OpenIdConnectConfiguration
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource.
Contents
Note
In the following list, the required parameters are described first.
- issuer
-
The issuer URL of an OIDC identity provider. This URL must have an OIDC discovery endpoint at the path
.well-known/openid-configuration
.Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Pattern:
https://.*
Required: Yes
- tokenSelection
-
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
Type: OpenIdConnectTokenSelection object
Note: This object is a Union. Only one member of this object can be specified or returned.
Required: Yes
- entityIdPrefix
-
A descriptive string that you want to prefix to user entities from your OIDC identity provider. For example, if you set an
entityIdPrefix
ofMyOIDCProvider
, you can reference principals in your policies in the formatMyCorp::User::MyOIDCProvider|Carlos
.Type: String
Length Constraints: Minimum length of 1. Maximum length of 100.
Required: No
- groupConfiguration
-
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. For example, this object can map the contents of a
groups
claim toMyCorp::UserGroup
.Type: OpenIdConnectGroupConfiguration object
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: