With this authentication flow, your app passes a user name and password to Amazon Cognito in the request,
* instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon
* Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH,
* CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy
* ExplicitAuthFlows values to user pool clients at the same time as values that begin with
* ALLOW_, like ALLOW_USER_SRP_AUTH.
* @return Returns a reference to this object so that method calls can be chained together.
* @see ExplicitAuthFlowsType
*/
public UpdateUserPoolClientRequest withExplicitAuthFlows(java.util.Collection explicitAuthFlows) {
setExplicitAuthFlows(explicitAuthFlows);
return this;
}
/**
*
* The authentication flows that you want your user pool client to support. For each app client in your user pool,
* you can sign in your users with any combination of one or more flows, including with a user name and Secure
* Remote Password (SRP), a user name and password, or a custom authentication process that you define with Lambda
* functions.
*
*
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting. With
* this authentication flow, your app passes a user name and password to Amazon Cognito in the request, instead of
* using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon Cognito
* receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY,
* or USER_PASSWORD_AUTH. You can't assign these legacy ExplicitAuthFlows values to user
* pool clients at the same time as values that begin with ALLOW_, like
* ALLOW_USER_SRP_AUTH.
*
*
* @param explicitAuthFlows
* The authentication flows that you want your user pool client to support. For each app client in your user
* pool, you can sign in your users with any combination of one or more flows, including with a user name and
* Secure Remote Password (SRP), a user name and password, or a custom authentication process that you define
* with Lambda functions.
*
* If you don't specify a value for ExplicitAuthFlows, your user client supports
* ALLOW_REFRESH_TOKEN_AUTH, ALLOW_USER_SRP_AUTH, and
* ALLOW_CUSTOM_AUTH.
*
*
*
* Valid values include:
*
*
* -
*
* ALLOW_ADMIN_USER_PASSWORD_AUTH: Enable admin based user password authentication flow
* ADMIN_USER_PASSWORD_AUTH. This setting replaces the ADMIN_NO_SRP_AUTH setting.
* With this authentication flow, your app passes a user name and password to Amazon Cognito in the request,
* instead of using the Secure Remote Password (SRP) protocol to securely transmit the password.
*
*
* -
*
* ALLOW_CUSTOM_AUTH: Enable Lambda trigger based authentication.
*
*
* -
*
* ALLOW_USER_PASSWORD_AUTH: Enable user password-based authentication. In this flow, Amazon
* Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
*
*
* -
*
* ALLOW_USER_SRP_AUTH: Enable SRP-based authentication.
*
*
* -
*
* ALLOW_REFRESH_TOKEN_AUTH: Enable authflow to refresh tokens.
*
*
*
*
* In some environments, you will see the values ADMIN_NO_SRP_AUTH,
* CUSTOM_AUTH_FLOW_ONLY, or USER_PASSWORD_AUTH. You can't assign these legacy
* ExplicitAuthFlows values to user pool clients at the same time as values that begin with
* ALLOW_, like ALLOW_USER_SRP_AUTH.
* @return Returns a reference to this object so that method calls can be chained together.
* @see ExplicitAuthFlowsType
*/
public UpdateUserPoolClientRequest withExplicitAuthFlows(ExplicitAuthFlowsType... explicitAuthFlows) {
java.util.ArrayList explicitAuthFlowsCopy = new java.util.ArrayList(explicitAuthFlows.length);
for (ExplicitAuthFlowsType value : explicitAuthFlows) {
explicitAuthFlowsCopy.add(value.toString());
}
if (getExplicitAuthFlows() == null) {
setExplicitAuthFlows(explicitAuthFlowsCopy);
} else {
getExplicitAuthFlows().addAll(explicitAuthFlowsCopy);
}
return this;
}
/**
*
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*
*
* @return A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*/
public java.util.List getSupportedIdentityProviders() {
return supportedIdentityProviders;
}
/**
*
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*
*
* @param supportedIdentityProviders
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*/
public void setSupportedIdentityProviders(java.util.Collection supportedIdentityProviders) {
if (supportedIdentityProviders == null) {
this.supportedIdentityProviders = null;
return;
}
this.supportedIdentityProviders = new java.util.ArrayList(supportedIdentityProviders);
}
/**
*
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setSupportedIdentityProviders(java.util.Collection)} or
* {@link #withSupportedIdentityProviders(java.util.Collection)} if you want to override the existing values.
