OpenIdConnectConfig¶
-
class
aws_cdk.aws_appsync.
OpenIdConnectConfig
(*, oidc_provider, client_id=None, token_expiry_from_auth=None, token_expiry_from_issue=None)¶ Bases:
object
(experimental) Configuration for OpenID Connect authorization in AppSync.
- Parameters
oidc_provider (
str
) – (experimental) The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value ofiss
in the OIDC token.client_id (
Optional
[str
]) – (experimental) The client identifier of the Relying party at the OpenID identity provider. A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Default: - - (All)token_expiry_from_auth (
Union
[int
,float
,None
]) – (experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.auth_time
claim in OIDC token is required for this validation to work. Default: - no validationtoken_expiry_from_issue (
Union
[int
,float
,None
]) – (experimental) The number of milliseconds an OIDC token is valid after being issued to a user. This validation usesiat
claim of OIDC token. Default: - no validation
- Stability
experimental
Attributes
-
client_id
¶ (experimental) The client identifier of the Relying party at the OpenID identity provider.
A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.
- Default
(All)
- Stability
experimental
Example:
# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826 -"ABCD|CDEF"whereABCDandCDEFaretwodifferentclient_id
- Return type
Optional
[str
]
-
oidc_provider
¶ (experimental) The issuer for the OIDC configuration.
The issuer returned by discovery must exactly match the value of
iss
in the OIDC token.- Stability
experimental
- Return type
str
-
token_expiry_from_auth
¶ (experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.
auth_time
claim in OIDC token is required for this validation to work.- Default
no validation
- Stability
experimental
- Return type
Union
[int
,float
,None
]
-
token_expiry_from_issue
¶ (experimental) The number of milliseconds an OIDC token is valid after being issued to a user.
This validation uses
iat
claim of OIDC token.- Default
no validation
- Stability
experimental
- Return type
Union
[int
,float
,None
]