From f993b571905e87476edbd74ddfb9e2242d8d7ab6 Mon Sep 17 00:00:00 2001 From: mazyu36 Date: Fri, 17 May 2024 07:25:40 +0900 Subject: [PATCH] feat(cognito): add enablePropagateAdditionalUserContextData to UserClient Construct (#30178) ### Issue # (if applicable) N/A ### Reason for this change Missing property in the UserClient Construct https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cognito.CfnUserPoolClient.html#enablepropagateadditionalusercontextdata ### Description of changes Add missing property ### Description of how you validated changes Add unit test and integ tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cdk.out | 1 + ...able-propagate-additional-data.assets.json | 19 ++ ...le-propagate-additional-data.template.json | 97 +++++++++ .../integ.json | 12 ++ ...efaultTestDeployAssertE48CC71B.assets.json | 19 ++ ...aultTestDeployAssertE48CC71B.template.json | 36 ++++ .../manifest.json | 119 +++++++++++ .../tree.json | 194 ++++++++++++++++++ ...client-enable-propagate-additional-data.ts | 25 +++ packages/aws-cdk-lib/aws-cognito/README.md | 21 +- .../aws-cognito/lib/user-pool-client.ts | 13 ++ .../aws-cognito/test/user-pool-client.test.ts | 60 ++++++ 12 files changed, 614 insertions(+), 2 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.assets.json new file mode 100644 index 0000000000000..b04e5101c98d6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "701ca21c0ac68d75e9bc8ea4be4e6b110eab7f1d6fe2959269245e2c6a2f11b1": { + "source": { + "path": "integ-user-pool-client-enable-propagate-additional-data.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "701ca21c0ac68d75e9bc8ea4be4e6b110eab7f1d6fe2959269245e2c6a2f11b1.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.template.json new file mode 100644 index 0000000000000..761efde3af529 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ-user-pool-client-enable-propagate-additional-data.template.json @@ -0,0 +1,97 @@ +{ + "Resources": { + "pool056F3F7E": { + "Type": "AWS::Cognito::UserPool", + "Properties": { + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Name": "verified_phone_number", + "Priority": 1 + }, + { + "Name": "verified_email", + "Priority": 2 + } + ] + }, + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": true + }, + "EmailVerificationMessage": "The verification code to your new account is {####}", + "EmailVerificationSubject": "Verify your new account", + "SmsVerificationMessage": "The verification code to your new account is {####}", + "VerificationMessageTemplate": { + "DefaultEmailOption": "CONFIRM_WITH_CODE", + "EmailMessage": "The verification code to your new account is {####}", + "EmailSubject": "Verify your new account", + "SmsMessage": "The verification code to your new account is {####}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "poolclient2623294C": { + "Type": "AWS::Cognito::UserPoolClient", + "Properties": { + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AllowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "CallbackURLs": [ + "https://example.com" + ], + "EnablePropagateAdditionalUserContextData": true, + "GenerateSecret": true, + "SupportedIdentityProviders": [ + "COGNITO" + ], + "UserPoolId": { + "Ref": "pool056F3F7E" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ.json new file mode 100644 index 0000000000000..6c7a59b381f48 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest": { + "stacks": [ + "integ-user-pool-client-enable-propagate-additional-data" + ], + "assertionStack": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert", + "assertionStackName": "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets.json new file mode 100644 index 0000000000000..36d035c311273 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/manifest.json new file mode 100644 index 0000000000000..5d16e65d7fdde --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/manifest.json @@ -0,0 +1,119 @@ +{ + "version": "36.0.0", + "artifacts": { + "integ-user-pool-client-enable-propagate-additional-data.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integ-user-pool-client-enable-propagate-additional-data.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integ-user-pool-client-enable-propagate-additional-data": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integ-user-pool-client-enable-propagate-additional-data.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/701ca21c0ac68d75e9bc8ea4be4e6b110eab7f1d6fe2959269245e2c6a2f11b1.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integ-user-pool-client-enable-propagate-additional-data.