*
*
* @param supportedIdentityProviders
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withSupportedIdentityProviders(String... supportedIdentityProviders) {
if (this.supportedIdentityProviders == null) {
setSupportedIdentityProviders(new java.util.ArrayList(supportedIdentityProviders.length));
}
for (String ele : supportedIdentityProviders) {
this.supportedIdentityProviders.add(ele);
}
return this;
}
/**
*
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
*
*
* @param supportedIdentityProviders
* A list of provider names for the IdPs that this client supports. The following are supported:
* COGNITO, Facebook, Google, SignInWithApple,
* LoginWithAmazon, and the names of your own SAML and OIDC providers.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withSupportedIdentityProviders(java.util.Collection supportedIdentityProviders) {
setSupportedIdentityProviders(supportedIdentityProviders);
return this;
}
/**
*
* A list of allowed redirect (callback) URLs for the IdPs.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @return A list of allowed redirect (callback) URLs for the IdPs.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*/
public java.util.List getCallbackURLs() {
return callbackURLs;
}
/**
*
* A list of allowed redirect (callback) URLs for the IdPs.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @param callbackURLs
* A list of allowed redirect (callback) URLs for the IdPs.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*/
public void setCallbackURLs(java.util.Collection callbackURLs) {
if (callbackURLs == null) {
this.callbackURLs = null;
return;
}
this.callbackURLs = new java.util.ArrayList(callbackURLs);
}
/**
*
* A list of allowed redirect (callback) URLs for the IdPs.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setCallbackURLs(java.util.Collection)} or {@link #withCallbackURLs(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param callbackURLs
* A list of allowed redirect (callback) URLs for the IdPs.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withCallbackURLs(String... callbackURLs) {
if (this.callbackURLs == null) {
setCallbackURLs(new java.util.ArrayList(callbackURLs.length));
}
for (String ele : callbackURLs) {
this.callbackURLs.add(ele);
}
return this;
}
/**
*
* A list of allowed redirect (callback) URLs for the IdPs.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @param callbackURLs
* A list of allowed redirect (callback) URLs for the IdPs.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withCallbackURLs(java.util.Collection callbackURLs) {
setCallbackURLs(callbackURLs);
return this;
}
/**
*
* A list of allowed logout URLs for the IdPs.
*
*
* @return A list of allowed logout URLs for the IdPs.
*/
public java.util.List getLogoutURLs() {
return logoutURLs;
}
/**
*
* A list of allowed logout URLs for the IdPs.
*
*
* @param logoutURLs
* A list of allowed logout URLs for the IdPs.
*/
public void setLogoutURLs(java.util.Collection logoutURLs) {
if (logoutURLs == null) {
this.logoutURLs = null;
return;
}
this.logoutURLs = new java.util.ArrayList(logoutURLs);
}
/**
*
* A list of allowed logout URLs for the IdPs.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setLogoutURLs(java.util.Collection)} or {@link #withLogoutURLs(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param logoutURLs
* A list of allowed logout URLs for the IdPs.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withLogoutURLs(String... logoutURLs) {
if (this.logoutURLs == null) {
setLogoutURLs(new java.util.ArrayList(logoutURLs.length));
}
for (String ele : logoutURLs) {
this.logoutURLs.add(ele);
}
return this;
}
/**
*
* A list of allowed logout URLs for the IdPs.
*
*
* @param logoutURLs
* A list of allowed logout URLs for the IdPs.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withLogoutURLs(java.util.Collection logoutURLs) {
setLogoutURLs(logoutURLs);
return this;
}
/**
*
* The default redirect URI. Must be in the CallbackURLs list.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @param defaultRedirectURI
* The default redirect URI. Must be in the CallbackURLs list.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes
* only.
*
*
* App callback URLs such as myapp://example are also supported.
*/
public void setDefaultRedirectURI(String defaultRedirectURI) {
this.defaultRedirectURI = defaultRedirectURI;
}
/**
*
* The default redirect URI. Must be in the CallbackURLs list.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @return The default redirect URI. Must be in the CallbackURLs list.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes
* only.
*
*
* App callback URLs such as myapp://example are also supported.
*/
public String getDefaultRedirectURI() {
return this.defaultRedirectURI;
}
/**
*
* The default redirect URI. Must be in the CallbackURLs list.
*
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
*
*
* App callback URLs such as myapp://example are also supported.
*
*
* @param defaultRedirectURI
* The default redirect URI. Must be in the CallbackURLs list.
*
* A redirect URI must:
*
*
* -
*
* Be an absolute URI.
*
*
* -
*
* Be registered with the authorization server.
*
*
* -
*
* Not include a fragment component.
*
*
*
*
* See OAuth 2.0 - Redirection Endpoint.
*
*
* Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes
* only.
