OpenIdConnectConfig

class aws_cdk.aws_appsync.OpenIdConnectConfig(*, oidc_provider, client_id=None, token_expiry_from_auth=None, token_expiry_from_issue=None)

Bases: object

Configuration for OpenID Connect authorization in AppSync.

Parameters:

  • oidc_provider (str) – The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of iss in the OIDC token.

  • client_id (Optional[str]) – The client identifier of the Relying party at the OpenID identity provider. A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Default: - - (All)

  • token_expiry_from_auth (Union[int, float, None]) – The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider. auth_time claim in OIDC token is required for this validation to work. Default: - no validation

  • token_expiry_from_issue (Union[int, float, None]) – The number of milliseconds an OIDC token is valid after being issued to a user. This validation uses iat claim of OIDC token. Default: - no validation

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_appsync as appsync

open_id_connect_config = appsync.OpenIdConnectConfig(
    oidc_provider="oidcProvider",

    # the properties below are optional
    client_id="clientId",
    token_expiry_from_auth=123,
    token_expiry_from_issue=123
)

Attributes

client_id

The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.

Default:

  • (All)

Example:

-"ABCD|CDEF"
oidc_provider

The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.

token_expiry_from_auth

The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.

Default:

  • no validation

token_expiry_from_issue

The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.

Default:

  • no validation