An external identity provider account for a user who does not currently exist yet in the user pool. This user
must be a federated user (for example, a SAML or Facebook user), not another native user.
If the SourceUser
is a federated social identity provider user (Facebook, Google, or Login with
Amazon), you must set the ProviderAttributeName
to Cognito_Subject
. For social
identity providers, the ProviderName
will be Facebook
, Google
, or
LoginWithAmazon
, and Cognito will automatically parse the Facebook, Google, and Login with
Amazon tokens for id
, sub
, and user_id
, respectively. The
ProviderAttributeValue
for the user must be the same value as the id
,
sub
, or user_id
value found in the social identity provider token.
For SAML, the ProviderAttributeName
can be any value that matches a claim in the SAML assertion.
If you wish to link SAML users based on the subject of the SAML assertion, you should map the subject to a
claim through the SAML identity provider and submit that claim name as the ProviderAttributeName
. If you set ProviderAttributeName
to Cognito_Subject
, Cognito will automatically
parse the default unique identifier found in the subject from the SAML token.
This is a convenience that creates an instance of the
ProviderUserIdentifierType.Builder avoiding the
need to create one manually via
ProviderUserIdentifierType#builder().
When the
Consumer completes,
ProviderUserIdentifierType.Builder#build() is called immediately
and its result is passed to
#sourceUser(ProviderUserIdentifierType).