*
*
* App callback URLs such as myapp://example are also supported.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withDefaultRedirectURI(String defaultRedirectURI) {
setDefaultRedirectURI(defaultRedirectURI);
return this;
}
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*
* @return The allowed OAuth flows.
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged
* for access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
* @see OAuthFlowType
*/
public java.util.List getAllowedOAuthFlows() {
return allowedOAuthFlows;
}
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*
* @param allowedOAuthFlows
* The allowed OAuth flows.
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged
* for access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
* @see OAuthFlowType
*/
public void setAllowedOAuthFlows(java.util.Collection allowedOAuthFlows) {
if (allowedOAuthFlows == null) {
this.allowedOAuthFlows = null;
return;
}
this.allowedOAuthFlows = new java.util.ArrayList(allowedOAuthFlows);
}
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setAllowedOAuthFlows(java.util.Collection)} or {@link #withAllowedOAuthFlows(java.util.Collection)} if
* you want to override the existing values.
*
*
* @param allowedOAuthFlows
* The allowed OAuth flows.
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged
* for access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see OAuthFlowType
*/
public UpdateUserPoolClientRequest withAllowedOAuthFlows(String... allowedOAuthFlows) {
if (this.allowedOAuthFlows == null) {
setAllowedOAuthFlows(new java.util.ArrayList(allowedOAuthFlows.length));
}
for (String ele : allowedOAuthFlows) {
this.allowedOAuthFlows.add(ele);
}
return this;
}
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*
* @param allowedOAuthFlows
* The allowed OAuth flows.
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged
* for access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see OAuthFlowType
*/
public UpdateUserPoolClientRequest withAllowedOAuthFlows(java.util.Collection allowedOAuthFlows) {
setAllowedOAuthFlows(allowedOAuthFlows);
return this;
}
/**
*
* The allowed OAuth flows.
*
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged for
* access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
*
*
* @param allowedOAuthFlows
* The allowed OAuth flows.
*
* - code
* -
*
* Use a code grant flow, which provides an authorization code as the response. This code can be exchanged
* for access tokens with the /oauth2/token endpoint.
*
*
* - implicit
* -
*
* Issue the access token (and, optionally, ID token, based on scopes) directly to your user.
*
*
* - client_credentials
* -
*
* Issue the access token from the /oauth2/token endpoint directly to a non-person user using a
* combination of the client ID and client secret.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see OAuthFlowType
*/
public UpdateUserPoolClientRequest withAllowedOAuthFlows(OAuthFlowType... allowedOAuthFlows) {
java.util.ArrayList allowedOAuthFlowsCopy = new java.util.ArrayList(allowedOAuthFlows.length);
for (OAuthFlowType value : allowedOAuthFlows) {
allowedOAuthFlowsCopy.add(value.toString());
}
if (getAllowedOAuthFlows() == null) {
setAllowedOAuthFlows(allowedOAuthFlowsCopy);
} else {
getAllowedOAuthFlows().addAll(allowedOAuthFlowsCopy);
}
return this;
}
/**
*
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*
*
* @return The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*/
public java.util.List getAllowedOAuthScopes() {
return allowedOAuthScopes;
}
/**
*
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*
*
* @param allowedOAuthScopes
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*/
public void setAllowedOAuthScopes(java.util.Collection allowedOAuthScopes) {
if (allowedOAuthScopes == null) {
this.allowedOAuthScopes = null;
return;
}
this.allowedOAuthScopes = new java.util.ArrayList(allowedOAuthScopes);
}
/**
*
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setAllowedOAuthScopes(java.util.Collection)} or {@link #withAllowedOAuthScopes(java.util.Collection)} if
* you want to override the existing values.
*
*
* @param allowedOAuthScopes
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAllowedOAuthScopes(String... allowedOAuthScopes) {
if (this.allowedOAuthScopes == null) {
setAllowedOAuthScopes(new java.util.ArrayList(allowedOAuthScopes.length));
}
for (String ele : allowedOAuthScopes) {
this.allowedOAuthScopes.add(ele);
}
return this;
}
/**
*
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
*
*
* @param allowedOAuthScopes
* The allowed OAuth scopes. Possible values provided by OAuth are phone, email,
* openid, and profile. Possible values provided by Amazon Web Services are
* aws.cognito.signin.user.admin. Custom scopes created in Resource Servers are also supported.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAllowedOAuthScopes(java.util.Collection allowedOAuthScopes) {
setAllowedOAuthScopes(allowedOAuthScopes);
return this;
}
/**
*
* Set to true to use OAuth 2.0 features in your user pool app client.
*
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the following
* features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false
* .
