/ - Amazon Cognito Identity Provider

curl --location --request POST '/' \ --header 'X-Amz-Target;' \ --header 'Content-Type: application/json' \ --data-raw '{ "UserPoolId": "string", "ProviderName": "string", "ProviderType": "SAML", "ProviderDetails": { "property1": "string", "property2": "string" }, "AttributeMapping": { "property1": "string", "property2": "string" }, "IdpIdentifiers": [] }'

{ "IdentityProvider": { "UserPoolId": "string", "ProviderName": "string", "ProviderType": "SAML", "ProviderDetails": { "property1": "string", "property2": "string" }, "AttributeMapping": { "property1": "string", "property2": "string" }, "IdpIdentifiers": [], "LastModifiedDate": "string", "CreationDate": "string" } }

Request

Header Params

X-Amz-Target

string

required

Body Params application/json

UserPoolId

string

required

The user pool ID.

>= 1 characters<= 55 characters

Match pattern:

[\w-]+_[0-9a-zA-Z]+

ProviderName

string

required

The IdP name.

>= 3 characters<= 32 characters

Match pattern:

[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+

ProviderType

enum<string>

required

The IdP type.

Allowed values:

SAMLFacebookGoogleLoginWithAmazonSignInWithAppleOIDC

ProviderDetails

object

required

The IdP details. The following list describes the provider detail keys for each IdP type.

For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
- private_key
- authorize_scopes
For OpenID Connect (OIDC) providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
- The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
  - authorize_url
  - token_url
  - attributes_url
  - jwks_uri
- Amazon Cognito sets the value of the following keys automatically. They are read-only.
  - attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional

AttributeMapping

object

optional

A mapping of IdP attributes to standard and custom user pool attributes.

IdpIdentifiers

array[string]

optional

A list of IdP identifiers.

>= 0 items<= 50 items

Examples

Responses

🟢200Success

application/json

Body

IdentityProvider

object

required

The newly created IdP object.

UserPoolId

string

optional

The user pool ID.

>= 1 characters<= 55 characters

Match pattern:

[\w-]+_[0-9a-zA-Z]+

ProviderName

string

optional

The IdP name.

>= 1 characters<= 32 characters

Match pattern:

[\p{L}\p{M}\p{S}\p{N}\p{P}]+

ProviderType

enum<string>

optional

The IdP type.

Allowed values:

SAMLFacebookGoogleLoginWithAmazonSignInWithAppleOIDC

ProviderDetails

object

optional

The IdP details. The following list describes the provider detail keys for each IdP type.

For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
- private_key
  
  You can submit a private_key when you add or update an IdP. Describe operations don't return the private key.
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
- The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
  - authorize_url
  - token_url
  - attributes_url
  - jwks_uri
- Amazon Cognito sets the value of the following keys automatically. They are read-only.
  - attributes_url_add_attributes
For SAML providers:
- MetadataFile or MetadataURL
- IDPSignout optional

AttributeMapping

object

optional

A mapping of IdP attributes to standard and custom user pool attributes.

IdpIdentifiers

array[string]

optional

A list of IdP identifiers.

>= 0 items<= 50 items

LastModifiedDate

string <date-time>

optional

The date the IdP was last modified.

CreationDate

string <date-time>

optional

The date the IdP was created.

🟠480InvalidParameterException

🟠481DuplicateProviderException

🟠482ResourceNotFoundException

🟠483NotAuthorizedException

🟠484TooManyRequestsException

🟠485LimitExceededException

🟠486InternalErrorException