interface AuthenticateOidcConfigProperty
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.ElasticLoadBalancingV2.CfnListener.AuthenticateOidcConfigProperty |
 Java | software.amazon.awscdk.services.elasticloadbalancingv2.CfnListener.AuthenticateOidcConfigProperty |
 Python | aws_cdk.aws_elasticloadbalancingv2.CfnListener.AuthenticateOidcConfigProperty |
 TypeScript | @aws-cdk/aws-elasticloadbalancingv2 » CfnListener » AuthenticateOidcConfigProperty |
Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import * as elbv2 from '@aws-cdk/aws-elasticloadbalancingv2';
const authenticateOidcConfigProperty: elbv2.CfnListener.AuthenticateOidcConfigProperty = {
authorizationEndpoint: 'authorizationEndpoint',
clientId: 'clientId',
issuer: 'issuer',
tokenEndpoint: 'tokenEndpoint',
userInfoEndpoint: 'userInfoEndpoint',
// the properties below are optional
authenticationRequestExtraParams: {
authenticationRequestExtraParamsKey: 'authenticationRequestExtraParams',
},
clientSecret: 'clientSecret',
onUnauthenticatedRequest: 'onUnauthenticatedRequest',
scope: 'scope',
sessionCookieName: 'sessionCookieName',
sessionTimeout: 'sessionTimeout',
useExistingClientSecret: false,
};
Properties
| Name | Type | Description |
|---|---|---|
| authorization | string | The authorization endpoint of the IdP. |
| client | string | The OAuth 2.0 client identifier. |
| issuer | string | The OIDC issuer identifier of the IdP. |
| token | string | The token endpoint of the IdP. |
| user | string | The user info endpoint of the IdP. |
| authentication | IResolvable | { [string]: string } | The query parameters (up to 10) to include in the redirect request to the authorization endpoint. |
| client | string | The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true. |
| on | string | The behavior if the user is not authenticated. The following are possible values:. |
| scope? | string | The set of user claims to be requested from the IdP. The default is openid . |
| session | string | The name of the cookie used to maintain session information. |
| session | string | The maximum duration of the authentication session, in seconds. |
| use | boolean | IResolvable | Indicates whether to use the existing client secret when modifying a rule. |
authorizationEndpoint
Type:
string
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
clientId
Type:
string
The OAuth 2.0 client identifier.
issuer
Type:
string
The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
tokenEndpoint
Type:
string
The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
userInfoEndpoint
Type:
string
The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
authenticationRequestExtraParams?
Type:
IResolvable | { [string]: string }
(optional)
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
clientSecret?
Type:
string
(optional)
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
onUnauthenticatedRequest?
Type:
string
(optional)
The behavior if the user is not authenticated. The following are possible values:.
- deny `` - Return an HTTP 401 Unauthorized error.
- allow `` - Allow the request to be forwarded to the target.
- authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.
scope?
Type:
string
(optional)
The set of user claims to be requested from the IdP. The default is openid .
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
sessionCookieName?
Type:
string
(optional)
The name of the cookie used to maintain session information.
The default is AWSELBAuthSessionCookie.
sessionTimeout?
Type:
string
(optional)
The maximum duration of the authentication session, in seconds.
The default is 604800 seconds (7 days).
useExistingClientSecret?
Type:
boolean | IResolvable
(optional)
Indicates whether to use the existing client secret when modifying a rule.
If you are creating a rule, you can omit this parameter or set it to false.