*
*
* @param allowedOAuthFlowsUserPoolClient
* Set to true to use OAuth 2.0 features in your user pool app client.
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the
* following features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient
* or UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to
* false.
*/
public void setAllowedOAuthFlowsUserPoolClient(Boolean allowedOAuthFlowsUserPoolClient) {
this.allowedOAuthFlowsUserPoolClient = allowedOAuthFlowsUserPoolClient;
}
/**
*
* Set to true to use OAuth 2.0 features in your user pool app client.
*
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the following
* features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false
* .
*
*
* @return Set to true to use OAuth 2.0 features in your user pool app client.
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the
* following features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth
* 2.0 grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient
* or UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to
* false.
*/
public Boolean getAllowedOAuthFlowsUserPoolClient() {
return this.allowedOAuthFlowsUserPoolClient;
}
/**
*
* Set to true to use OAuth 2.0 features in your user pool app client.
*
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the following
* features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false
* .
*
*
* @param allowedOAuthFlowsUserPoolClient
* Set to true to use OAuth 2.0 features in your user pool app client.
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the
* following features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient
* or UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to
* false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAllowedOAuthFlowsUserPoolClient(Boolean allowedOAuthFlowsUserPoolClient) {
setAllowedOAuthFlowsUserPoolClient(allowedOAuthFlowsUserPoolClient);
return this;
}
/**
*
* Set to true to use OAuth 2.0 features in your user pool app client.
*
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the following
* features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth 2.0
* grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient or
* UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to false
* .
*
*
* @return Set to true to use OAuth 2.0 features in your user pool app client.
*
* AllowedOAuthFlowsUserPoolClient must be true before you can configure the
* following features in your app client.
*
*
* -
*
* CallBackURLs: Callback URLs.
*
*
* -
*
* LogoutURLs: Sign-out redirect URLs.
*
*
* -
*
* AllowedOAuthScopes: OAuth 2.0 scopes.
*
*
* -
*
* AllowedOAuthFlows: Support for authorization code, implicit, and client credentials OAuth
* 2.0 grants.
*
*
*
*
* To use OAuth 2.0 features, configure one of these features in the Amazon Cognito console or set
* AllowedOAuthFlowsUserPoolClient to true in a CreateUserPoolClient
* or UpdateUserPoolClient API request. If you don't set a value for
* AllowedOAuthFlowsUserPoolClient in a request with the CLI or SDKs, it defaults to
* false.
*/
public Boolean isAllowedOAuthFlowsUserPoolClient() {
return this.allowedOAuthFlowsUserPoolClient;
}
/**
*
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
*
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to
* Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending
* events to Amazon Pinpoint projects within that same Region.
*
*
*
* @param analyticsConfiguration
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending
* events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools
* support sending events to Amazon Pinpoint projects within that same Region.
*
*/
public void setAnalyticsConfiguration(AnalyticsConfigurationType analyticsConfiguration) {
this.analyticsConfiguration = analyticsConfiguration;
}
/**
*
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
*
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to
* Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending
* events to Amazon Pinpoint projects within that same Region.
*
*
*
* @return The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending
* events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user
* pools support sending events to Amazon Pinpoint projects within that same Region.
*
*/
public AnalyticsConfigurationType getAnalyticsConfiguration() {
return this.analyticsConfiguration;
}
/**
*
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
*
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending events to
* Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools support sending
* events to Amazon Pinpoint projects within that same Region.
*
*
*
* @param analyticsConfiguration
* The Amazon Pinpoint analytics configuration necessary to collect metrics for this user pool.
*
* In Amazon Web Services Regions where Amazon Pinpoint isn't available, user pools only support sending
* events to Amazon Pinpoint projects in us-east-1. In Regions where Amazon Pinpoint is available, user pools
* support sending events to Amazon Pinpoint projects within that same Region.
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAnalyticsConfiguration(AnalyticsConfigurationType analyticsConfiguration) {
setAnalyticsConfiguration(analyticsConfiguration);
return this;
}
/**
*
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and
* password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user
* doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account
* confirmation and password recovery return a response indicating a code was sent to a simulated destination. When
* set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't
* exist in the user pool.
*
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors
* aren't prevented.
*
*
*
*
* @param preventUserExistenceErrors
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account
* confirmation, and password recovery when the user doesn't exist in the user pool. When set to
* ENABLED and the user doesn't exist, authentication returns an error indicating either the
* username or password was incorrect. Account confirmation and password recovery return a response
* indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return
* a UserNotFoundException exception if the user doesn't exist in the user pool.
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related
* errors aren't prevented.
