CognitoIdentityProvider / Client / create_identity_provider

create_identity_provider#

CognitoIdentityProvider.Client.create_identity_provider(**kwargs)#

Creates an IdP for a user pool.

Note

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

See also: AWS API Documentation

Request Syntax

response = client.create_identity_provider(
    UserPoolId='string',
    ProviderName='string',
    ProviderType='SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
    ProviderDetails={
        'string': 'string'
    },
    AttributeMapping={
        'string': 'string'
    },
    IdpIdentifiers=[
        'string',
    ]
)
Parameters:

  • UserPoolId (string) –

    [REQUIRED]

    The user pool ID.

  • ProviderName (string) –

    [REQUIRED]

    The IdP name.

  • ProviderType (string) –

    [REQUIRED]

    The IdP type.

  • ProviderDetails (dict) –

    [REQUIRED]

    The IdP details. The following list describes the provider detail keys for each IdP type.

    • For Google and Login with Amazon:

      • client_id

      • client_secret

      • authorize_scopes

    • For Facebook:

      • client_id

      • client_secret

      • authorize_scopes

      • api_version

    • For Sign in with Apple:

      • client_id

      • team_id

      • key_id

      • private_key

      • authorize_scopes

    • For OpenID Connect (OIDC) providers:

      • client_id

      • client_secret

      • attributes_request_method

      • oidc_issuer

      • authorize_scopes

      • The following keys are only present if Amazon Cognito didn’t discover them at the oidc_issuer URL.

        • authorize_url

        • token_url

        • attributes_url

        • jwks_uri

      • Amazon Cognito sets the value of the following keys automatically. They are read-only.

        • attributes_url_add_attributes

    • For SAML providers:

      • MetadataFile or MetadataURL

      • IDPSignout optional

    • (string) –

      • (string) –

  • AttributeMapping (dict) –

    A mapping of IdP attributes to standard and custom user pool attributes.

    • (string) –

      • (string) –

  • IdpIdentifiers (list) –

    A list of IdP identifiers.

    • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'IdentityProvider': {
        'UserPoolId': 'string',
        'ProviderName': 'string',
        'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC',
        'ProviderDetails': {
            'string': 'string'
        },
        'AttributeMapping': {
            'string': 'string'
        },
        'IdpIdentifiers': [
            'string',
        ],
        'LastModifiedDate': datetime(2015, 1, 1),
        'CreationDate': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • IdentityProvider (dict) –

      The newly created IdP object.

      • UserPoolId (string) –

        The user pool ID.

      • ProviderName (string) –

        The IdP name.

      • ProviderType (string) –

        The IdP type.

      • ProviderDetails (dict) –

        The IdP details. The following list describes the provider detail keys for each IdP type.

        • For Google and Login with Amazon:

          • client_id

          • client_secret

          • authorize_scopes

        • For Facebook:

          • client_id

          • client_secret

          • authorize_scopes

          • api_version

        • For Sign in with Apple:

          • client_id

          • team_id

          • key_id

          • private_key You can submit a private_key when you add or update an IdP. Describe operations don’t return the private key.

          • authorize_scopes

        • For OIDC providers:

          • client_id

          • client_secret

          • attributes_request_method

          • oidc_issuer

          • authorize_scopes

          • The following keys are only present if Amazon Cognito didn’t discover them at the oidc_issuer URL.

            • authorize_url

            • token_url

            • attributes_url

            • jwks_uri

          • Amazon Cognito sets the value of the following keys automatically. They are read-only.

            • attributes_url_add_attributes

        • For SAML providers:

          • MetadataFile or MetadataURL

          • IDPSignout optional

        • (string) –

          • (string) –

      • AttributeMapping (dict) –

        A mapping of IdP attributes to standard and custom user pool attributes.

        • (string) –

          • (string) –

      • IdpIdentifiers (list) –

        A list of IdP identifiers.

        • (string) –

      • LastModifiedDate (datetime) –

        The date and time, in ISO 8601 format, when the item was modified.

      • CreationDate (datetime) –

        The date and time, in ISO 8601 format, when the item was created.

Exceptions

  • CognitoIdentityProvider.Client.exceptions.InvalidParameterException

  • CognitoIdentityProvider.Client.exceptions.DuplicateProviderException

  • CognitoIdentityProvider.Client.exceptions.ResourceNotFoundException

  • CognitoIdentityProvider.Client.exceptions.NotAuthorizedException

  • CognitoIdentityProvider.Client.exceptions.TooManyRequestsException

  • CognitoIdentityProvider.Client.exceptions.LimitExceededException

  • CognitoIdentityProvider.Client.exceptions.InternalErrorException