Select your cookie preferences

We use cookies and similar tools to enhance your experience, provide our services, deliver relevant advertising, and make improvements. Approved third parties also use these tools to help us deliver advertising and provide certain site features.

Table Of Contents

  1. Docs
  2. Available services
  3. CognitoIdentityProvider
  4. create_identity_provider

create_identity_provider

create_identity_provider(**kwargs)

Creates an IdP for a user pool.

See also: AWS API Documentation

Request Syntax

response = client.create_identity_provider(
    UserPoolId='string',
    ProviderName='string',
    ProviderType='SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
    ProviderDetails={
        'string': 'string'
    },
    AttributeMapping={
        'string': 'string'
    },
    IdpIdentifiers=[
        'string',
    ]
)
Parameters
  • UserPoolId (string) --

    [REQUIRED]

    The user pool ID.

  • ProviderName (string) --

    [REQUIRED]

    The IdP name.

  • ProviderType (string) --

    [REQUIRED]

    The IdP type.

  • ProviderDetails (dict) --

    [REQUIRED]

    The IdP details. The following list describes the provider detail keys for each IdP type.

    • For Google and Login with Amazon:
      • client_id
      • client_secret
      • authorize_scopes
    • For Facebook:
      • client_id
      • client_secret
      • authorize_scopes
      • api_version
    • For Sign in with Apple:
      • client_id
      • team_id
      • key_id
      • private_key
      • authorize_scopes
    • For OpenID Connect (OIDC) providers:
      • client_id
      • client_secret
      • attributes_request_method
      • oidc_issuer
      • authorize_scopes
      • The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
        • authorize_url
        • token_url
        • attributes_url
        • jwks_uri
      • Amazon Cognito sets the value of the following keys automatically. They are read-only.
        • attributes_url_add_attributes
    • For SAML providers:
      • MetadataFile or MetadataURL
      • IDPSignout optional
    • (string) --
      • (string) --
  • AttributeMapping (dict) --

    A mapping of IdP attributes to standard and custom user pool attributes.

    • (string) --
      • (string) --
  • IdpIdentifiers (list) --

    A list of IdP identifiers.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'IdentityProvider': {
        'UserPoolId': 'string',
        'ProviderName': 'string',
        'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
        'ProviderDetails': {
            'string': 'string'
        },
        'AttributeMapping': {
            'string': 'string'
        },
        'IdpIdentifiers': [
            'string',
        ],
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • IdentityProvider (dict) --

      The newly created IdP object.

      • UserPoolId (string) --

        The user pool ID.

      • ProviderName (string) --

        The IdP name.

      • ProviderType (string) --

        The IdP type.

      • ProviderDetails (dict) --

        The IdP details. The following list describes the provider detail keys for each IdP type.

        • For Google and Login with Amazon:
          • client_id
          • client_secret
          • authorize_scopes
        • For Facebook:
          • client_id
          • client_secret
          • authorize_scopes
          • api_version
        • For Sign in with Apple:
          • client_id
          • team_id
          • key_id
          • private_key You can submit a private_key when you add or update an IdP. Describe operations don't return the private key.
          • authorize_scopes
        • For OIDC providers:
          • client_id
          • client_secret
          • attributes_request_method
          • oidc_issuer
          • authorize_scopes
          • The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
            • authorize_url
            • token_url
            • attributes_url
            • jwks_uri
          • Amazon Cognito sets the value of the following keys automatically. They are read-only.
            • attributes_url_add_attributes
        • For SAML providers:
          • MetadataFile or MetadataURL
          • IDPSignout optional
        • (string) --
          • (string) --

      • AttributeMapping (dict) --

        A mapping of IdP attributes to standard and custom user pool attributes.

        • (string) --
          • (string) --

      • IdpIdentifiers (list) --

        A list of IdP identifiers.

        • (string) --

      • LastModifiedDate (datetime) --

        The date the IdP was last modified.

      • CreationDate (datetime) --

        The date the IdP was created.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException
  • CognitoIdentityProvider.Client.exceptions.DuplicateProviderException
  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
  • CognitoIdentityProvider.Client.exceptions.LimitExceededException
  • CognitoIdentityProvider.Client.exceptions.InternalErrorException
create_group
create_resource_server
Privacy | Site Terms | Cookie preferences | © Copyright 2023, Amazon Web Services, Inc. Created using Sphinx.