*
*
* @see PreventUserExistenceErrorTypes
*/
public void setPreventUserExistenceErrors(String preventUserExistenceErrors) {
this.preventUserExistenceErrors = preventUserExistenceErrors;
}
/**
*
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and
* password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user
* doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account
* confirmation and password recovery return a response indicating a code was sent to a simulated destination. When
* set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't
* exist in the user pool.
*
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors
* aren't prevented.
*
*
*
*
* @return Errors and responses that you want Amazon Cognito APIs to return during authentication, account
* confirmation, and password recovery when the user doesn't exist in the user pool. When set to
* ENABLED and the user doesn't exist, authentication returns an error indicating either the
* username or password was incorrect. Account confirmation and password recovery return a response
* indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return
* a UserNotFoundException exception if the user doesn't exist in the user pool.
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related
* errors aren't prevented.
*
*
* @see PreventUserExistenceErrorTypes
*/
public String getPreventUserExistenceErrors() {
return this.preventUserExistenceErrors;
}
/**
*
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and
* password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user
* doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account
* confirmation and password recovery return a response indicating a code was sent to a simulated destination. When
* set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't
* exist in the user pool.
*
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors
* aren't prevented.
*
*
*
*
* @param preventUserExistenceErrors
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account
* confirmation, and password recovery when the user doesn't exist in the user pool. When set to
* ENABLED and the user doesn't exist, authentication returns an error indicating either the
* username or password was incorrect. Account confirmation and password recovery return a response
* indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return
* a UserNotFoundException exception if the user doesn't exist in the user pool.
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related
* errors aren't prevented.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see PreventUserExistenceErrorTypes
*/
public UpdateUserPoolClientRequest withPreventUserExistenceErrors(String preventUserExistenceErrors) {
setPreventUserExistenceErrors(preventUserExistenceErrors);
return this;
}
/**
*
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and
* password recovery when the user doesn't exist in the user pool. When set to ENABLED and the user
* doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account
* confirmation and password recovery return a response indicating a code was sent to a simulated destination. When
* set to LEGACY, those APIs return a UserNotFoundException exception if the user doesn't
* exist in the user pool.
*
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related errors
* aren't prevented.
*
*
*
*
* @param preventUserExistenceErrors
* Errors and responses that you want Amazon Cognito APIs to return during authentication, account
* confirmation, and password recovery when the user doesn't exist in the user pool. When set to
* ENABLED and the user doesn't exist, authentication returns an error indicating either the
* username or password was incorrect. Account confirmation and password recovery return a response
* indicating a code was sent to a simulated destination. When set to LEGACY, those APIs return
* a UserNotFoundException exception if the user doesn't exist in the user pool.
*
* Valid values include:
*
*
* -
*
* ENABLED - This prevents user existence-related errors.
*
*
* -
*
* LEGACY - This represents the early behavior of Amazon Cognito where user existence related
* errors aren't prevented.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see PreventUserExistenceErrorTypes
*/
public UpdateUserPoolClientRequest withPreventUserExistenceErrors(PreventUserExistenceErrorTypes preventUserExistenceErrors) {
this.preventUserExistenceErrors = preventUserExistenceErrors.toString();
return this;
}
/**
*
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*
*
* @param enableTokenRevocation
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*/
public void setEnableTokenRevocation(Boolean enableTokenRevocation) {
this.enableTokenRevocation = enableTokenRevocation;
}
/**
*
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*
*
* @return Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*/
public Boolean getEnableTokenRevocation() {
return this.enableTokenRevocation;
}
/**
*
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*
*
* @param enableTokenRevocation
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withEnableTokenRevocation(Boolean enableTokenRevocation) {
setEnableTokenRevocation(enableTokenRevocation);
return this;
}
/**
*
* Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*
*
* @return Activates or deactivates token revocation. For more information about revoking tokens, see RevokeToken.
