From 5de783504111b6a04dc8d1da7c67a30200f3e3e5 Mon Sep 17 00:00:00 2001 From: yasuaki640 Date: Fri, 18 Oct 2024 07:43:57 +0900 Subject: [PATCH] feat(cognito): support `emailVerified` for `AttributeMapping` interface (#31632) ### Issue #30467 Closes #30467 ### Reason for this change For custom OpenId providers, there is no way to automatically validate email upon sign-in. Therefore, we would like to add the `email_verified` attribute to attribute mapping, but it is not present in the member definition of `AttributeMapping` interface., so we have added it in this PR. ### Description of changes Added `emailVerified` attribute to `AttributeMapping` interface. ### Description of how you validated changes Added the `email_verified` assertion to both unit and integration tests. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../cdk.out | 2 +- .../integ-user-pool-idp-apple.assets.json | 6 +- .../integ-user-pool-idp-apple.template.json | 21 ++--- .../integ.json | 2 +- .../manifest.json | 18 +++-- .../tree.json | 79 +++++++++++-------- .../test/integ.user-pool-idp.apple.ts | 1 + .../cdk.out | 2 +- .../integ-user-pool-idp-google.assets.json | 6 +- .../integ-user-pool-idp-google.template.json | 1 + .../integ.json | 2 +- .../manifest.json | 5 +- .../tree.json | 1 + .../test/integ.user-pool-idp.google.ts | 1 + .../cdk.out | 2 +- .../integ-user-pool-idp-google.assets.json | 6 +- .../integ-user-pool-idp-google.template.json | 3 +- .../integ.json | 2 +- .../manifest.json | 5 +- .../tree.json | 3 +- .../test/integ.user-pool-idp.oidc.ts | 1 + packages/aws-cdk-lib/aws-cognito/README.md | 18 +++++ .../aws-cognito/lib/user-pool-idps/base.ts | 10 +++ .../test/user-pool-idps/apple.test.ts | 1 + .../test/user-pool-idps/google.test.ts | 1 + 25 files changed, 129 insertions(+), 70 deletions(-) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/cdk.out index 588d7b269d34f..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.assets.json index b6d9e5304fdcc..4ff567fa7392e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.assets.json @@ -1,7 +1,7 @@ { - "version": "20.0.0", + "version": "38.0.1", "files": { - "d435562230aa834a5fb53b4a894ffb5ef1c788cf50bcf38e5638c32afdd96619": { + "f3adbf3426efedfef748320d2b748e9fc0d285a04c6368f366c80422cc14e54c": { "source": { "path": "integ-user-pool-idp-apple.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "d435562230aa834a5fb53b4a894ffb5ef1c788cf50bcf38e5638c32afdd96619.json", + "objectKey": "f3adbf3426efedfef748320d2b748e9fc0d285a04c6368f366c80422cc14e54c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.template.json index e4b77810418ec..9713c418de234 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ-user-pool-idp-apple.template.json @@ -34,9 +34,6 @@ "poolclient2623294C": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { - "UserPoolId": { - "Ref": "pool056F3F7E" - }, "AllowedOAuthFlows": [ "implicit", "code" @@ -57,7 +54,10 @@ "Ref": "apple9B5408AC" }, "COGNITO" - ] + ], + "UserPoolId": { + "Ref": "pool056F3F7E" + } } }, "pooldomain430FA744": { @@ -72,14 +72,10 @@ "apple9B5408AC": { "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { - "ProviderName": "SignInWithApple", - "ProviderType": "SignInWithApple", - "UserPoolId": { - "Ref": "pool056F3F7E" - }, "AttributeMapping": { "family_name": "lastName", - "given_name": "firstName" + "given_name": "firstName", + "email_verified": "email_verified" }, "ProviderDetails": { "client_id": "com.amzn.cdk", @@ -87,6 +83,11 @@ "key_id": "CDKKEYCDK1", "private_key": "PRIV_KEY_CDK", "authorize_scopes": "email name" + }, + "ProviderName": "SignInWithApple", + "ProviderType": "SignInWithApple", + "UserPoolId": { + "Ref": "pool056F3F7E" } } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ.json index 8631ca23217b9..dbd9d4e97a76a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "20.0.0", + "version": "38.0.1", "testCases": { "integ.user-pool-idp.apple": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/manifest.json index 67d15c5698e65..9a1344dae0326 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/manifest.json @@ -1,12 +1,6 @@ { - "version": "20.0.0", + "version": "38.0.1", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, "integ-user-pool-idp-apple.assets": { "type": "cdk:asset-manifest", "properties": { @@ -20,10 +14,12 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-user-pool-idp-apple.template.json", + "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/d435562230aa834a5fb53b4a894ffb5ef1c788cf50bcf38e5638c32afdd96619.