Change AWS Cognitio "Enabled Identity Providers" via Python SDK

Question

There is a setting I want to change via Python SDK reguarding AWS Cognito. I can change the setting in the AWS Web Console via "Cognito -> User Pools -> App Client Settings -> Cognito User Pool" (See image)

Here is my code

client = boto3.client('cognito-idp')

client.update_user_pool_client(
    UserPoolId=USER_POOL_ID,
    ClientId=user_pool_client_id,
    SupportedIdentityProviders=[
        'CognitoUserPool'
    ]
)

The error I am receiving is

An error occurred (InvalidParameterException) when calling the
UpdateUserPoolClient operation: The provider CognitoUserPool
does not exist for User Pool xxxxxx

It is unclear what string values I should pass for SupportedIdentityProviders. The only hint I have seen is from https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-idp-settings.html

--supported-identity-providers '["MySAMLIdP", "LoginWithAmazon"]'

I am not even 100% sure if the SupportedIdentityProviders relates to the setting I am trying to change, but can't find any clarification in the docs.

Answer 1

The correct value to pass is COGNITO

client.update_user_pool_client(
    UserPoolId=USER_POOL_ID,
    ClientId=user_pool_client_id,
    SupportedIdentityProviders=[
        'COGNITO'
    ]
)

I only discovered this by reviewing source code of someone else CloudFormation Custom resource https://github.com/rosberglinhares/CloudFormationCognitoCustomResources/blob/master/SampleInfrastructure.template.yaml#L105

I can not find the correct soluion to this from offical AWS Docs/Boto3 docs. If anyone knows where the possible values for SupportedIdentityProviders are documented please comment.

Answer 2

For SAML/ OIDC, the array of provider names can be passed as SupportedIdentityProviders when update user pool client.

In order to update the existing SupportedIdentityProviders in user pool client, first fetch the existing SupportedIdentityProviders using describeUserPoolClient function. Then you can push your provider name to exisiting SupportedIdentityProviders and update the user pool client with this value.