interface AuthenticateCognitoActionProps
Language | Type name |
---|---|
.NET | Amazon.CDK.AWS.ElasticLoadBalancingV2.Actions.AuthenticateCognitoActionProps |
Java | software.amazon.awscdk.services.elasticloadbalancingv2.actions.AuthenticateCognitoActionProps |
Python | aws_cdk.aws_elasticloadbalancingv2_actions.AuthenticateCognitoActionProps |
TypeScript (source) | @aws-cdk/aws-elasticloadbalancingv2-actions » AuthenticateCognitoActionProps |
Properties for AuthenticateCognitoAction.
Example
const lb = new elbv2.ApplicationLoadBalancer(this, 'LB', {
vpc,
internetFacing: true,
});
const userPool = new cognito.UserPool(this, 'UserPool');
const userPoolClient = new cognito.UserPoolClient(this, 'Client', {
userPool,
// Required minimal configuration for use with an ELB
generateSecret: true,
authFlows: {
userPassword: true,
},
oAuth: {
flows: {
authorizationCodeGrant: true,
},
scopes: [cognito.OAuthScope.EMAIL],
callbackUrls: [
`https://${lb.loadBalancerDnsName}/oauth2/idpresponse`,
],
},
});
const cfnClient = userPoolClient.node.defaultChild as cognito.CfnUserPoolClient;
cfnClient.addPropertyOverride('RefreshTokenValidity', 1);
cfnClient.addPropertyOverride('SupportedIdentityProviders', ['COGNITO']);
const userPoolDomain = new cognito.UserPoolDomain(this, 'Domain', {
userPool,
cognitoDomain: {
domainPrefix: 'test-cdk-prefix',
},
});
lb.addListener('Listener', {
port: 443,
certificates: [certificate],
defaultAction: new actions.AuthenticateCognitoAction({
userPool,
userPoolClient,
userPoolDomain,
next: elbv2.ListenerAction.fixedResponse(200, {
contentType: 'text/plain',
messageBody: 'Authenticated',
}),
}),
});
new CfnOutput(this, 'DNS', {
value: lb.loadBalancerDnsName,
});
}
}
const app = new App();
new CognitoStack(app, 'integ-cognito');
app.synth();
Properties
Name | Type | Description |
---|---|---|
next | Listener | What action to execute next. |
user | IUser | The Amazon Cognito user pool. |
user | IUser | The Amazon Cognito user pool client. |
user | IUser | The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. |
authentication | { [string]: string } | The query parameters (up to 10) to include in the redirect request to the authorization endpoint. |
on | Unauthenticated | The behavior if the user is not authenticated. |
scope? | string | The set of user claims to be requested from the IdP. |
session | string | The name of the cookie used to maintain session information. |
session | Duration | The maximum duration of the authentication session. |
next
Type:
Listener
What action to execute next.
Multiple actions form a linked chain; the chain must always terminate in a (weighted)forward, fixedResponse or redirect action.
userPool
Type:
IUser
The Amazon Cognito user pool.
userPoolClient
Type:
IUser
The Amazon Cognito user pool client.
userPoolDomain
Type:
IUser
The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
authenticationRequestExtraParams?
Type:
{ [string]: string }
(optional, default: No extra parameters)
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
onUnauthenticatedRequest?
Type:
Unauthenticated
(optional, default: UnauthenticatedAction.AUTHENTICATE)
The behavior if the user is not authenticated.
scope?
Type:
string
(optional, default: "openid")
The set of user claims to be requested from the IdP.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
sessionCookieName?
Type:
string
(optional, default: "AWSELBAuthSessionCookie")
The name of the cookie used to maintain session information.
sessionTimeout?
Type:
Duration
(optional, default: Duration.days(7))
The maximum duration of the authentication session.