*/
public Boolean isEnableTokenRevocation() {
return this.enableTokenRevocation;
}
/**
*
* Activates the propagation of additional user context data. For more information about propagation of user context
* data, see
* Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
* EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*
*
* @param enablePropagateAdditionalUserContextData
* Activates the propagation of additional user context data. For more information about propagation of user
* context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only
* activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*/
public void setEnablePropagateAdditionalUserContextData(Boolean enablePropagateAdditionalUserContextData) {
this.enablePropagateAdditionalUserContextData = enablePropagateAdditionalUserContextData;
}
/**
*
* Activates the propagation of additional user context data. For more information about propagation of user context
* data, see
* Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
* EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*
*
* @return Activates the propagation of additional user context data. For more information about propagation of user
* context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only
* activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*/
public Boolean getEnablePropagateAdditionalUserContextData() {
return this.enablePropagateAdditionalUserContextData;
}
/**
*
* Activates the propagation of additional user context data. For more information about propagation of user context
* data, see
* Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
* EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*
*
* @param enablePropagateAdditionalUserContextData
* Activates the propagation of additional user context data. For more information about propagation of user
* context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only
* activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withEnablePropagateAdditionalUserContextData(Boolean enablePropagateAdditionalUserContextData) {
setEnablePropagateAdditionalUserContextData(enablePropagateAdditionalUserContextData);
return this;
}
/**
*
* Activates the propagation of additional user context data. For more information about propagation of user context
* data, see
* Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only activate
* EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*
*
* @return Activates the propagation of additional user context data. For more information about propagation of user
* context data, see Adding advanced security to a user pool. If you don’t include this parameter, you can't send device
* fingerprint information, including source IP address, to Amazon Cognito advanced security. You can only
* activate EnablePropagateAdditionalUserContextData in an app client that has a client secret.
*/
public Boolean isEnablePropagateAdditionalUserContextData() {
return this.enablePropagateAdditionalUserContextData;
}
/**
*
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user
* must respond to each authentication challenge before the session expires.
*
*
* @param authSessionValidity
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native
* user must respond to each authentication challenge before the session expires.
*/
public void setAuthSessionValidity(Integer authSessionValidity) {
this.authSessionValidity = authSessionValidity;
}
/**
*
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user
* must respond to each authentication challenge before the session expires.
*
*
* @return Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool
* native user must respond to each authentication challenge before the session expires.
*/
public Integer getAuthSessionValidity() {
return this.authSessionValidity;
}
/**
*
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native user
* must respond to each authentication challenge before the session expires.
*
*
* @param authSessionValidity
* Amazon Cognito creates a session token for each API request in an authentication flow.
* AuthSessionValidity is the duration, in minutes, of that session token. Your user pool native
* user must respond to each authentication challenge before the session expires.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public UpdateUserPoolClientRequest withAuthSessionValidity(Integer authSessionValidity) {
setAuthSessionValidity(authSessionValidity);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getUserPoolId() != null)
sb.append("UserPoolId: ").append(getUserPoolId()).append(",");
if (getClientId() != null)
sb.append("ClientId: ").append("***Sensitive Data Redacted***").append(",");
if (getClientName() != null)
sb.append("ClientName: ").append(getClientName()).append(",");
if (getRefreshTokenValidity() != null)
sb.append("RefreshTokenValidity: ").append(getRefreshTokenValidity()).append(",");
if (getAccessTokenValidity() != null)
sb.append("AccessTokenValidity: ").append(getAccessTokenValidity()).append(",");
