CDK Cognito Secret

This project provides an AWS CDK construct that exports an AWS Cognito client secret to a Secrets Manager secret.

Usage

// Create your user pool client
const userPoolClient = new cognito.UserPoolClient(scope, 'UserPoolClient', {
  userPool,
  // Ensure that you generate a user pool client secret
  generateSecret: true,
});

// Create the Secrets Manager secret in which to store the client secret.
const secret = new secretsmanager.Secret(scope, 'Secret');

// Create the UserPoolClientSecret to fill the secret with the client credentials.
new UserPoolClientSecret(scope, 'UserPoolClientSecret', {
  // Fetches the client secret from the given user pool client
  userPool,
  userPoolClient,
  // Stores the client secret here
  secret,
});

This will produce a JSON secret value like this one:

{
  "issuer": "https://cognito-idp.REGION.amazonaws.com/USER_POOL_ID",
  "clientId": "1234567890abcdefghijklmnop",
  "clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

You can use the issuer's .well-known/openid-discovery sub-path to get auth and token endpoints as well as the JWKS.

Name		Name	Last commit message	Last commit date
Latest commit History 60 Commits
.github		.github
.projen		.projen
images		images
src		src
test		test
.eslintrc.json		.eslintrc.json
.gitattributes		.gitattributes
.gitignore		.gitignore
.mergify.yml		.mergify.yml
.npmignore		.npmignore
.projenrc.js		.projenrc.js
API.md		API.md
LICENSE		LICENSE
README.md		README.md
cdk.json		cdk.json
package.json		package.json
tsconfig.dev.json		tsconfig.dev.json
yarn.lock		yarn.lock

License

rayova/cdk-cognito-secret

Folders and files

Latest commit

History

Repository files navigation

CDK Cognito Secret

Usage

About

Resources

License

Stars

Watchers

Forks

Languages