-
Notifications
You must be signed in to change notification settings - Fork 3.9k
/
google.ts
69 lines (62 loc) · 2.62 KB
/
google.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import { Construct } from 'constructs';
import { UserPoolIdentityProviderProps } from './base';
import { UserPoolIdentityProviderBase } from './private/user-pool-idp-base';
import { SecretValue } from '../../../core';
import { CfnUserPoolIdentityProvider } from '../cognito.generated';
/**
* Properties to initialize UserPoolGoogleIdentityProvider
*/
export interface UserPoolIdentityProviderGoogleProps extends UserPoolIdentityProviderProps {
/**
* The client id recognized by Google APIs.
* @see https://developers.google.com/identity/sign-in/web/sign-in#specify_your_apps_client_id
*/
readonly clientId: string;
/**
* The client secret to be accompanied with clientId for Google APIs to authenticate the client.
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default none
* @deprecated use clientSecretValue instead
*/
readonly clientSecret?: string;
/**
* The client secret to be accompanied with clientId for Google APIs to authenticate the client as SecretValue
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default none
*/
readonly clientSecretValue?: SecretValue;
/**
* The list of Google permissions to obtain for getting access to the Google profile
* @see https://developers.google.com/identity/sign-in/web/sign-in
* @default [ profile ]
*/
readonly scopes?: string[];
}
/**
* Represents an identity provider that integrates with Google
* @resource AWS::Cognito::UserPoolIdentityProvider
*/
export class UserPoolIdentityProviderGoogle extends UserPoolIdentityProviderBase {
public readonly providerName: string;
constructor(scope: Construct, id: string, props: UserPoolIdentityProviderGoogleProps) {
super(scope, id, props);
const scopes = props.scopes ?? ['profile'];
//at least one of the properties must be configured
if ((!props.clientSecret && !props.clientSecretValue) ||
(props.clientSecret && props.clientSecretValue)) {
throw new Error('Exactly one of "clientSecret" or "clientSecretValue" must be configured.');
}
const resource = new CfnUserPoolIdentityProvider(this, 'Resource', {
userPoolId: props.userPool.userPoolId,
providerName: 'Google', // must be 'Google' when the type is 'Google'
providerType: 'Google',
providerDetails: {
client_id: props.clientId,
client_secret: props.clientSecretValue ? props.clientSecretValue.unsafeUnwrap() : props.clientSecret,
authorize_scopes: scopes.join(' '),
},
attributeMapping: super.configureAttributeMapping(),
});
this.providerName = super.getResourceNameAttribute(resource.ref);
}
}