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f3adbf3426efedfef748320d2b748e9fc0d285a04c6368f366c80422cc14e54c.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -83,6 +79,12 @@ ] }, "displayName": "integ-user-pool-idp-apple" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/tree.json index a78668bd216ed..ae45970e0681d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.js.snapshot/tree.json @@ -4,14 +4,6 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, "integ-user-pool-idp-apple": { "id": "integ-user-pool-idp-apple", "path": "integ-user-pool-idp-apple", @@ -53,7 +45,7 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPool", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPool", "version": "0.0.0" } }, @@ -67,9 +59,6 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolClient", "aws:cdk:cloudformation:props": { - "userPoolId": { - "Ref": "pool056F3F7E" - }, "allowedOAuthFlows": [ "implicit", "code" @@ -90,17 +79,20 @@ "Ref": "apple9B5408AC" }, "COGNITO" - ] + ], + "userPoolId": { + "Ref": "pool056F3F7E" + } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolClient", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolClient", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolClient", "version": "0.0.0" } }, @@ -121,19 +113,19 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolDomain", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolDomain", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolDomain", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolDomain", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPool", + "fqn": "aws-cdk-lib.aws_cognito.UserPool", "version": "0.0.0" } }, @@ -147,14 +139,10 @@ "attributes": { "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { - "providerName": "SignInWithApple", - "providerType": "SignInWithApple", - "userPoolId": { - "Ref": "pool056F3F7E" - }, "attributeMapping": { "family_name": "lastName", - "given_name": "firstName" + "given_name": "firstName", + "email_verified": "email_verified" }, "providerDetails": { "client_id": "com.amzn.cdk", @@ -162,17 +150,22 @@ "key_id": "CDKKEYCDK1", "private_key": "PRIV_KEY_CDK", "authorize_scopes": "email name" + }, + "providerName": "SignInWithApple", + "providerType": "SignInWithApple", + "userPoolId": { + "Ref": "pool056F3F7E" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.CfnUserPoolIdentityProvider", + "fqn": "aws-cdk-lib.aws_cognito.CfnUserPoolIdentityProvider", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cognito.UserPoolIdentityProviderApple", + "fqn": "aws-cdk-lib.aws_cognito.UserPoolIdentityProviderApple", "version": "0.0.0" } }, @@ -180,20 +173,44 @@ "id": "SignInLink", "path": "integ-user-pool-idp-apple/SignInLink", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-user-pool-idp-apple/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-user-pool-idp-apple/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.ts index 60c9b0570b1d5..ffb00b39b8377 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.apple.ts @@ -23,6 +23,7 @@ new UserPoolIdentityProviderApple(stack, 'apple', { attributeMapping: { familyName: ProviderAttribute.APPLE_LAST_NAME, givenName: ProviderAttribute.APPLE_FIRST_NAME, + emailVerified: ProviderAttribute.APPLE_EMAIL_VERIFIED, }, }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/cdk.out index 1f0068d32659a..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.assets.json index cfd071fe5a357..7f90b612dfb63 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { - "bf9c876a337784688e39b33da61434900b5e0a1ca0f041c68e542a2beaa1f003": { + "7846b3969f6e3e7d4f790498426800abaf187d7c340ca033cb7f56dd92746b3f": { "source": { "path": "integ-user-pool-idp-google.