OpenIdConnectConfig

class aws_cdk.aws_appsync.OpenIdConnectConfig(*, oidc_provider, client_id=None, token_expiry_from_auth=None, token_expiry_from_issue=None)

Bases: object

(experimental) Configuration for OpenID Connect authorization in AppSync.

Parameters:

  • oidc_provider (str) – (experimental) The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of iss in the OIDC token.

  • client_id (Optional[str]) – (experimental) The client identifier of the Relying party at the OpenID identity provider. A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Default: - - (All)

  • token_expiry_from_auth (Union[int, float, None]) – (experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider. auth_time claim in OIDC token is required for this validation to work. Default: - no validation

  • token_expiry_from_issue (Union[int, float, None]) – (experimental) The number of milliseconds an OIDC token is valid after being issued to a user. This validation uses iat claim of OIDC token. Default: - no validation

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_appsync as appsync

open_id_connect_config = appsync.OpenIdConnectConfig(
    oidc_provider="oidcProvider",

    # the properties below are optional
    client_id="clientId",
    token_expiry_from_auth=123,
    token_expiry_from_issue=123
)

Attributes

client_id

(experimental) The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.

Default:

  • (All)

Stability:

experimental

Example:

-"ABCD|CDEF"
oidc_provider

(experimental) The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.

Stability:

experimental

token_expiry_from_auth

(experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.

Default:

  • no validation

Stability:

experimental

token_expiry_from_issue

(experimental) The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.

Default:

  • no validation

Stability:

experimental