feat(cognito): user pool client logout urls (#10301)

tneely · web-flow · commit 511183771b84 · 2020-09-16T09:56:42.000Z
Support Logout URLs in UserPoolClient. This is a pretty minimal change to just allow the property to be set. fixes: #10225 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
diff --git a/packages/@aws-cdk/aws-cognito/README.md b/packages/@aws-cdk/aws-cognito/README.md
@@ -472,6 +472,7 @@ pool.addClient('app-client', {
     },
     scopes: [ OAuthScope.OPENID ],
     callbackUrls: [ 'https://my-app-domain.com/welcome' ],
+    logoutUrls: [ 'https://my-app-domain.com/signin' ],
   }
 });
 ```
diff --git a/packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts b/packages/@aws-cdk/aws-cognito/lib/user-pool-client.ts
@@ -56,6 +56,12 @@ export interface OAuthSettings {
    */
   readonly callbackUrls?: string[];
 
+  /**
+   * List of allowed logout URLs for the identity providers.
+   * @default - no logout URLs
+   */
+  readonly logoutUrls?: string[];
+
   /**
    * OAuth scopes that are allowed with this client.
    * @see https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html
@@ -315,6 +321,7 @@ export class UserPoolClient extends Resource implements IUserPoolClient {
       allowedOAuthFlows: props.disableOAuth ? undefined : this.configureOAuthFlows(),
       allowedOAuthScopes: props.disableOAuth ? undefined : this.configureOAuthScopes(props.oAuth),
       callbackUrLs: callbackUrls && callbackUrls.length > 0 ? callbackUrls : undefined,
+      logoutUrLs: props.oAuth?.logoutUrls,
       allowedOAuthFlowsUserPoolClient: !props.disableOAuth,
       preventUserExistenceErrors: this.configurePreventUserExistenceErrors(props.preventUserExistenceErrors),
       supportedIdentityProviders: this.configureIdentityProviders(props),
diff --git a/packages/@aws-cdk/aws-cognito/test/user-pool-client.test.ts b/packages/@aws-cdk/aws-cognito/test/user-pool-client.test.ts
@@ -201,6 +201,21 @@ describe('User Pool Client', () => {
     })).not.toThrow();
   });
 
+  test('logoutUrls can be set', () => {
+    const stack = new Stack();
+    const pool = new UserPool(stack, 'Pool');
+
+    pool.addClient('Client', {
+      oAuth: {
+        logoutUrls: ['https://example.com'],
+      },
+    });
+
+    expect(stack).toHaveResourceLike('AWS::Cognito::UserPoolClient', {
+      LogoutURLs: ['https://example.com'],
+    });
+  });
+
   test('fails when clientCredentials OAuth flow is selected along with codeGrant or implicitGrant', () => {
     const stack = new Stack();
     const pool = new UserPool(stack, 'Pool');

Original file line number	Diff line number	Diff line change
`@@ -472,6 +472,7 @@ pool.addClient('app-client', {`
`472`	`472`	`},`
`473`	`473`	`scopes: [ OAuthScope.OPENID ],`
`474`	`474`	`callbackUrls: [ 'https://my-app-domain.com/welcome' ],`
	`475`	`+ logoutUrls: [ 'https://my-app-domain.com/signin' ],`
`475`	`476`	`}`
`476`	`477`	`});`
`477`	`478`	```