OpenIdConnectConfig

class aws_cdk.aws_appsync.OpenIdConnectConfig(*, oidc_provider, client_id=None, token_expiry_from_auth=None, token_expiry_from_issue=None)

Bases: object

(experimental) Configuration for OpenID Connect authorization in AppSync.

Parameters

  • oidc_provider (str) – (experimental) The issuer for the OIDC configuration. The issuer returned by discovery must exactly match the value of iss in the OIDC token.

  • client_id (Optional[str]) – (experimental) The client identifier of the Relying party at the OpenID identity provider. A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Default: - - (All)

  • token_expiry_from_auth (Union[int, float, None]) – (experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider. auth_time claim in OIDC token is required for this validation to work. Default: - no validation

  • token_expiry_from_issue (Union[int, float, None]) – (experimental) The number of milliseconds an OIDC token is valid after being issued to a user. This validation uses iat claim of OIDC token. Default: - no validation

Stability

experimental

Attributes

client_id

(experimental) The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.

Default

  • (All)

Stability

experimental

Example:

# Example automatically generated without compilation. See https://github.com/aws/jsii/issues/826
-"ABCD|CDEF"whereABCDandCDEFaretwodifferentclient_id
Return type

Optional[str]

oidc_provider

(experimental) The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.

Stability

experimental

Return type

str

token_expiry_from_auth

(experimental) The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.

Default

  • no validation

Stability

experimental

Return type

Union[int, float, None]

token_expiry_from_issue

(experimental) The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.

Default

  • no validation

Stability

experimental

Return type

Union[int, float, None]