{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.CognitoIdentity.Types.CognitoIdentityProvider
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.CognitoIdentity.Types.CognitoIdentityProvider where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude

-- | A provider representing an Amazon Cognito user pool and its client ID.
--
-- /See:/ 'newCognitoIdentityProvider' smart constructor.
data CognitoIdentityProvider = CognitoIdentityProvider'
  { -- | The client ID for the Amazon Cognito user pool.
    CognitoIdentityProvider -> Maybe Text
clientId :: Prelude.Maybe Prelude.Text,
    -- | The provider name for an Amazon Cognito user pool. For example,
    -- @cognito-idp.us-east-1.amazonaws.com\/us-east-1_123456789@.
    CognitoIdentityProvider -> Maybe Text
providerName :: Prelude.Maybe Prelude.Text,
    -- | TRUE if server-side token validation is enabled for the identity
    -- provider’s token.
    --
    -- Once you set @ServerSideTokenCheck@ to TRUE for an identity pool, that
    -- identity pool will check with the integrated user pools to make sure
    -- that the user has not been globally signed out or deleted before the
    -- identity pool provides an OIDC token or AWS credentials for the user.
    --
    -- If the user is signed out or deleted, the identity pool will return a
    -- 400 Not Authorized error.
    CognitoIdentityProvider -> Maybe Bool
serverSideTokenCheck :: Prelude.Maybe Prelude.Bool
  }
  deriving (CognitoIdentityProvider -> CognitoIdentityProvider -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: CognitoIdentityProvider -> CognitoIdentityProvider -> Bool
$c/= :: CognitoIdentityProvider -> CognitoIdentityProvider -> Bool
== :: CognitoIdentityProvider -> CognitoIdentityProvider -> Bool
$c== :: CognitoIdentityProvider -> CognitoIdentityProvider -> Bool
Prelude.Eq, ReadPrec [CognitoIdentityProvider]
ReadPrec CognitoIdentityProvider
Int -> ReadS CognitoIdentityProvider
ReadS [CognitoIdentityProvider]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [CognitoIdentityProvider]
$creadListPrec :: ReadPrec [CognitoIdentityProvider]
readPrec :: ReadPrec CognitoIdentityProvider
$creadPrec :: ReadPrec CognitoIdentityProvider
readList :: ReadS [CognitoIdentityProvider]
$creadList :: ReadS [CognitoIdentityProvider]
readsPrec :: Int -> ReadS CognitoIdentityProvider
$creadsPrec :: Int -> ReadS CognitoIdentityProvider
Prelude.Read, Int -> CognitoIdentityProvider -> ShowS
[CognitoIdentityProvider] -> ShowS
CognitoIdentityProvider -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [CognitoIdentityProvider] -> ShowS
$cshowList :: [CognitoIdentityProvider] -> ShowS
show :: CognitoIdentityProvider -> String
$cshow :: CognitoIdentityProvider -> String
showsPrec :: Int -> CognitoIdentityProvider -> ShowS
$cshowsPrec :: Int -> CognitoIdentityProvider -> ShowS
Prelude.Show, forall x. Rep CognitoIdentityProvider x -> CognitoIdentityProvider
forall x. CognitoIdentityProvider -> Rep CognitoIdentityProvider x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep CognitoIdentityProvider x -> CognitoIdentityProvider
$cfrom :: forall x. CognitoIdentityProvider -> Rep CognitoIdentityProvider x
Prelude.Generic)

-- |
-- Create a value of 'CognitoIdentityProvider' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientId', 'cognitoIdentityProvider_clientId' - The client ID for the Amazon Cognito user pool.
--
-- 'providerName', 'cognitoIdentityProvider_providerName' - The provider name for an Amazon Cognito user pool. For example,
-- @cognito-idp.us-east-1.amazonaws.com\/us-east-1_123456789@.
--
-- 'serverSideTokenCheck', 'cognitoIdentityProvider_serverSideTokenCheck' - TRUE if server-side token validation is enabled for the identity
-- provider’s token.
--
-- Once you set @ServerSideTokenCheck@ to TRUE for an identity pool, that
-- identity pool will check with the integrated user pools to make sure
-- that the user has not been globally signed out or deleted before the
-- identity pool provides an OIDC token or AWS credentials for the user.
--
-- If the user is signed out or deleted, the identity pool will return a
-- 400 Not Authorized error.
newCognitoIdentityProvider ::
  CognitoIdentityProvider
newCognitoIdentityProvider :: CognitoIdentityProvider
newCognitoIdentityProvider =
  CognitoIdentityProvider'
    { $sel:clientId:CognitoIdentityProvider' :: Maybe Text
clientId =
        forall a. Maybe a
Prelude.Nothing,
      $sel:providerName:CognitoIdentityProvider' :: Maybe Text
providerName = forall a. Maybe a
Prelude.Nothing,
      $sel:serverSideTokenCheck:CognitoIdentityProvider' :: Maybe Bool
serverSideTokenCheck = forall a. Maybe a
Prelude.Nothing
    }

-- | The client ID for the Amazon Cognito user pool.
cognitoIdentityProvider_clientId :: Lens.Lens' CognitoIdentityProvider (Prelude.Maybe Prelude.Text)
cognitoIdentityProvider_clientId :: Lens' CognitoIdentityProvider (Maybe Text)
cognitoIdentityProvider_clientId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CognitoIdentityProvider' {Maybe Text
clientId :: Maybe Text
$sel:clientId:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
clientId} -> Maybe Text
clientId) (\s :: CognitoIdentityProvider
s@CognitoIdentityProvider' {} Maybe Text
a -> CognitoIdentityProvider
s {$sel:clientId:CognitoIdentityProvider' :: Maybe Text
clientId = Maybe Text
a} :: CognitoIdentityProvider)

-- | The provider name for an Amazon Cognito user pool. For example,
-- @cognito-idp.us-east-1.amazonaws.com\/us-east-1_123456789@.
cognitoIdentityProvider_providerName :: Lens.Lens' CognitoIdentityProvider (Prelude.Maybe Prelude.Text)
cognitoIdentityProvider_providerName :: Lens' CognitoIdentityProvider (Maybe Text)
cognitoIdentityProvider_providerName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CognitoIdentityProvider' {Maybe Text
providerName :: Maybe Text
$sel:providerName:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
providerName} -> Maybe Text
providerName) (\s :: CognitoIdentityProvider
s@CognitoIdentityProvider' {} Maybe Text
a -> CognitoIdentityProvider
s {$sel:providerName:CognitoIdentityProvider' :: Maybe Text
providerName = Maybe Text
a} :: CognitoIdentityProvider)

-- | TRUE if server-side token validation is enabled for the identity
-- provider’s token.
--
-- Once you set @ServerSideTokenCheck@ to TRUE for an identity pool, that
-- identity pool will check with the integrated user pools to make sure
-- that the user has not been globally signed out or deleted before the
-- identity pool provides an OIDC token or AWS credentials for the user.
--
-- If the user is signed out or deleted, the identity pool will return a
-- 400 Not Authorized error.
cognitoIdentityProvider_serverSideTokenCheck :: Lens.Lens' CognitoIdentityProvider (Prelude.Maybe Prelude.Bool)
cognitoIdentityProvider_serverSideTokenCheck :: Lens' CognitoIdentityProvider (Maybe Bool)
cognitoIdentityProvider_serverSideTokenCheck = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\CognitoIdentityProvider' {Maybe Bool
serverSideTokenCheck :: Maybe Bool
$sel:serverSideTokenCheck:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Bool
serverSideTokenCheck} -> Maybe Bool
serverSideTokenCheck) (\s :: CognitoIdentityProvider
s@CognitoIdentityProvider' {} Maybe Bool
a -> CognitoIdentityProvider
s {$sel:serverSideTokenCheck:CognitoIdentityProvider' :: Maybe Bool
serverSideTokenCheck = Maybe Bool
a} :: CognitoIdentityProvider)

instance Data.FromJSON CognitoIdentityProvider where
  parseJSON :: Value -> Parser CognitoIdentityProvider
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"CognitoIdentityProvider"
      ( \Object
x ->
          Maybe Text -> Maybe Text -> Maybe Bool -> CognitoIdentityProvider
CognitoIdentityProvider'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ClientId")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ProviderName")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ServerSideTokenCheck")
      )

instance Prelude.Hashable CognitoIdentityProvider where
  hashWithSalt :: Int -> CognitoIdentityProvider -> Int
hashWithSalt Int
_salt CognitoIdentityProvider' {Maybe Bool
Maybe Text
serverSideTokenCheck :: Maybe Bool
providerName :: Maybe Text
clientId :: Maybe Text
$sel:serverSideTokenCheck:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Bool
$sel:providerName:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
$sel:clientId:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
clientId
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
providerName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
serverSideTokenCheck

instance Prelude.NFData CognitoIdentityProvider where
  rnf :: CognitoIdentityProvider -> ()
rnf CognitoIdentityProvider' {Maybe Bool
Maybe Text
serverSideTokenCheck :: Maybe Bool
providerName :: Maybe Text
clientId :: Maybe Text
$sel:serverSideTokenCheck:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Bool
$sel:providerName:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
$sel:clientId:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
clientId
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
providerName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
serverSideTokenCheck

instance Data.ToJSON CognitoIdentityProvider where
  toJSON :: CognitoIdentityProvider -> Value
toJSON CognitoIdentityProvider' {Maybe Bool
Maybe Text
serverSideTokenCheck :: Maybe Bool
providerName :: Maybe Text
clientId :: Maybe Text
$sel:serverSideTokenCheck:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Bool
$sel:providerName:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
$sel:clientId:CognitoIdentityProvider' :: CognitoIdentityProvider -> Maybe Text
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"ClientId" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
clientId,
            (Key
"ProviderName" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Text
providerName,
            (Key
"ServerSideTokenCheck" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe Bool
serverSideTokenCheck
          ]
      )