if (getIdTokenValidity() != null)
sb.append("IdTokenValidity: ").append(getIdTokenValidity()).append(",");
if (getTokenValidityUnits() != null)
sb.append("TokenValidityUnits: ").append(getTokenValidityUnits()).append(",");
if (getReadAttributes() != null)
sb.append("ReadAttributes: ").append(getReadAttributes()).append(",");
if (getWriteAttributes() != null)
sb.append("WriteAttributes: ").append(getWriteAttributes()).append(",");
if (getExplicitAuthFlows() != null)
sb.append("ExplicitAuthFlows: ").append(getExplicitAuthFlows()).append(",");
if (getSupportedIdentityProviders() != null)
sb.append("SupportedIdentityProviders: ").append(getSupportedIdentityProviders()).append(",");
if (getCallbackURLs() != null)
sb.append("CallbackURLs: ").append(getCallbackURLs()).append(",");
if (getLogoutURLs() != null)
sb.append("LogoutURLs: ").append(getLogoutURLs()).append(",");
if (getDefaultRedirectURI() != null)
sb.append("DefaultRedirectURI: ").append(getDefaultRedirectURI()).append(",");
if (getAllowedOAuthFlows() != null)
sb.append("AllowedOAuthFlows: ").append(getAllowedOAuthFlows()).append(",");
if (getAllowedOAuthScopes() != null)
sb.append("AllowedOAuthScopes: ").append(getAllowedOAuthScopes()).append(",");
if (getAllowedOAuthFlowsUserPoolClient() != null)
sb.append("AllowedOAuthFlowsUserPoolClient: ").append(getAllowedOAuthFlowsUserPoolClient()).append(",");
if (getAnalyticsConfiguration() != null)
sb.append("AnalyticsConfiguration: ").append(getAnalyticsConfiguration()).append(",");
if (getPreventUserExistenceErrors() != null)
sb.append("PreventUserExistenceErrors: ").append(getPreventUserExistenceErrors()).append(",");
if (getEnableTokenRevocation() != null)
sb.append("EnableTokenRevocation: ").append(getEnableTokenRevocation()).append(",");
if (getEnablePropagateAdditionalUserContextData() != null)
sb.append("EnablePropagateAdditionalUserContextData: ").append(getEnablePropagateAdditionalUserContextData()).append(",");
if (getAuthSessionValidity() != null)
sb.append("AuthSessionValidity: ").append(getAuthSessionValidity());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof UpdateUserPoolClientRequest == false)
return false;
UpdateUserPoolClientRequest other = (UpdateUserPoolClientRequest) obj;
if (other.getUserPoolId() == null ^ this.getUserPoolId() == null)
return false;
if (other.getUserPoolId() != null && other.getUserPoolId().equals(this.getUserPoolId()) == false)
return false;
if (other.getClientId() == null ^ this.getClientId() == null)
return false;
if (other.getClientId() != null && other.getClientId().equals(this.getClientId()) == false)
return false;
if (other.getClientName() == null ^ this.getClientName() == null)
return false;
if (other.getClientName() != null && other.getClientName().equals(this.getClientName()) == false)
return false;
if (other.getRefreshTokenValidity() == null ^ this.getRefreshTokenValidity() == null)
return false;
if (other.getRefreshTokenValidity() != null && other.getRefreshTokenValidity().equals(this.getRefreshTokenValidity()) == false)
return false;
if (other.getAccessTokenValidity() == null ^ this.getAccessTokenValidity() == null)
return false;
if (other.getAccessTokenValidity() != null && other.getAccessTokenValidity().equals(this.getAccessTokenValidity()) == false)
return false;
if (other.getIdTokenValidity() == null ^ this.getIdTokenValidity() == null)
return false;
if (other.getIdTokenValidity() != null && other.getIdTokenValidity().equals(this.getIdTokenValidity()) == false)
return false;
if (other.getTokenValidityUnits() == null ^ this.getTokenValidityUnits() == null)
return false;
if (other.getTokenValidityUnits() != null && other.getTokenValidityUnits().equals(this.getTokenValidityUnits()) == false)
return false;
if (other.getReadAttributes() == null ^ this.getReadAttributes() == null)
return false;
if (other.getReadAttributes() != null && other.getReadAttributes().equals(this.getReadAttributes()) == false)
return false;
if (other.getWriteAttributes() == null ^ this.getWriteAttributes() == null)
return false;
if (other.getWriteAttributes() != null && other.getWriteAttributes().equals(this.getWriteAttributes()) == false)
return false;
if (other.getExplicitAuthFlows() == null ^ this.getExplicitAuthFlows() == null)
return false;
if (other.getExplicitAuthFlows() != null && other.getExplicitAuthFlows().equals(this.getExplicitAuthFlows()) == false)
return false;
if (other.getSupportedIdentityProviders() == null ^ this.getSupportedIdentityProviders() == null)
return false;
if (other.getSupportedIdentityProviders() != null && other.getSupportedIdentityProviders().equals(this.getSupportedIdentityProviders()) == false)
return false;
if (other.getCallbackURLs() == null ^ this.getCallbackURLs() == null)
return false;
if (other.getCallbackURLs() != null && other.getCallbackURLs().equals(this.getCallbackURLs()) == false)
return false;
if (other.getLogoutURLs() == null ^ this.getLogoutURLs() == null)
return false;
