create_backend_auth

create_backend_auth(**kwargs)

Creates a new backend authentication resource.

See also: AWS API Documentation

Request Syntax

response = client.create_backend_auth(
    AppId='string',
    BackendEnvironmentName='string',
    ResourceConfig={
        'AuthResources': 'USER_POOL_ONLY'|'IDENTITY_POOL_AND_USER_POOL',
        'IdentityPoolConfigs': {
            'IdentityPoolName': 'string',
            'UnauthenticatedLogin': True|False
        },
        'Service': 'COGNITO',
        'UserPoolConfigs': {
            'ForgotPassword': {
                'DeliveryMethod': 'EMAIL'|'SMS',
                'EmailSettings': {
                    'EmailMessage': 'string',
                    'EmailSubject': 'string'
                },
                'SmsSettings': {
                    'SmsMessage': 'string'
                }
            },
            'Mfa': {
                'MFAMode': 'ON'|'OFF'|'OPTIONAL',
                'Settings': {
                    'MfaTypes': [
                        'SMS'|'TOTP',
                    ],
                    'SmsMessage': 'string'
                }
            },
            'OAuth': {
                'DomainPrefix': 'string',
                'OAuthGrantType': 'CODE'|'IMPLICIT',
                'OAuthScopes': [
                    'PHONE'|'EMAIL'|'OPENID'|'PROFILE'|'AWS_COGNITO_SIGNIN_USER_ADMIN',
                ],
                'RedirectSignInURIs': [
                    'string',
                ],
                'RedirectSignOutURIs': [
                    'string',
                ],
                'SocialProviderSettings': {
                    'Facebook': {
                        'ClientId': 'string',
                        'ClientSecret': 'string'
                    },
                    'Google': {
                        'ClientId': 'string',
                        'ClientSecret': 'string'
                    },
                    'LoginWithAmazon': {
                        'ClientId': 'string',
                        'ClientSecret': 'string'
                    },
                    'SignInWithApple': {
                        'ClientId': 'string',
                        'KeyId': 'string',
                        'PrivateKey': 'string',
                        'TeamId': 'string'
                    }
                }
            },
            'PasswordPolicy': {
                'AdditionalConstraints': [
                    'REQUIRE_DIGIT'|'REQUIRE_LOWERCASE'|'REQUIRE_SYMBOL'|'REQUIRE_UPPERCASE',
                ],
                'MinimumLength': 123.0
            },
            'RequiredSignUpAttributes': [
                'ADDRESS'|'BIRTHDATE'|'EMAIL'|'FAMILY_NAME'|'GENDER'|'GIVEN_NAME'|'LOCALE'|'MIDDLE_NAME'|'NAME'|'NICKNAME'|'PHONE_NUMBER'|'PICTURE'|'PREFERRED_USERNAME'|'PROFILE'|'UPDATED_AT'|'WEBSITE'|'ZONE_INFO',
            ],
            'SignInMethod': 'EMAIL'|'EMAIL_AND_PHONE_NUMBER'|'PHONE_NUMBER'|'USERNAME',
            'UserPoolName': 'string',
            'VerificationMessage': {
                'DeliveryMethod': 'EMAIL'|'SMS',
                'EmailSettings': {
                    'EmailMessage': 'string',
                    'EmailSubject': 'string'
                },
                'SmsSettings': {
                    'SmsMessage': 'string'
                }
            }
        }
    },
    ResourceName='string'
)
Parameters
  • AppId (string) --

    [REQUIRED]

    The app ID.

  • BackendEnvironmentName (string) --

    [REQUIRED]

    The name of the backend environment.

  • ResourceConfig (dict) --

    [REQUIRED]

    The resource configuration for this request object.

    • AuthResources (string) -- [REQUIRED]

      Defines whether you want to configure only authentication or both authentication and authorization settings.

    • IdentityPoolConfigs (dict) --

      Describes the authorization configuration for the Amazon Cognito identity pool, provisioned as a part of your auth resource in the Amplify project.

      • IdentityPoolName (string) -- [REQUIRED]

        Name of the Amazon Cognito identity pool used for authorization.

      • UnauthenticatedLogin (boolean) -- [REQUIRED]

        Set to true or false based on whether you want to enable guest authorization to your Amplify app.

    • Service (string) -- [REQUIRED]

      Defines the service name to use when configuring an authentication resource in your Amplify project.

    • UserPoolConfigs (dict) -- [REQUIRED]

      Describes authentication configuration for the Amazon Cognito user pool, provisioned as a part of your auth resource in the Amplify project.

      • ForgotPassword (dict) --

        (DEPRECATED) Describes the forgotten password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.

        • DeliveryMethod (string) -- [REQUIRED]

          (DEPRECATED) Describes which mode to use (either SMS or email) to deliver messages to app users who want to recover their password.

        • EmailSettings (dict) --

          (DEPRECATED) The configuration for the email sent when an app user forgets their password.

          • EmailMessage (string) --

            The contents of the email message.

          • EmailSubject (string) --

            The contents of the subject line of the email message.

