interface AppSyncOpenIdConnectConfig
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.AppSync.AppSyncOpenIdConnectConfig |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsappsync#AppSyncOpenIdConnectConfig |
 Java | software.amazon.awscdk.services.appsync.AppSyncOpenIdConnectConfig |
 Python | aws_cdk.aws_appsync.AppSyncOpenIdConnectConfig |
 TypeScript (source) | aws-cdk-lib » aws_appsync » AppSyncOpenIdConnectConfig |
Configuration for OpenID Connect authorization in AppSync.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_appsync as appsync } from 'aws-cdk-lib';
const appSyncOpenIdConnectConfig: appsync.AppSyncOpenIdConnectConfig = {
oidcProvider: 'oidcProvider',
// the properties below are optional
clientId: 'clientId',
tokenExpiryFromAuth: 123,
tokenExpiryFromIssue: 123,
};
Properties
| Name | Type | Description |
|---|---|---|
| oidc | string | The issuer for the OIDC configuration. |
| client | string | The client identifier of the Relying party at the OpenID identity provider. |
| token | number | The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider. |
| token | number | The number of milliseconds an OIDC token is valid after being issued to a user. |
oidcProvider
Type:
string
The issuer for the OIDC configuration.
The issuer returned by discovery must exactly match the value of iss in the OIDC token.
clientId?
Type:
string
(optional, default: * (All))
The client identifier of the Relying party at the OpenID identity provider.
A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Example
- 'ABCD|CDEF' // where ABCD and CDEF are two different clientId
tokenExpiryFromAuth?
Type:
number
(optional, default: no validation)
The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.
auth_time claim in OIDC token is required for this validation to work.
tokenExpiryFromIssue?
Type:
number
(optional, default: no validation)
The number of milliseconds an OIDC token is valid after being issued to a user.
This validation uses iat claim of OIDC token.