CognitoUserPool
Reference doc for the `sst.aws.CognitoUserPool` component.
The CognitoUserPool
component lets you add a Amazon Cognito User Pool to your app.
Create the user pool
const userPool = new sst.aws.CognitoUserPool("MyUserPool");
Login using email
new sst.aws.CognitoUserPool("MyUserPool", { usernames: ["email"]});
Configure triggers
new sst.aws.CognitoUserPool("MyUserPool", { triggers: { preAuthentication: "src/preAuthentication.handler", postAuthentication: "src/postAuthentication.handler", },});
Add a client
userPool.addClient("Web");
Constructor
new CognitoUserPool(name, args?, opts?)
Parameters
-
name
string
-
args?
CognitoUserPoolArgs
-
opts?
ComponentResourceOptions
CognitoUserPoolArgs
aliases?
Type Input
<
Input
<
“
email
”
|
“
phone
”
|
“
preferred_username
”
>
[]
>
Default User can only sign in with their username.
Configure the different ways a user can sign in besides using their username.
{ aliases: ["email"]}
transform?
transform.userPool?
Type UserPoolArgs
|
(
args
:
UserPoolArgs
,
opts
:
ComponentResourceOptions
,
name
:
string
)
=>
void
Transform the Cognito User Pool resource.
triggers?
Type Input
<
Object
>
Default No triggers
Configure triggers for this User Pool
{ triggers: { preAuthentication: "src/preAuthentication.handler", postAuthentication: "src/postAuthentication.handler" }}
triggers.createAuthChallenge?
Type string
|
FunctionArgs
Triggered after the user successfully responds to the previous challenge, and a new challenge needs to be created.
Takes the handler path or the function args.
triggers.customEmailSender?
Type string
|
FunctionArgs
Triggered during events like user sign-up, password recovery, email/phone number verification, and when an admin creates a user. Use this trigger to customize the email provider.
Takes the handler path or the function args.
triggers.customMessage?
Type string
|
FunctionArgs
Triggered during events like user sign-up, password recovery, email/phone number verification, and when an admin creates a user. Use this trigger to customize the message that is sent to your users.
Takes the handler path or the function args.
triggers.customSmsSender?
Type string
|
FunctionArgs
Triggered when an SMS message needs to be sent, such as for MFA or verification codes. Use this trigger to customize the SMS provider.
Takes the handler path or the function args.
triggers.defineAuthChallenge?
Type string
|
FunctionArgs
Triggered after each challenge response to determine the next action. Evaluates whether the user has completed the authentication process or if additional challenges are needed. ARN of the lambda function to name a custom challenge.
Takes the handler path or the function args.
triggers.postAuthentication?
Type string
|
FunctionArgs
Triggered after a successful authentication event. Use this to perform custom actions, such as logging or modifying user attributes, after the user is authenticated.
Takes the handler path or the function args.
triggers.postConfirmation?
Type string
|
FunctionArgs
Triggered after a user is successfully confirmed; sign-up or email/phone number verification. Use this to perform additional actions, like sending a welcome email or initializing user data, after user confirmation.
Takes the handler path or the function args.
triggers.preAuthentication?
Type string
|
FunctionArgs
Triggered before the authentication process begins. Use this to implement custom validation or checks (like checking if the user is banned) before continuing authentication.
Takes the handler path or the function args.
triggers.preSignUp?
Type string
|
FunctionArgs
Triggered before the user sign-up process completes. Use this to perform custom validation, auto-confirm users, or auto-verify attributes based on custom logic.
Takes the handler path or the function args.
triggers.preTokenGeneration?
Type string
|
FunctionArgs
Triggered before tokens are generated in the authentication process. Use this to customize or add claims to the tokens that will be generated and returned to the user.
Takes the handler path or the function args.
triggers.userMigration?
Type string
|
FunctionArgs
Triggered when a user attempts to sign in but does not exist in the current user pool. Use this to import and validate users from an existing user directory into the Cognito User Pool during sign-in.
Takes the handler path or the function args.
triggers.verifyAuthChallengeResponse?
Type string
|
FunctionArgs
Triggered after the user responds to a custom authentication challenge. Use this to verify the user’s response to the challenge and determine whether to continue authenticating the user.
Takes the handler path or the function args.
usernames?
Type Input
<
Input
<
“
email
”
|
“
phone
”
>
[]
>
Default User can only sign in with their username.
Allow users to be able to sign up and sign in with an email addresses or phone number as their username.
{ usernames: ["email"]}
Properties
arn
Type Output
<
string
>
The Cognito User Pool ARN.
id
Type Output
<
string
>
The Cognito User Pool ID.
nodes
nodes.userPool
Type UserPool
The Amazon Cognito User Pool.
SDK
Use the SDK in your runtime to interact with your infrastructure.
Links
This is accessible through the Resource
object in the SDK.
-
id
string
The Cognito User Pool ID.
Methods
addClient
addClient(name, args?)
Parameters
Name of the client.name
string
- Configure the client.
Returns CognitoUserPoolClient
Add a client to the user pool.
userPool.addClient("Web");
CognitoUserPoolClientArgs
transform?
transform.client?
Type UserPoolClientArgs
|
(
args
:
UserPoolClientArgs
,
opts
:
ComponentResourceOptions
,
name
:
string
)
=>
void
Transform the Cognito User Pool client resource.