OpenIdConnectTokenSelection - Amazon Verified Permissions

OpenIdConnectTokenSelection

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

Contents

Note

In the following list, the required parameters are described first.

Important

This data type is a UNION, so only one of the following members can be specified when used or returned.

accessTokenOnly

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.

Type: OpenIdConnectAccessTokenConfiguration object

Required: No

identityTokenOnly

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.

Type: OpenIdConnectIdentityTokenConfiguration object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: