Skip to content
/ cdk-cognito-secret Public

Export your AWS Cognito client secrets to a Secrets Manager secrets.

License

Apache-2.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

rayova/cdk-cognito-secret

BranchesTags

Repository files navigation

Rayova A Fintech Corporation

CDK Cognito Secret

This project provides an AWS CDK construct that exports an AWS Cognito client secret to a Secrets Manager secret.

Usage

// Create your user pool client
const userPoolClient = new cognito.UserPoolClient(scope, 'UserPoolClient', {
  userPool,
  // Ensure that you generate a user pool client secret
  generateSecret: true,
});

// Create the Secrets Manager secret in which to store the client secret.
const secret = new secretsmanager.Secret(scope, 'Secret');

// Create the UserPoolClientSecret to fill the secret with the client credentials.
new UserPoolClientSecret(scope, 'UserPoolClientSecret', {
  // Fetches the client secret from the given user pool client
  userPool,
  userPoolClient,
  // Stores the client secret here
  secret,
});

This will produce a JSON secret value like this one:

{
  "issuer": "https://cognito-idp.REGION.amazonaws.com/USER_POOL_ID",
  "clientId": "1234567890abcdefghijklmnop",
  "clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

You can use the issuer's .well-known/openid-discovery sub-path to get auth and token endpoints as well as the JWKS.

About

Export your AWS Cognito client secrets to a Secrets Manager secrets.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 56

v0.1.6 Latest
Feb 3, 2022
+ 55 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages