Added extra variables

Author: OuFinx

main.tf

@@ -202,6 +202,10 @@ locals {
       supported_identity_providers         = lookup(client, "supported_identity_providers", var.default_client_supported_identity_providers)
       prevent_user_existence_errors        = lookup(client, "prevent_user_existence_errors", var.default_client_prevent_user_existence_errors)
       write_attributes                     = lookup(client, "write_attributes", var.default_client_write_attributes)
+      access_token_validity                = lookup(client, "access_token_validity", var.default_client_access_token_validity)
+      id_token_validity                    = lookup(client, "id_token_validity", var.default_client_id_token_validity)
+      token_validity_units                 = lookup(client, "token_validity_units", var.default_client_token_validity_units)
+      enable_token_revocation              = lookup(client, "enable_token_revocation", var.default_client_enable_token_revocation)
     }
   }
 }
@@ -225,6 +229,10 @@ resource "aws_cognito_user_pool_client" "client" {
   prevent_user_existence_errors        = each.value.prevent_user_existence_errors
   user_pool_id                         = aws_cognito_user_pool.user_pool[0].id
   write_attributes                     = each.value.write_attributes
+  access_token_validity                = each.value.access_token_validity
+  id_token_validity                    = each.value.id_token_validity
+  token_validity_units                 = each.value.token_validity_units
+  enable_token_revocation              = each.value.enable_token_revocation
 }
 
 resource "aws_cognito_user_pool_domain" "domain" {

variables.tf

@@ -160,6 +160,38 @@ variable "default_client_write_attributes" {
   default     = null
 }
 
+variable "default_client_access_token_validity" {
+  description = "(Optional) Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in 'default_client_token_validity_units'."
+  type        = number
+  default     = null
+}
+
+variable "default_client_id_token_validity" {
+  description = "(Optional) Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in 'default_client_token_validity_units'."
+  type        = number
+  default     = null
+}
+
+variable "default_client_token_validity_units" {
+  description = "(Optional) Configuration block for units in which the validity times are represented in."
+  type        = any
+  default     = null
+}
+
+# Example:
+#
+# default_client_token_validity_units = {
+#   refresh_token = "days"
+#   access_token  = "minutes"
+#   id_token      = "minutes"
+# }
+
+variable "default_client_enable_token_revocation" {
+  description = " (Optional) Enables or disables token revocation."
+  type        = bool
+  default     = null
+}
+
 variable "invite_email_subject" {
   type        = string
   description = "(Optional) The subject for email messages."