Terraform-provider-aws: aws_cognito_user_pool_client doesn't support new explicit_auth_flow names
Terraform Version
v0.12.9
Affected Resource(s)
- aws_cognito_user_pool_client
Terraform Configuration Files
# aws_cognito_user_pool_client._
resource "aws_cognito_user_pool_client" "my_user_pool_client" {
name = "myclient"
user_pool_id = "${aws_cognito_user_pool.my_user_pool.id}"
generate_secret = false
explicit_auth_flows = [
"ALLOW_CUSTOM_AUTH", "ALLOW_ADMIN_USER_PASSWORD_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"
]
}
Expected Behavior
Client should be modified with auth flows
Actual Behavior
Error: expected explicit_auth_flows.0 to be one of [ADMIN_NO_SRP_AUTH CUSTOM_AUTH_FLOW_ONLY USER_PASSWORD_AUTH], got ALLOW_ADMIN_USER_PASSWORD_AUTH
on cognito_user_pool.tf line 86, in resource "aws_cognito_user_pool_client" "varobank_user_pool_client":
86: resource "aws_cognito_user_pool_client" "varobank_user_pool_client" {
References
From terraform docs, it takes the old values:
explicit_auth_flows - (Optional) List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH).
https://www.terraform.io/docs/providers/aws/r/cognito_user_pool_client.html
The AWS docs specify the new values:
ALLOW_ADMIN_USER_PASSWORD_AUTH : Enable admin based user password authentication flow ADMIN_USER_PASSWORD_AUTH . This setting replaces the ADMIN_NO_SRP_AUTH setting. With this authentication flow, Cognito receives the password in the request instead of using the SRP (Secure Remote Password protocol) protocol to verify passwords.
ALLOW_CUSTOM_AUTH : Enable Lambda trigger based authentication.
ALLOW_USER_PASSWORD_AUTH : Enable user password-based authentication. In this flow, Cognito receives the password in the request instead of using the SRP protocol to verify passwords.
ALLOW_USER_SRP_AUTH : Enable SRP based authentication.
ALLOW_REFRESH_TOKEN_AUTH : Enable authflow to refresh tokens.
https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/update-user-pool-client.html
- #0000
aaroning
All 3 comments
Support for the ALLOW_* variations of the explicit_auth_flow argument values has been merged and will release with version 2.46.0 of the Terraform AWS Provider, Thursday next week. Thanks to @hunkeelin for the implementation. 👍
bflad
on 17 Jan 2020
This has been released in version 2.46.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 24 Jan 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
hashibot[bot]
on 27 Mar 2020
Related issues
ccslamstack
·
3Comments
andywirv
·
3Comments
gothrek22
·
3Comments
hashibot
·
3Comments
carmas
·
3Comments
Most helpful comment
Support for the
ALLOW_*variations of theexplicit_auth_flowargument values has been merged and will release with version 2.46.0 of the Terraform AWS Provider, Thursday next week. Thanks to @hunkeelin for the implementation. 👍