Interface AuthenticateOidcOptions
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
AuthenticateOidcOptions.Jsii$Proxy
ListenerAction.authenciateOidc().
Example:
ApplicationListener listener;
ApplicationTargetGroup myTargetGroup;
listener.addAction("DefaultAction", AddApplicationActionProps.builder()
.action(ListenerAction.authenticateOidc(AuthenticateOidcOptions.builder()
.authorizationEndpoint("https://example.com/openid")
// Other OIDC properties here
.clientId("...")
.clientSecret(SecretValue.secretsManager("..."))
.issuer("...")
.tokenEndpoint("...")
.userInfoEndpoint("...")
// Next
.next(ListenerAction.forward(List.of(myTargetGroup)))
.build()))
.build());
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forAuthenticateOidcOptionsstatic final classAn implementation forAuthenticateOidcOptions -
Method Summary
Modifier and TypeMethodDescriptionbuilder()default BooleanAllow HTTPS outbound traffic to communicate with the IdP.The query parameters (up to 10) to include in the redirect request to the authorization endpoint.The authorization endpoint of the IdP.The OAuth 2.0 client identifier.The OAuth 2.0 client secret.The OIDC issuer identifier of the IdP.getNext()What action to execute next.default UnauthenticatedActionThe behavior if the user is not authenticated.default StringgetScope()The set of user claims to be requested from the IdP.default StringThe name of the cookie used to maintain session information.default DurationThe maximum duration of the authentication session.The token endpoint of the IdP.The user info endpoint of the IdP.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAuthorizationEndpoint
The authorization endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
getClientId
The OAuth 2.0 client identifier. -
getClientSecret
The OAuth 2.0 client secret. -
getIssuer
The OIDC issuer identifier of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
getNext
What action to execute next. -
getTokenEndpoint
The token endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
getUserInfoEndpoint
The user info endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
getAllowHttpsOutbound
Allow HTTPS outbound traffic to communicate with the IdP.Set this property to false if the IP address used for the IdP endpoint is identifiable and you want to control outbound traffic. Then allow HTTPS outbound traffic to the IdP's IP address using the listener's
connectionsproperty.Default: true
- See Also:
-
getAuthenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.Default: - No extra parameters
-
getOnUnauthenticatedRequest
The behavior if the user is not authenticated.Default: UnauthenticatedAction.AUTHENTICATE
-
getScope
The set of user claims to be requested from the IdP.To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Default: "openid"
-
getSessionCookieName
The name of the cookie used to maintain session information.Default: "AWSELBAuthSessionCookie"
-
getSessionTimeout
The maximum duration of the authentication session.Default: Duration.days(7)
-
builder
- Returns:
- a
AuthenticateOidcOptions.BuilderofAuthenticateOidcOptions
-