'Change AWS Cognitio "Enabled Identity Providers" via Python SDK

There is a setting I want to change via Python SDK reguarding AWS Cognito. I can change the setting in the AWS Web Console via "Cognito -> User Pools -> App Client Settings -> Cognito User Pool" (See image)

Here is my code

client = boto3.client('cognito-idp')

client.update_user_pool_client(
    UserPoolId=USER_POOL_ID,
    ClientId=user_pool_client_id,
    SupportedIdentityProviders=[
        'CognitoUserPool'
    ]
)

The error I am receiving is

An error occurred (InvalidParameterException) when calling the
UpdateUserPoolClient operation: The provider CognitoUserPool
does not exist for User Pool xxxxxx

It is unclear what string values I should pass for SupportedIdentityProviders. The only hint I have seen is from https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

--supported-identity-providers '["MySAMLIdP", "LoginWithAmazon"]'

I am not even 100% sure if the SupportedIdentityProviders relates to the setting I am trying to change, but can't find any clarification in the docs.

boto3amazon-cognito


Solution 1:[1]

The correct value to pass is COGNITO

client.update_user_pool_client(
    UserPoolId=USER_POOL_ID,
    ClientId=user_pool_client_id,
    SupportedIdentityProviders=[
        'COGNITO'
    ]
)

I only discovered this by reviewing source code of someone else CloudFormation Custom resource https://github.com/rosberglinhares/CloudFormationCognitoCustomResources/blob/master/SampleInfrastructure.template.yaml#L105

I can not find the correct soluion to this from offical AWS Docs/Boto3 docs. If anyone knows where the possible values for SupportedIdentityProviders are documented please comment.

Solution 2:[2]

For SAML/ OIDC, the array of provider names can be passed as SupportedIdentityProviders when update user pool client.

In order to update the existing SupportedIdentityProviders in user pool client, first fetch the existing SupportedIdentityProviders using describeUserPoolClient function. Then you can push your provider name to exisiting SupportedIdentityProviders and update the user pool client with this value.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 Rinsha CP

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function