Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client_prevent_user_existence_errors = "ENABLED" is not working #104

Open
garyyang6 opened this issue Nov 18, 2022 · 2 comments
Open

client_prevent_user_existence_errors = "ENABLED" is not working #104

garyyang6 opened this issue Nov 18, 2022 · 2 comments
Assignees
@lgallard
Labels
documentation Improvements or additions to documentation

Comments

@garyyang6
Copy link

App clients > Security configuration > Prevent User Existence Errors:
I set client_prevent_user_existence_errors = "ENABLED"

But the setting is still Legacy. How to make it as Enabled (Recommended)

  clients = [
    {
      allowed_oauth_flows                  = []
      allowed_oauth_flows_user_pool_client = false
      allowed_oauth_scopes                 = []
      callback_urls                        = ["https://portal-test-oregon/callback"]
      default_redirect_uri                 = "https://portal-test-oregon/callback"
      explicit_auth_flows                  = ["ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_CUSTOM_AUTH", "ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]
      generate_secret                      = true
      client_prevent_user_existence_errors = "ENABLED"
      logout_urls                          = ["https://portal-test.oregon"]
      client_allowed_oauth_scopes          = ["email", "openid", "profile", "aws.cognito.signin.user.admin"]
      client_allowed_oauth_flows           = ["code", "implicit"]
      name                                 = "nebula"
      read_attributes                      = ["email"]
      supported_identity_providers         = ["COGNITO"]
      write_attributes                     = []
      access_token_validity                = 1
      id_token_validity                    = 1
      refresh_token_validity               = 30
      token_validity_units = {
        access_token  = "days"
        id_token      = "days"
        refresh_token = "days"
      }
    }
@engpaulofaria
Copy link

@garyyang6 I have a similar issue, but verifing the documentation the correct attribute is "prevent_user_existence_errors" instead "client_prevent_user_existence_errors". See: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cognito_user_pool_client#prevent_user_existence_errors

@lgallard
Copy link
Owner

lgallard commented Jan 31, 2023
edited
Loading

@engpaulofaria @engpaulofaria in fact in the module resource is prevent_user_existence_errors.

Do you think I should include it in the complete example?

@lgallard lgallard self-assigned this Jul 14, 2023
@lgallard lgallard added the documentation Improvements or additions to documentation label Jul 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lgallard lgallard

Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@engpaulofaria @lgallard @garyyang6