        • SmsSettings (dict) --

          (DEPRECATED) The configuration for the SMS message sent when an app user forgets their password.

          • SmsMessage (string) --

            The contents of the SMS message.

      • Mfa (dict) --

        Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.

        • MFAMode (string) -- [REQUIRED]

          Describes whether MFA should be [ON, OFF, or OPTIONAL] for authentication in your Amplify project.

        • Settings (dict) --

          Describes the configuration settings and methods for your Amplify app users to use MFA.

          • MfaTypes (list) --

            The supported MFA types.

            • (string) --
          • SmsMessage (string) --

            The body of the SMS message.

      • OAuth (dict) --

        Describes the OAuth policy and rules for your Amazon Cognito user pool, configured as a part of your Amplify project.

        • DomainPrefix (string) --

          The domain prefix for your Amplify app.

        • OAuthGrantType (string) -- [REQUIRED]

          The OAuth grant type that you use to allow app users to authenticate from your Amplify app.

        • OAuthScopes (list) -- [REQUIRED]

          List of OAuth-related flows used to allow your app users to authenticate from your Amplify app.

          • (string) --
        • RedirectSignInURIs (list) -- [REQUIRED]

          The redirected URI for signing in to your Amplify app.

          • (string) --
        • RedirectSignOutURIs (list) -- [REQUIRED]

          Redirect URLs that OAuth uses when a user signs out of an Amplify app.

          • (string) --
        • SocialProviderSettings (dict) --

          The settings for using social providers to access your Amplify app.

          • Facebook (dict) --

            Describes third-party social federation configurations for allowing your app users to sign in using OAuth.

            • ClientId (string) --

              Describes the client_id, which can be obtained from the third-party social federation provider.

            • ClientSecret (string) --

              Describes the client_secret, which can be obtained from third-party social federation providers.

          • Google (dict) --

            Describes third-party social federation configurations for allowing your app users to sign in using OAuth.

            • ClientId (string) --

              Describes the client_id, which can be obtained from the third-party social federation provider.

            • ClientSecret (string) --

              Describes the client_secret, which can be obtained from third-party social federation providers.

          • LoginWithAmazon (dict) --

            Describes third-party social federation configurations for allowing your app users to sign in using OAuth.

            • ClientId (string) --

              Describes the client_id, which can be obtained from the third-party social federation provider.

            • ClientSecret (string) --

              Describes the client_secret, which can be obtained from third-party social federation providers.

          • SignInWithApple (dict) --

            Describes Apple social federation configurations for allowing your app users to sign in using OAuth.

            • ClientId (string) --

              Describes the client_id (also called Services ID) that comes from Apple.

            • KeyId (string) --

              Describes the key_id that comes from Apple.

            • PrivateKey (string) --

              Describes the private_key that comes from Apple.

            • TeamId (string) --

              Describes the team_id that comes from Apple.

      • PasswordPolicy (dict) --

        Describes the password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.

        • AdditionalConstraints (list) --

          Additional constraints for the password used to access the backend of your Amplify project.

          • (string) --
        • MinimumLength (float) -- [REQUIRED]

          The minimum length of the password used to access the backend of your Amplify project.

      • RequiredSignUpAttributes (list) -- [REQUIRED]

        The required attributes to sign up new users in the user pool.

        • (string) --
      • SignInMethod (string) -- [REQUIRED]

        Describes the sign-in methods that your Amplify app users use to log in using the Amazon Cognito user pool, configured as a part of your Amplify project.

      • UserPoolName (string) -- [REQUIRED]

        The Amazon Cognito user pool name.

      • VerificationMessage (dict) --

        Describes the email or SMS verification message for your Amazon Cognito user pool, configured as a part of your Amplify project.

        • DeliveryMethod (string) -- [REQUIRED]

          The type of verification message to send.

        • EmailSettings (dict) --

          The settings for the email message.

          • EmailMessage (string) --

            The contents of the email message.

          • EmailSubject (string) --

            The contents of the subject line of the email message.

        • SmsSettings (dict) --

          The settings for the SMS message.

          • SmsMessage (string) --

            The contents of the SMS message.

  • ResourceName (string) --

    [REQUIRED]

    The name of this resource.

Return type

dict

Returns

Response Syntax

{
    'AppId': 'string',
    'BackendEnvironmentName': 'string',
    'Error': 'string',
    'JobId': 'string',
    'Operation': 'string',
    'Status': 'string'
}

Response Structure

  • (dict) --

    200 response

    • AppId (string) --

      The app ID.

    • BackendEnvironmentName (string) --

      The name of the backend environment.

    • Error (string) --

      If the request fails, this error is returned.

    • JobId (string) --

      The ID for the job.

    • Operation (string) --

      The name of the operation.

    • Status (string) --

      The current status of the request.

Exceptions

  • AmplifyBackend.Client.exceptions.NotFoundException
  • AmplifyBackend.Client.exceptions.GatewayTimeoutException
  • AmplifyBackend.Client.exceptions.TooManyRequestsException
  • AmplifyBackend.Client.exceptions.BadRequestException