AWS::VerifiedPermissions::IdentitySource OpenIdConnectIdentityTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "ClientIds" : [ String, ... ],
  "PrincipalIdClaim" : String
}

YAML


  ClientIds: 
    - String
  PrincipalIdClaim: String

Properties

ClientIds

The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.

Required: No

Type: Array of String

Minimum: 1 | 0

Maximum: 255 | 1000

Update requires: No interruption

PrincipalIdClaim

The claim that determines the principal in OIDC access tokens. For example, sub.

Required: No

Type: String

Minimum: 1

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

OpenIdConnectGroupConfiguration

OpenIdConnectTokenSelection