CognitoIdentityProvider / Client / create_identity_provider
create_identity_provider#
- CognitoIdentityProvider.Client.create_identity_provider(**kwargs)#
Creates an IdP for a user pool.
See also: AWS API Documentation
Request Syntax
response = client.create_identity_provider( UserPoolId='string', ProviderName='string', ProviderType='SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC', ProviderDetails={ 'string': 'string' }, AttributeMapping={ 'string': 'string' }, IdpIdentifiers=[ 'string', ] )
- Parameters:
UserPoolId (string) –
[REQUIRED]
The user pool ID.
ProviderName (string) –
[REQUIRED]
The IdP name.
ProviderType (string) –
[REQUIRED]
The IdP type.
ProviderDetails (dict) –
[REQUIRED]
The IdP details. The following list describes the provider detail keys for each IdP type.
For Google and Login with Amazon:
client_id
client_secret
authorize_scopes
For Facebook:
client_id
client_secret
authorize_scopes
api_version
For Sign in with Apple:
client_id
team_id
key_id
private_key
authorize_scopes
For OpenID Connect (OIDC) providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
The following keys are only present if Amazon Cognito didn’t discover them at the
oidc_issuer
URL.authorize_url
token_url
attributes_url
jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
attributes_url_add_attributes
For SAML providers:
MetadataFile or MetadataURL
IDPSignout optional
(string) –
(string) –
AttributeMapping (dict) –
A mapping of IdP attributes to standard and custom user pool attributes.
(string) –
(string) –
IdpIdentifiers (list) –
A list of IdP identifiers.
(string) –
- Return type:
dict
- Returns:
Response Syntax
{ 'IdentityProvider': { 'UserPoolId': 'string', 'ProviderName': 'string', 'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC', 'ProviderDetails': { 'string': 'string' }, 'AttributeMapping': { 'string': 'string' }, 'IdpIdentifiers': [ 'string', ], 'LastModifiedDate': datetime(2015, 1, 1), 'CreationDate': datetime(2015, 1, 1) } }
Response Structure
(dict) –
IdentityProvider (dict) –
The newly created IdP object.
UserPoolId (string) –
The user pool ID.
ProviderName (string) –
The IdP name.
ProviderType (string) –
The IdP type.
ProviderDetails (dict) –
The IdP details. The following list describes the provider detail keys for each IdP type.
For Google and Login with Amazon:
client_id
client_secret
authorize_scopes
For Facebook:
client_id
client_secret
authorize_scopes
api_version
For Sign in with Apple:
client_id
team_id
key_id
private_key You can submit a private_key when you add or update an IdP. Describe operations don’t return the private key.
authorize_scopes
For OIDC providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
The following keys are only present if Amazon Cognito didn’t discover them at the
oidc_issuer
URL.authorize_url
token_url
attributes_url
jwks_uri
Amazon Cognito sets the value of the following keys automatically. They are read-only.
attributes_url_add_attributes
For SAML providers:
MetadataFile or MetadataURL
IDPSignout optional
(string) –
(string) –
AttributeMapping (dict) –
A mapping of IdP attributes to standard and custom user pool attributes.
(string) –
(string) –
IdpIdentifiers (list) –
A list of IdP identifiers.
(string) –
LastModifiedDate (datetime) –
The date the IdP was last modified.
CreationDate (datetime) –
The date the IdP was created.
Exceptions
CognitoIdentityProvider.Client.exceptions.InvalidParameterException
CognitoIdentityProvider.Client.exceptions.DuplicateProviderException
CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
CognitoIdentityProvider.Client.exceptions.LimitExceededException
CognitoIdentityProvider.Client.exceptions.InternalErrorException