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "bf9c876a337784688e39b33da61434900b5e0a1ca0f041c68e542a2beaa1f003.json", + "objectKey": "7846b3969f6e3e7d4f790498426800abaf187d7c340ca033cb7f56dd92746b3f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.template.json index 1c4bdb7fbf558..e4d451e68ee64 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ-user-pool-idp-google.template.json @@ -88,6 +88,7 @@ "given_name": "given_name", "family_name": "family_name", "email": "email", + "email_verified": "email_verified", "gender": "gender", "names": "names" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ.json index e88b6d3ab8d12..eee5dc5c018c6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "testCases": { "integ.user-pool-idp.google": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/manifest.json index 8a54d20f2a53a..3f46cc588601a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "artifacts": { "integ-user-pool-idp-google.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "integ-user-pool-idp-google.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bf9c876a337784688e39b33da61434900b5e0a1ca0f041c68e542a2beaa1f003.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7846b3969f6e3e7d4f790498426800abaf187d7c340ca033cb7f56dd92746b3f.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/tree.json index 902581fb202fd..d170c6a104b5a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.js.snapshot/tree.json @@ -179,6 +179,7 @@ "given_name": "given_name", "family_name": "family_name", "email": "email", + "email_verified": "email_verified", "gender": "gender", "names": "names" }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts index 1145a4fff3c19..6c3a529c8796f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.google.ts @@ -35,6 +35,7 @@ new UserPoolIdentityProviderGoogle(stack, 'google', { givenName: ProviderAttribute.GOOGLE_GIVEN_NAME, familyName: ProviderAttribute.GOOGLE_FAMILY_NAME, email: ProviderAttribute.GOOGLE_EMAIL, + emailVerified: ProviderAttribute.GOOGLE_EMAIL_VERIFIED, gender: ProviderAttribute.GOOGLE_GENDER, custom: { names: ProviderAttribute.GOOGLE_NAMES, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/cdk.out index 1f0068d32659a..c6e612584e352 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"36.0.0"} \ No newline at end of file +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.assets.json index 8d030b9c48733..ea9a27f4ed177 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.assets.json @@ -1,7 +1,7 @@ { - "version": "36.0.0", + "version": "38.0.1", "files": { - "76c2bd7a84d0ba1121625e91a467fc1845bb7a4a7e2d5b3aa9494ad653b73b7a": { + "6bf1bea6590a55bdf15809be2f8c8b055e553e7361f981a3dae33b33eee135ca": { "source": { "path": "integ-user-pool-idp-google.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "76c2bd7a84d0ba1121625e91a467fc1845bb7a4a7e2d5b3aa9494ad653b73b7a.json", + "objectKey": "6bf1bea6590a55bdf15809be2f8c8b055e553e7361f981a3dae33b33eee135ca.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.template.json index 9d1f20e0ef614..3963f1728bdc4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ-user-pool-idp-google.template.json @@ -73,7 +73,8 @@ "Type": "AWS::Cognito::UserPoolIdentityProvider", "Properties": { "AttributeMapping": { - "phone_number": "phone_number" + "phone_number": "phone_number", + "email_verified": "email_verified" }, "ProviderDetails": { "client_id": "client-id", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ.json index dbad76f80d830..75d3d6b4d3bf2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "testCases": { "integ.user-pool-idp.oidc": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/manifest.json index 2e0185d097cac..3ac3fe7640191 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "36.0.0", + "version": "38.0.1", "artifacts": { "integ-user-pool-idp-google.assets": { "type": "cdk:asset-manifest", @@ -16,9 +16,10 @@ "templateFile": "integ-user-pool-idp-google.template.json", "terminationProtection": false, "validateOnSynth": false, + "notificationArns": [], "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/76c2bd7a84d0ba1121625e91a467fc1845bb7a4a7e2d5b3aa9494ad653b73b7a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6bf1bea6590a55bdf15809be2f8c8b055e553e7361f981a3dae33b33eee135ca.