List of allowed redirect URLs for the identity providers.
OptionaldomainYou must provide a unique domain prefix for the Hosted UI that Cognito will use for external login providers. If you do not provide a domain prefix, it will not be configured, and some external login flows will not work.
NOTE: If you need to update this in the future, you must first unset it, then deploy the change to remove the domain from the UserPool. After the domain has been removed, you can then provide a new value, and perform another deployment.
OptionalfacebookFacebook OAuth Settings
OptionalgoogleGoogle OAuth Settings
OptionalloginLoginWithAmazon Settings
List of allowed logout URLs for the identity providers.
OptionaloidcOIDC Settings
OptionalsamlSAML Settings
OptionalscopesOAuth scopes that will be allowed with the app client.
['PROFILE']
For details about each scope, see below.
'PHONE' - Grants access to the 'phone_number' and 'phone_number_verified' claims.
Automatically includes access to `OAuthScope.OPENID`.
'EMAIL' - Grants access to the 'email' and 'email_verified' claims.
Automatically includes access to `OAuthScope.OPENID`.
'OPENID' - Returns all user attributes in the ID token that are readable by the client
'PROFILE' - Grants access to all user attributes that are readable by the client
Automatically includes access to `OAuthScope.OPENID`.
'COGNITO_ADMIN' - Grants access to Amazon Cognito User Pool API operations that require access tokens,
such as UpdateUserAttributes and VerifyUserAttribute.
OptionalsignSignInWithApple Settings
External provider options.