Interface IAuthenticateCognitoActionProps
Properties for AuthenticateCognitoAction.
Namespace: Amazon.CDK.AWS.ElasticLoadBalancingV2.Actions
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public interface IAuthenticateCognitoActionProps
Syntax (vb)
Public Interface IAuthenticateCognitoActionProps
Remarks
ExampleMetadata: infused
Examples
using Amazon.CDK.AWS.CertificateManager;
Vpc vpc;
Certificate certificate;
var lb = new ApplicationLoadBalancer(this, "LB", new ApplicationLoadBalancerProps {
Vpc = vpc,
InternetFacing = true
});
var userPool = new UserPool(this, "UserPool");
var userPoolClient = new UserPoolClient(this, "Client", new UserPoolClientProps {
UserPool = userPool,
// Required minimal configuration for use with an ELB
GenerateSecret = true,
AuthFlows = new AuthFlow {
UserPassword = true
},
OAuth = new OAuthSettings {
Flows = new OAuthFlows {
AuthorizationCodeGrant = true
},
Scopes = new [] { OAuthScope.EMAIL },
CallbackUrls = new [] { $"https://{lb.loadBalancerDnsName}/oauth2/idpresponse" }
}
});
var cfnClient = (CfnUserPoolClient)userPoolClient.Node.DefaultChild;
cfnClient.AddPropertyOverride("RefreshTokenValidity", 1);
cfnClient.AddPropertyOverride("SupportedIdentityProviders", new [] { "COGNITO" });
var userPoolDomain = new UserPoolDomain(this, "Domain", new UserPoolDomainProps {
UserPool = userPool,
CognitoDomain = new CognitoDomainOptions {
DomainPrefix = "test-cdk-prefix"
}
});
lb.AddListener("Listener", new BaseApplicationListenerProps {
Port = 443,
Certificates = new [] { certificate },
DefaultAction = new AuthenticateCognitoAction(new AuthenticateCognitoActionProps {
UserPool = userPool,
UserPoolClient = userPoolClient,
UserPoolDomain = userPoolDomain,
Next = ListenerAction.FixedResponse(200, new FixedResponseOptions {
ContentType = "text/plain",
MessageBody = "Authenticated"
})
})
});
new CfnOutput(this, "DNS", new CfnOutputProps {
Value = lb.LoadBalancerDnsName
});
Synopsis
Properties
AllowHttpsOutbound | Allow HTTPS outbound traffic to communicate with the IdP. |
AuthenticationRequestExtraParams | The query parameters (up to 10) to include in the redirect request to the authorization endpoint. |
Next | What action to execute next. |
OnUnauthenticatedRequest | The behavior if the user is not authenticated. |
Scope | The set of user claims to be requested from the IdP. |
SessionCookieName | The name of the cookie used to maintain session information. |
SessionTimeout | The maximum duration of the authentication session. |
UserPool | The Amazon Cognito user pool. |
UserPoolClient | The Amazon Cognito user pool client. |
UserPoolDomain | The domain prefix or fully-qualified domain name of the Amazon Cognito user pool. |
Properties
AllowHttpsOutbound
Allow HTTPS outbound traffic to communicate with the IdP.
virtual Nullable<bool> AllowHttpsOutbound { get; }
Property Value
System.Nullable<System.Boolean>
Remarks
Set this property to false if the IP address used for the IdP endpoint is identifiable
and you want to control outbound traffic.
Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections
property.
Default: true
See: https://repost.aws/knowledge-center/elb-configure-authentication-alb
AuthenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
virtual IDictionary<string, string> AuthenticationRequestExtraParams { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.String>
Remarks
Default: - No extra parameters
Next
What action to execute next.
ListenerAction Next { get; }
Property Value
Remarks
Multiple actions form a linked chain; the chain must always terminate in a (weighted)forward, fixedResponse or redirect action.
OnUnauthenticatedRequest
The behavior if the user is not authenticated.
virtual Nullable<UnauthenticatedAction> OnUnauthenticatedRequest { get; }
Property Value
System.Nullable<UnauthenticatedAction>
Remarks
Default: UnauthenticatedAction.AUTHENTICATE
Scope
The set of user claims to be requested from the IdP.
virtual string Scope { get; }
Property Value
System.String
Remarks
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Default: "openid"
SessionCookieName
The name of the cookie used to maintain session information.
virtual string SessionCookieName { get; }
Property Value
System.String
Remarks
Default: "AWSELBAuthSessionCookie"
SessionTimeout
The maximum duration of the authentication session.
virtual Duration SessionTimeout { get; }
Property Value
Remarks
Default: Duration.days(7)
UserPool
UserPoolClient
The Amazon Cognito user pool client.
IUserPoolClient UserPoolClient { get; }
Property Value
UserPoolDomain
The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
IUserPoolDomain UserPoolDomain { get; }
Property Value