cognito.tf

# Cognito User Pool
resource "aws_cognito_user_pool" "comfyui_user_pool" {
  name = "${module.this.id}-UserPool"

  admin_create_user_config {
    allow_admin_create_user_only = true
  }

  schema {
    name                = "email"
    attribute_data_type = "String"
    required            = true
    mutable             = false
  }

  tags = {
    Name = "${module.this.id}-UserPool"
  }
}

# Cognito User Pool Client
resource "aws_cognito_user_pool_client" "comfyui_user_pool_client" {
  name         = "${module.this.id}-AppClient"
  user_pool_id = aws_cognito_user_pool.comfyui_user_pool.id
  callback_urls                        = [
    "https://${var.domain}/oauth2/idpresponse",
    "https://fgym.${var.domain}/oauth2/idpresponse"
    ]
  allowed_oauth_flows_user_pool_client = true
  allowed_oauth_flows                  = ["code", "implicit"]
  allowed_oauth_scopes                 = ["email", "openid"]
  supported_identity_providers         = ["COGNITO"]
  generate_secret = true

  explicit_auth_flows = ["ALLOW_USER_PASSWORD_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]
}

# Cognito User Pool Domain
resource "aws_cognito_user_pool_domain" "comfyui_user_pool_domain" {
  domain       = "${module.this.id}-auth"
  user_pool_id = aws_cognito_user_pool.comfyui_user_pool.id
}