CognitoIdentityProvider / Client / get_identity_provider_by_identifier
get_identity_provider_by_identifier#
- CognitoIdentityProvider.Client.get_identity_provider_by_identifier(**kwargs)#
Given the identifier of an identity provider (IdP), for example
examplecorp, returns information about the user pool configuration for that IdP. For more information about IdPs, see Third-party IdP sign-in.See also: AWS API Documentation
Request Syntax
response = client.get_identity_provider_by_identifier( UserPoolId='string', IdpIdentifier='string' )
- Parameters:
UserPoolId (string) –
[REQUIRED]
The ID of the user pool where you want to get information about the IdP.
IdpIdentifier (string) –
[REQUIRED]
The identifier that you assigned to your user pool. The identifier is an alternative name for an IdP that is distinct from the IdP name. For example, an IdP with a name of
MyIdPmight have an identifier of the email domainexample.com.
- Return type:
dict
- Returns:
Response Syntax
{ 'IdentityProvider': { 'UserPoolId': 'string', 'ProviderName': 'string', 'ProviderType': 'SAML'|'Facebook'|'Google'|'LoginWithAmazon'|'SignInWithApple'|'OIDC', 'ProviderDetails': { 'string': 'string' }, 'AttributeMapping': { 'string': 'string' }, 'IdpIdentifiers': [ 'string', ], 'LastModifiedDate': datetime(2015, 1, 1), 'CreationDate': datetime(2015, 1, 1) } }
Response Structure
(dict) –
IdentityProvider (dict) –
The configuration of the IdP in your user pool. Includes additional identifiers, the IdP name and type, and trust-relationship details like the issuer URL.
UserPoolId (string) –
The ID of the user pool associated with the IdP.
ProviderName (string) –
A friendly name for the IdP.
ProviderType (string) –
The type of IdP. Either SAML, OIDC, or a named social identity provider.
ProviderDetails (dict) –
The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP
authorize_scopesvalues must match the values listed here.OpenID Connect (OIDC)
Amazon Cognito accepts the following elements when it can’t discover endpoint URLs from
oidc_issuer:attributes_url,authorize_url,jwks_uri,token_url.Create or update request:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }Describe response:
"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }SAML
Create or update request with Metadata URL:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }Create or update request with Metadata file:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }The value of
MetadataFilemust be the plaintext metadata document with all quote (”) characters escaped by backslashes.Describe response:
"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }LoginWithAmazon
Create or update request:
"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"Describe response:
"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }Google
Create or update request:
"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }SignInWithApple
Create or update request:
"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }Describe response:
"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }Facebook
Create or update request:
"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }Describe response:
"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }(string) –
(string) –
AttributeMapping (dict) –
A mapping of IdP attributes to standard and custom user pool attributes.
(string) –
(string) –
IdpIdentifiers (list) –
A list of IdP identifiers. IdP identifiers are strings that represent friendly names or domain names of IdPs, for example
MyIdPorauth.example.com. You can choose to route user authorization requests to the right IdP with either IdP identifiers or IdP names. For more information, seeidentity_providerandidp_identifierat Authorize endpoint.(string) –
LastModifiedDate (datetime) –
The date and time when the item was modified. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.CreationDate (datetime) –
The date and time when the item was created. Amazon Cognito returns this timestamp in UNIX epoch time format. Your SDK might render the output in a human-readable format like ISO 8601 or a Java
Dateobject.
Exceptions
CognitoIdentityProvider.Client.exceptions.InvalidParameterExceptionCognitoIdentityProvider.Client.exceptions.ResourceNotFoundExceptionCognitoIdentityProvider.Client.exceptions.NotAuthorizedExceptionCognitoIdentityProvider.Client.exceptions.TooManyRequestsExceptionCognitoIdentityProvider.Client.exceptions.InternalErrorException