Added Defaults to Cognito OAuth Token Lifespan

.changelog/34362.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_cognito_user_pool_client: Added default values to access_token_validity, id_token_validity, and refresh_token_validity
+```

internal/service/cognitoidp/user_pool_client.go

@@ -23,6 +23,7 @@ import (
 	"github.com/hashicorp/terraform-plugin-framework/resource"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
+	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64default"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/int64planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
 	"github.com/hashicorp/terraform-plugin-framework/resource/schema/setplanmodifier"
@@ -39,6 +40,12 @@ import (
 	"github.com/hashicorp/terraform-provider-aws/names"
 )
 
+const (
+	accessTokenValidityDefaultValue  = 1
+	idTokenValidityDefaultValue      = 1
+	refreshTokenValidityDefaultValue = 30
+)
+
 // @FrameworkResource
 func newResourceUserPoolClient(_ context.Context) (resource.ResourceWithConfigure, error) {
 	r := &resourceUserPoolClient{}
@@ -62,6 +69,7 @@ func (r *resourceUserPoolClient) Schema(ctx context.Context, request resource.Sc
 			"access_token_validity": schema.Int64Attribute{
 				Optional: true,
 				Computed: true,
+				Default:  int64default.StaticInt64(accessTokenValidityDefaultValue),
 				PlanModifiers: []planmodifier.Int64{
 					int64planmodifier.UseStateForUnknown(),
 				},
@@ -174,6 +182,7 @@ func (r *resourceUserPoolClient) Schema(ctx context.Context, request resource.Sc
 			"id_token_validity": schema.Int64Attribute{
 				Optional: true,
 				Computed: true,
+				Default:  int64default.StaticInt64(idTokenValidityDefaultValue),
 				PlanModifiers: []planmodifier.Int64{
 					int64planmodifier.UseStateForUnknown(),
 				},
@@ -217,6 +226,7 @@ func (r *resourceUserPoolClient) Schema(ctx context.Context, request resource.Sc
 			"refresh_token_validity": schema.Int64Attribute{
 				Optional: true,
 				Computed: true,
+				Default:  int64default.StaticInt64(refreshTokenValidityDefaultValue),
 				PlanModifiers: []planmodifier.Int64{
 					int64planmodifier.UseStateForUnknown(),
 				},

internal/service/cognitoidp/user_pool_client_test.go

@@ -38,7 +38,7 @@ func TestAccCognitoIDPUserPoolClient_basic(t *testing.T) {
 				Check: resource.ComposeAggregateTestCheckFunc(
 					testAccCheckUserPoolClientExists(ctx, resourceName, &client),
 					resource.TestCheckResourceAttr(resourceName, "name", rName),
-					resource.TestCheckResourceAttr(resourceName, "access_token_validity", "0"),
+					resource.TestCheckResourceAttr(resourceName, "access_token_validity", "1"),
 					resource.TestCheckResourceAttr(resourceName, "allowed_oauth_flows.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "allowed_oauth_flows_user_pool_client", "false"),
 					resource.TestCheckResourceAttr(resourceName, "allowed_oauth_scopes.#", "0"),
@@ -52,7 +52,7 @@ func TestAccCognitoIDPUserPoolClient_basic(t *testing.T) {
 					resource.TestCheckResourceAttr(resourceName, "explicit_auth_flows.#", "1"),
 					resource.TestCheckTypeSetElemAttr(resourceName, "explicit_auth_flows.*", "ADMIN_NO_SRP_AUTH"),
 					resource.TestCheckNoResourceAttr(resourceName, "generate_secret"),
-					resource.TestCheckResourceAttr(resourceName, "id_token_validity", "0"),
+					resource.TestCheckResourceAttr(resourceName, "id_token_validity", "1"),
 					resource.TestCheckResourceAttr(resourceName, "logout_urls.#", "0"),
 					resource.TestCheckResourceAttr(resourceName, "prevent_user_existence_errors", ""),
 					resource.TestCheckResourceAttr(resourceName, "read_attributes.#", "0"),