docs(cognito): describe addDependency for identity provider and app c…

…lient (aws#15893)

When an app client is created, it receives the name of the identity provider as a string.
During the deployment, the identity provider must be created first, then the app client can be created (because it references the identity provider).
Due to the fact that the reference is passed as a string, CDK can't add the dependency between the identity provider and the app client automatically. Therefore, `addDependency` must be called manually when both constructs are created in the same stack.

The missing dependency was reported two times in the last weeks (issue aws#15850 and aws#15692). Because of that I would propose to add this behaviour in the readme.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

packages/@aws-cdk/aws-cognito/README.md

@@ -565,6 +565,21 @@ pool.addClient('app-client', {
 });
 ```
 
+If the identity provider and the app client are created in the same stack, specify the dependency between both constructs to make sure that the identity provider already exists when the app client will be created. The app client cannot handle the dependency to the identity provider automatically because the client does not have access to the provider's construct.
+
+```ts
+const provider = new cognito.UserPoolIdentityProviderAmazon(this, 'Amazon', {
+  // ...
+});
+const client = pool.addClient('app-client', {
+  // ...
+  supportedIdentityProviders: [
+    cognito.UserPoolClientIdentityProvider.AMAZON,
+  ],
+}
+client.node.addDependency(provider);
+```
+
 In accordance with the OIDC open standard, Cognito user pool clients provide access tokens, ID tokens and refresh tokens.
 More information is available at [Using Tokens with User Pools](https://docs.aws.amazon.com/en_us/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html).
 The expiration time for these tokens can be configured as shown below.