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integ-user-pool-client-enable-propagate-additional-data.assets" + ], + "metadata": { + "/integ-user-pool-client-enable-propagate-additional-data/pool/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "pool056F3F7E" + } + ], + "/integ-user-pool-client-enable-propagate-additional-data/pool/client/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "poolclient2623294C" + } + ], + "/integ-user-pool-client-enable-propagate-additional-data/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-user-pool-client-enable-propagate-additional-data/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-user-pool-client-enable-propagate-additional-data" + }, + "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integuserpoolclientenablepropagateadditionaldatatestDefaultTestDeployAssertE48CC71B.assets" + ], + "metadata": { + "/integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/tree.json new file mode 100644 index 0000000000000..4258e48360ae4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.js.snapshot/tree.json @@ -0,0 +1,194 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "integ-user-pool-client-enable-propagate-additional-data": { + "id": "integ-user-pool-client-enable-propagate-additional-data", + "path": "integ-user-pool-client-enable-propagate-additional-data", + "children": { + "pool": { + "id": "pool", + "path": "integ-user-pool-client-enable-propagate-additional-data/pool", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-user-pool-client-enable-propagate-additional-data/pool/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPool", + "aws:cdk:cloudformation:props": { + "accountRecoverySetting": { + "recoveryMechanisms": [ + { + "name": "verified_phone_number", + "priority": 1 + }, + { + "name": "verified_email", + "priority": 2 + } + ] + }, + "adminCreateUserConfig": { + "allowAdminCreateUserOnly": true + }, + "emailVerificationMessage": "The verification code to your new account is {####}", + "emailVerificationSubject": "Verify your new account", + "smsVerificationMessage": "The verification code to your new account is {####}", + "verificationMessageTemplate": { + "defaultEmailOption": "CONFIRM_WITH_CODE", + "emailMessage": "The verification code to your new account is {####}", + "emailSubject": "Verify your new account", + "smsMessage": "The verification code to your new account is {####}" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "client": { + "id": "client", + "path": "integ-user-pool-client-enable-propagate-additional-data/pool/client", + "children": { + "Resource": { + "id": "Resource", + "path": "integ-user-pool-client-enable-propagate-additional-data/pool/client/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", + "aws:cdk:cloudformation:props": { + "allowedOAuthFlows": [ + "implicit", + "code" + ], + "allowedOAuthFlowsUserPoolClient": true, + "allowedOAuthScopes": [ + "profile", + "phone", + "email", + "openid", + "aws.cognito.signin.user.admin" + ], + "callbackUrLs": [ + "https://example.com" + ], + "enablePropagateAdditionalUserContextData": true, + "generateSecret": true, + "supportedIdentityProviders": [ + "COGNITO" + ], + "userPoolId": { + "Ref": "pool056F3F7E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-user-pool-client-enable-propagate-additional-data/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-user-pool-client-enable-propagate-additional-data/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-user-pool-client-enable-propagate-additional-data-test": { + "id": "integ-user-pool-client-enable-propagate-additional-data-test", + "path": "integ-user-pool-client-enable-propagate-additional-data-test", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-user-pool-client-enable-propagate-additional-data-test/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.ts new file mode 100644 index 0000000000000..7052b87ab8b2a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-client-enable-propagate-additional-data.ts @@ -0,0 +1,25 @@ +import { App, RemovalPolicy, Stack } from 'aws-cdk-lib'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { Construct } from 'constructs'; +import { UserPool } from 'aws-cdk-lib/aws-cognito'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string) { + super(scope, id); + const userpool = new UserPool(this, 'pool', { + removalPolicy: RemovalPolicy.DESTROY, + }); + + userpool.addClient('client', { + generateSecret: true, + enablePropagateAdditionalUserContextData: true, + }); + } +} + +const app = new App(); +const testCase = new TestStack(app, 'integ-user-pool-client-enable-propagate-additional-data'); + +new IntegTest(app, 'integ-user-pool-client-enable-propagate-additional-data-test', { + testCases: [testCase], +}); diff --git a/packages/aws-cdk-lib/aws-cognito/README.md b/packages/aws-cdk-lib/aws-cognito/README.md index 51bb622f97798..6e8928279f182 100644 --- a/packages/aws-cdk-lib/aws-cognito/README.md +++ b/packages/aws-cdk-lib/aws-cognito/README.md @@ -79,7 +79,7 @@ Users can either be signed up by the app's administrators or can sign themselves account needs to be confirmed. Cognito provides several ways to sign users up and confirm their accounts. Learn more about [user sign up here](https://docs.aws.amazon.com/cognito/latest/developerguide/signing-up-users-in-your-app.html). -To verify the email address of a user in your user pool with Amazon Cognito, you can send the user an email message +To