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/tree.json index 5c59dd4e20e33..4feeb8f67700a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.js.snapshot/tree.json @@ -140,7 +140,8 @@ "aws:cdk:cloudformation:type": "AWS::Cognito::UserPoolIdentityProvider", "aws:cdk:cloudformation:props": { "attributeMapping": { - "phone_number": "phone_number" + "phone_number": "phone_number", + "email_verified": "email_verified" }, "providerDetails": { "client_id": "client-id", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.ts index 38488319e5e15..81ff8582bdf7f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cognito/test/integ.user-pool-idp.oidc.ts @@ -27,6 +27,7 @@ new UserPoolIdentityProviderOidc(stack, 'cdk', { scopes: ['openid', 'phone'], attributeMapping: { phoneNumber: ProviderAttribute.other('phone_number'), + emailVerified: ProviderAttribute.other('email_verified'), }, }); diff --git a/packages/aws-cdk-lib/aws-cognito/README.md b/packages/aws-cdk-lib/aws-cognito/README.md index a5f9bf77c87bc..35df1769e41ac 100644 --- a/packages/aws-cdk-lib/aws-cognito/README.md +++ b/packages/aws-cdk-lib/aws-cognito/README.md @@ -1002,3 +1002,21 @@ const userpool = new cognito.UserPool(this, 'UserPool', { ``` By default deletion protection is disabled. + + +### `email_verified` Attribute Mapping + +If you use a third-party identity provider, you can specify the `email_verified` attribute in attributeMapping. + +```typescript +const userpool = new cognito.UserPool(this, 'Pool'); + +new cognito.UserPoolIdentityProviderGoogle(this, 'google', { + userPool: userpool, + clientId: 'google-client-id', + attributeMapping: { + email: cognito.ProviderAttribute.GOOGLE_EMAIL, + emailVerified: cognito.ProviderAttribute.GOOGLE_EMAIL_VERIFIED, // you can mapping the `email_verified` attribute. + }, +}); +``` \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.ts b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.ts index 08278947b9e04..51de52cece818 100644 --- a/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.ts +++ b/packages/aws-cdk-lib/aws-cognito/lib/user-pool-idps/base.ts @@ -6,6 +6,8 @@ import { IUserPool } from '../user-pool'; export class ProviderAttribute { /** The email attribute provided by Apple */ public static readonly APPLE_EMAIL = new ProviderAttribute('email'); + /** The email verified atribute provided by Apple */ + public static readonly APPLE_EMAIL_VERIFIED = new ProviderAttribute('email_verified'); /** The name attribute provided by Apple */ public static readonly APPLE_NAME = new ProviderAttribute('name'); /** The first name attribute provided by Apple */ @@ -51,6 +53,8 @@ export class ProviderAttribute { public static readonly GOOGLE_PHONE_NUMBERS = new ProviderAttribute('phoneNumbers'); /** The email attribute provided by Google */ public static readonly GOOGLE_EMAIL = new ProviderAttribute('email'); + /** The email verified attribute provided by Google */ + public static readonly GOOGLE_EMAIL_VERIFIED = new ProviderAttribute('email_verified'); /** The name attribute provided by Google */ public static readonly GOOGLE_NAME = new ProviderAttribute('name'); /** The picture attribute provided by Google */ @@ -98,6 +102,12 @@ export interface AttributeMapping { */ readonly email?: ProviderAttribute; + /** + * The user's e-mail address is verification. + * @default - not mapped + */ + readonly emailVerified?: ProviderAttribute; + /** * The surname or last name of user. * @default - not mapped diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/apple.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/apple.test.ts index a299953d1cc8f..4c4d031fd04fc 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/apple.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/apple.test.ts @@ -92,6 +92,7 @@ describe('UserPoolIdentityProvider', () => { attributeMapping: { familyName: ProviderAttribute.APPLE_LAST_NAME, givenName: ProviderAttribute.APPLE_FIRST_NAME, + emailVerified: ProviderAttribute.APPLE_EMAIL_VERIFIED, custom: { customAttr1: ProviderAttribute.APPLE_EMAIL, customAttr2: ProviderAttribute.other('sub'), diff --git a/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/google.test.ts b/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/google.test.ts index 1c149a6d5a190..13a62ea75aa80 100644 --- a/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/google.test.ts +++ b/packages/aws-cdk-lib/aws-cognito/test/user-pool-idps/google.test.ts @@ -80,6 +80,7 @@ describe('UserPoolIdentityProvider', () => { attributeMapping: { givenName: ProviderAttribute.GOOGLE_NAME, address: ProviderAttribute.other('google-address'), + emailVerified: ProviderAttribute.GOOGLE_EMAIL_VERIFIED, custom: { customAttr1: ProviderAttribute.GOOGLE_EMAIL, customAttr2: ProviderAttribute.other('google-custom-attr'),