fix #3133 Cognito Identity Provider : create_user_pool_client GenerateSecret=True doesn't work (#3135)

* fix #3133 Cognito Identity Provider : create_user_pool_client
`GenerateSecret=True` doesn't work

* add test for update_user_pool_client

moto/cognitoidp/models.py

@@ -210,10 +210,11 @@ class CognitoIdpUserPoolDomain(BaseModel):
 
 
 class CognitoIdpUserPoolClient(BaseModel):
-    def __init__(self, user_pool_id, extended_config):
+    def __init__(self, user_pool_id, generate_secret, extended_config):
         self.user_pool_id = user_pool_id
         self.id = str(uuid.uuid4())
         self.secret = str(uuid.uuid4())
+        self.generate_secret = generate_secret or False
         self.extended_config = extended_config or {}
 
     def _base_json(self):
@@ -225,6 +226,8 @@ class CognitoIdpUserPoolClient(BaseModel):
 
     def to_json(self, extended=False):
         user_pool_client_json = self._base_json()
+        if self.generate_secret:
+            user_pool_client_json.update({"ClientSecret": self.secret})
         if extended:
             user_pool_client_json.update(self.extended_config)
 
@@ -402,12 +405,14 @@ class CognitoIdpBackend(BaseBackend):
         return user_pool_domain
 
     # User pool client
-    def create_user_pool_client(self, user_pool_id, extended_config):
+    def create_user_pool_client(self, user_pool_id, generate_secret, extended_config):
         user_pool = self.user_pools.get(user_pool_id)
         if not user_pool:
             raise ResourceNotFoundError(user_pool_id)
 
-        user_pool_client = CognitoIdpUserPoolClient(user_pool_id, extended_config)
+        user_pool_client = CognitoIdpUserPoolClient(
+            user_pool_id, generate_secret, extended_config
+        )
         user_pool.clients[user_pool_client.id] = user_pool_client
         return user_pool_client
 

moto/cognitoidp/responses.py

@@ -84,8 +84,9 @@ class CognitoIdpResponse(BaseResponse):
     # User pool client
     def create_user_pool_client(self):
         user_pool_id = self.parameters.pop("UserPoolId")
+        generate_secret = self.parameters.pop("GenerateSecret", False)
         user_pool_client = cognitoidp_backends[self.region].create_user_pool_client(
-            user_pool_id, self.parameters
+            user_pool_id, generate_secret, self.parameters
         )
         return json.dumps({"UserPoolClient": user_pool_client.to_json(extended=True)})
 

tests/test_cognitoidp/test_cognitoidp.py

@@ -213,6 +213,29 @@ def test_create_user_pool_client():
     result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
     result["UserPoolClient"]["ClientId"].should_not.be.none
     result["UserPoolClient"]["ClientName"].should.equal(client_name)
+    result["UserPoolClient"].should_not.have.key("ClientSecret")
+    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
+    result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
+
+
+@mock_cognitoidp
+def test_create_user_pool_client_returns_secret():
+    conn = boto3.client("cognito-idp", "us-west-2")
+
+    client_name = str(uuid.uuid4())
+    value = str(uuid.uuid4())
+    user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
+    result = conn.create_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientName=client_name,
+        GenerateSecret=True,
+        CallbackURLs=[value],
+    )
+
+    result["UserPoolClient"]["UserPoolId"].should.equal(user_pool_id)
+    result["UserPoolClient"]["ClientId"].should_not.be.none
+    result["UserPoolClient"]["ClientName"].should.equal(client_name)
+    result["UserPoolClient"]["ClientSecret"].should_not.be.none
     result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
     result["UserPoolClient"]["CallbackURLs"][0].should.equal(value)
 
@@ -331,6 +354,37 @@ def test_update_user_pool_client():
     )
 
     result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
+    result["UserPoolClient"].should_not.have.key("ClientSecret")
+    result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
+    result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)
+
+
+@mock_cognitoidp
+def test_update_user_pool_client_returns_secret():
+    conn = boto3.client("cognito-idp", "us-west-2")
+
+    old_client_name = str(uuid.uuid4())
+    new_client_name = str(uuid.uuid4())
+    old_value = str(uuid.uuid4())
+    new_value = str(uuid.uuid4())
+    user_pool_id = conn.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"]["Id"]
+    client_details = conn.create_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientName=old_client_name,
+        GenerateSecret=True,
+        CallbackURLs=[old_value],
+    )
+    client_secret = client_details["UserPoolClient"]["ClientSecret"]
+
+    result = conn.update_user_pool_client(
+        UserPoolId=user_pool_id,
+        ClientId=client_details["UserPoolClient"]["ClientId"],
+        ClientName=new_client_name,
+        CallbackURLs=[new_value],
+    )
+
+    result["UserPoolClient"]["ClientName"].should.equal(new_client_name)
+    result["UserPoolClient"]["ClientSecret"].should.equal(client_secret)
     result["UserPoolClient"]["CallbackURLs"].should.have.length_of(1)
     result["UserPoolClient"]["CallbackURLs"][0].should.equal(new_value)