Table Of Contents

  1. Docs
  2. Available services
  3. CognitoIdentityProvider
  4. create_identity_provider

create_identity_provider

create_identity_provider(**kwargs)

Creates an IdP for a user pool.

See also: AWS API Documentation

Request Syntax

response = client.create_identity_provider(
    UserPoolId='string',
    ProviderName='string',
    ProviderType='SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
    ProviderDetails={
        'string': 'string'
    },
    AttributeMapping={
        'string': 'string'
    },
    IdpIdentifiers=[
        'string',
    ]
)
Parameters
  • UserPoolId (string) --

    [REQUIRED]

    The user pool ID.

  • ProviderName (string) --

    [REQUIRED]

    The IdP name.

  • ProviderType (string) --

    [REQUIRED]

    The IdP type.

  • ProviderDetails (dict) --

    [REQUIRED]

    The IdP details. The following list describes the provider detail keys for each IdP type.

    • For Google and Login with Amazon:
      • client_id
      • client_secret
      • authorize_scopes
    • For Facebook:
      • client_id
      • client_secret
      • authorize_scopes
      • api_version
    • For Sign in with Apple:
      • client_id
      • team_id
      • key_id
      • private_key
      • authorize_scopes
    • For OpenID Connect (OIDC) providers:
      • client_id
      • client_secret
      • attributes_request_method
      • oidc_issuer
      • authorize_scopes
      • The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
        • authorize_url
        • token_url
        • attributes_url
        • jwks_uri
      • Amazon Cognito sets the value of the following keys automatically. They are read-only.
        • attributes_url_add_attributes
    • For SAML providers:
      • MetadataFile or MetadataURL
      • IDPSignout optional
    • (string) --
      • (string) --
  • AttributeMapping (dict) --

    A mapping of IdP attributes to standard and custom user pool attributes.

    • (string) --
      • (string) --
  • IdpIdentifiers (list) --

    A list of IdP identifiers.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'IdentityProvider': {
        'UserPoolId': 'string',
        'ProviderName': 'string',
        'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
        'ProviderDetails': {
            'string': 'string'
        },
        'AttributeMapping': {
            'string': 'string'
        },
        'IdpIdentifiers': [
            'string',
        ],
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • IdentityProvider (dict) --

      The newly created IdP object.

      • UserPoolId (string) --

        The user pool ID.

      • ProviderName (string) --

        The IdP name.

      • ProviderType (string) --

        The IdP type.

      • ProviderDetails (dict) --

        The IdP details. The following list describes the provider detail keys for each IdP type.

        • For Google and Login with Amazon:
          • client_id
          • client_secret
          • authorize_scopes
        • For Facebook:
          • client_id
          • client_secret
          • authorize_scopes
          • api_version
        • For Sign in with Apple:
          • client_id
          • team_id
          • key_id
          • private_key You can submit a private_key when you add or update an IdP. Describe operations don't return the private key.
          • authorize_scopes
        • For OIDC providers:
          • client_id
          • client_secret
          • attributes_request_method
          • oidc_issuer
          • authorize_scopes
          • The following keys are only present if Amazon Cognito didn't discover them at the oidc_issuer URL.
            • authorize_url
            • token_url
            • attributes_url
            • jwks_uri
          • Amazon Cognito sets the value of the following keys automatically. They are read-only.
            • attributes_url_add_attributes
        • For SAML providers:
          • MetadataFile or MetadataURL
          • IDPSignout optional
        • (string) --
          • (string) --

      • AttributeMapping (dict) --

        A mapping of IdP attributes to standard and custom user pool attributes.

        • (string) --
          • (string) --

      • IdpIdentifiers (list) --

        A list of IdP identifiers.

        • (string) --

      • LastModifiedDate (datetime) --

        The date the IdP was last modified.

      • CreationDate (datetime) --

        The date the IdP was created.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException
  • CognitoIdentityProvider.Client.exceptions.DuplicateProviderException
  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException
  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException
  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException
  • CognitoIdentityProvider.Client.exceptions.LimitExceededException
  • CognitoIdentityProvider.Client.exceptions.InternalErrorException
create_group
create_resource_server
Privacy | Site Terms | Cookie preferences | © Copyright 2023, Amazon Web Services, Inc. Created using Sphinx.