verify the email address of a user in your user pool with Amazon Cognito, you can send the user an email message with a link that they can select, or you can send them a code that they can enter. #### Code Verification @@ -119,7 +119,7 @@ new cognito.UserPool(this, 'myuserpool', { ``` #### Link Verification -Alternatively, users can use link as a verification method. The following code snippet configures a user pool with +Alternatively, users can use link as a verification method. The following code snippet configures a user pool with properties relevant to these verification messages and link verification method. ```ts @@ -847,6 +847,23 @@ const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', { const secret = userPoolClient.userPoolClientSecret; ``` +If you set `enablePropagateAdditionalUserContextData: true`, you can collect and pass +information about your user's session to Amazon Cognito advanced security +when you use the API to sign them up, sign them in, and reset their password. + + +```ts +declare const importedPool: cognito.UserPool; + +const userPoolClient = new cognito.UserPoolClient(this, 'UserPoolClient', { + userPool: importedPool, + generateSecret: true, + enablePropagateAdditionalUserContextData: true, +}); +``` + +See [Adding user device and session data to API requests](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint) for more information. + ### Resource Servers A resource server is a server for access-protected resources. It handles authenticated requests from an app that has an diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts index f799e7ef38f4a..92bc7c4911811 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-client.ts @@ -310,6 +310,14 @@ export interface UserPoolClientOptions { * @default true for new user pool clients */ readonly enableTokenRevocation?: boolean; + + /** + * Enable the propagation of additional user context data. + * You can only activate enablePropagateAdditionalUserContextData in an app client that has a client secret. + * @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-adaptive-authentication.html#user-pool-settings-adaptive-authentication-device-fingerprint + * @default false for new user pool clients + */ + readonly enablePropagateAdditionalUserContextData?: boolean; } /** @@ -399,6 +407,10 @@ export class UserPoolClient extends Resource implements IUserPoolClient { } } + if (!props.generateSecret && props.enablePropagateAdditionalUserContextData) { + throw new Error('Cannot activate enablePropagateAdditionalUserContextData in an app client without a client secret.'); + } + this._generateSecret = props.generateSecret; this.userPool = props.userPool; @@ -417,6 +429,7 @@ export class UserPoolClient extends Resource implements IUserPoolClient { readAttributes: props.readAttributes?.attributes(), writeAttributes: props.writeAttributes?.attributes(), enableTokenRevocation: props.enableTokenRevocation, + enablePropagateAdditionalUserContextData: props.enablePropagateAdditionalUserContextData, }); this.configureAuthSessionValidity(resource, props); this.configureTokenValidity(resource, props); diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts index cfa30d0aea317..6d2093d41cee0 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-client.test.ts @@ -1226,4 +1226,64 @@ describe('User Pool Client', () => { }); }); }); + + test('enablePropagateAdditionalUserContextData in addClient', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'Pool'); + + // WHEN + pool.addClient('Client', { + generateSecret: true, + enablePropagateAdditionalUserContextData: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Cognito::UserPoolClient', { + EnablePropagateAdditionalUserContextData: true, + }); + }); + + test('enablePropagateAdditionalUserContextData in UserPoolClient', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'Pool'); + + // WHEN + new UserPoolClient(stack, 'Client', { + userPool: pool, + generateSecret: true, + enablePropagateAdditionalUserContextData: true, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::Cognito::UserPoolClient', { + EnablePropagateAdditionalUserContextData: true, + }); + }); + + test('enablePropagateAdditionalUserContextData in addClient without a client secret throw error', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'Pool'); + + // WHEN + expect(() => pool.addClient('Client', { + enablePropagateAdditionalUserContextData: true, + }), + ).toThrow('Cannot activate enablePropagateAdditionalUserContextData in an app client without a client secret.'); + }); + + test('enablePropagateAdditionalUserContextData in UserPoolClient without a client secret throw error', () => { + // GIVEN + const stack = new Stack(); + const pool = new UserPool(stack, 'Pool'); + + // WHEN + expect(() => new UserPoolClient(stack, 'Client', { + userPool: pool, + enablePropagateAdditionalUserContextData: true, + }), + ).toThrow('Cannot activate enablePropagateAdditionalUserContextData in an app client without a client secret.'); + }); });