@rayova/cdk-cognito-secret
v0.1.6
Published
Export Cognito client secrets to Secrets Manager
Downloads
110
Readme
CDK Cognito Secret
This project provides an AWS CDK construct that exports an AWS Cognito client secret to a Secrets Manager secret.
Usage
// Create your user pool client
const userPoolClient = new cognito.UserPoolClient(scope, 'UserPoolClient', {
userPool,
// Ensure that you generate a user pool client secret
generateSecret: true,
});
// Create the Secrets Manager secret in which to store the client secret.
const secret = new secretsmanager.Secret(scope, 'Secret');
// Create the UserPoolClientSecret to fill the secret with the client credentials.
new UserPoolClientSecret(scope, 'UserPoolClientSecret', {
// Fetches the client secret from the given user pool client
userPool,
userPoolClient,
// Stores the client secret here
secret,
});
This will produce a JSON secret value like this one:
{
"issuer": "https://cognito-idp.REGION.amazonaws.com/USER_POOL_ID",
"clientId": "1234567890abcdefghijklmnop",
"clientSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
You can use the issuer's
.well-known/openid-discovery
sub-path to get auth and token endpoints as well as the JWKS.