search

lgallard / terraform-aws-cognito-user-pool

Terraform module to create Amazon Cognito User Pools, configure its attributes and resources such as app clients, domain, resource servers. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users.
Apache License 2.0
89 stars 95 forks source link

client_prevent_user_existence_errors = "ENABLED" is not working #104

Open garyyang6 opened 1 year ago

garyyang6 commented 1 year ago

App clients > Security configuration > Prevent User Existence Errors: I set client_prevent_user_existence_errors = "ENABLED"

But the setting is still Legacy. How to make it as Enabled (Recommended)

  clients = [
    {
      allowed_oauth_flows                  = []
      allowed_oauth_flows_user_pool_client = false
      allowed_oauth_scopes                 = []
      callback_urls                        = ["https://portal-test-oregon/callback"]
      default_redirect_uri                 = "https://portal-test-oregon/callback"
      explicit_auth_flows                  = ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]
      generate_secret                      = true
      client_prevent_user_existence_errors = "ENABLED"
      logout_urls                          = ["https://portal-test.oregon"]
      client_allowed_oauth_scopes          = ["email", "openid", "profile", "aws.cognito.signin.user.admin"]
      client_allowed_oauth_flows           = ["code", "implicit"]
      name                                 = "nebula"
      read_attributes                      = ["email"]
      supported_identity_providers         = ["COGNITO"]
      write_attributes                     = []
      access_token_validity                = 1
      id_token_validity                    = 1
      refresh_token_validity               = 30
      token_validity_units = {
        access_token  = "days"
        id_token      = "days"
        refresh_token = "days"
      }
    }
engpaulofaria commented 1 year ago

@garyyang6 I have a similar issue, but verifing the documentation the correct attribute is "prevent_user_existence_errors" instead "client_prevent_user_existence_errors". See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client#prevent_user_existence_errors

lgallard commented 1 year ago

@engpaulofaria @engpaulofaria in fact in the module resource is prevent_user_existence_errors.

Do you think I should include it in the complete example?