if (other.getLogoutURLs() != null && other.getLogoutURLs().equals(this.getLogoutURLs()) == false)
return false;
if (other.getDefaultRedirectURI() == null ^ this.getDefaultRedirectURI() == null)
return false;
if (other.getDefaultRedirectURI() != null && other.getDefaultRedirectURI().equals(this.getDefaultRedirectURI()) == false)
return false;
if (other.getAllowedOAuthFlows() == null ^ this.getAllowedOAuthFlows() == null)
return false;
if (other.getAllowedOAuthFlows() != null && other.getAllowedOAuthFlows().equals(this.getAllowedOAuthFlows()) == false)
return false;
if (other.getAllowedOAuthScopes() == null ^ this.getAllowedOAuthScopes() == null)
return false;
if (other.getAllowedOAuthScopes() != null && other.getAllowedOAuthScopes().equals(this.getAllowedOAuthScopes()) == false)
return false;
if (other.getAllowedOAuthFlowsUserPoolClient() == null ^ this.getAllowedOAuthFlowsUserPoolClient() == null)
return false;
if (other.getAllowedOAuthFlowsUserPoolClient() != null
&& other.getAllowedOAuthFlowsUserPoolClient().equals(this.getAllowedOAuthFlowsUserPoolClient()) == false)
return false;
if (other.getAnalyticsConfiguration() == null ^ this.getAnalyticsConfiguration() == null)
return false;
if (other.getAnalyticsConfiguration() != null && other.getAnalyticsConfiguration().equals(this.getAnalyticsConfiguration()) == false)
return false;
if (other.getPreventUserExistenceErrors() == null ^ this.getPreventUserExistenceErrors() == null)
return false;
if (other.getPreventUserExistenceErrors() != null && other.getPreventUserExistenceErrors().equals(this.getPreventUserExistenceErrors()) == false)
return false;
if (other.getEnableTokenRevocation() == null ^ this.getEnableTokenRevocation() == null)
return false;
if (other.getEnableTokenRevocation() != null && other.getEnableTokenRevocation().equals(this.getEnableTokenRevocation()) == false)
return false;
if (other.getEnablePropagateAdditionalUserContextData() == null ^ this.getEnablePropagateAdditionalUserContextData() == null)
return false;
if (other.getEnablePropagateAdditionalUserContextData() != null
&& other.getEnablePropagateAdditionalUserContextData().equals(this.getEnablePropagateAdditionalUserContextData()) == false)
return false;
if (other.getAuthSessionValidity() == null ^ this.getAuthSessionValidity() == null)
return false;
if (other.getAuthSessionValidity() != null && other.getAuthSessionValidity().equals(this.getAuthSessionValidity()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getUserPoolId() == null) ? 0 : getUserPoolId().hashCode());
hashCode = prime * hashCode + ((getClientId() == null) ? 0 : getClientId().hashCode());
hashCode = prime * hashCode + ((getClientName() == null) ? 0 : getClientName().hashCode());
hashCode = prime * hashCode + ((getRefreshTokenValidity() == null) ? 0 : getRefreshTokenValidity().hashCode());
hashCode = prime * hashCode + ((getAccessTokenValidity() == null) ? 0 : getAccessTokenValidity().hashCode());
hashCode = prime * hashCode + ((getIdTokenValidity() == null) ? 0 : getIdTokenValidity().hashCode());
hashCode = prime * hashCode + ((getTokenValidityUnits() == null) ? 0 : getTokenValidityUnits().hashCode());
hashCode = prime * hashCode + ((getReadAttributes() == null) ? 0 : getReadAttributes().hashCode());
hashCode = prime * hashCode + ((getWriteAttributes() == null) ? 0 : getWriteAttributes().hashCode());
hashCode = prime * hashCode + ((getExplicitAuthFlows() == null) ? 0 : getExplicitAuthFlows().hashCode());
hashCode = prime * hashCode + ((getSupportedIdentityProviders() == null) ? 0 : getSupportedIdentityProviders().hashCode());
hashCode = prime * hashCode + ((getCallbackURLs() == null) ? 0 : getCallbackURLs().hashCode());
hashCode = prime * hashCode + ((getLogoutURLs() == null) ? 0 : getLogoutURLs().hashCode());
hashCode = prime * hashCode + ((getDefaultRedirectURI() == null) ? 0 : getDefaultRedirectURI().hashCode());
hashCode = prime * hashCode + ((getAllowedOAuthFlows() == null) ? 0 : getAllowedOAuthFlows().hashCode());
hashCode = prime * hashCode + ((getAllowedOAuthScopes() == null) ? 0 : getAllowedOAuthScopes().hashCode());
hashCode = prime * hashCode + ((getAllowedOAuthFlowsUserPoolClient() == null) ? 0 : getAllowedOAuthFlowsUserPoolClient().hashCode());
hashCode = prime * hashCode + ((getAnalyticsConfiguration() == null) ? 0 : getAnalyticsConfiguration().hashCode());
hashCode = prime * hashCode + ((getPreventUserExistenceErrors() == null) ? 0 : getPreventUserExistenceErrors().hashCode());
hashCode = prime * hashCode + ((getEnableTokenRevocation() == null) ? 0 : getEnableTokenRevocation().hashCode());
hashCode = prime * hashCode + ((getEnablePropagateAdditionalUserContextData() == null) ? 0 : getEnablePropagateAdditionalUserContextData().hashCode());
hashCode = prime * hashCode + ((getAuthSessionValidity() == null) ? 0 : getAuthSessionValidity().hashCode());
return hashCode;
}
@Override
public UpdateUserPoolClientRequest clone() {
return (UpdateUserPoolClientRequest) super.clone();
}
}