AuthenticateOidcOptions

class aws_cdk.aws_elasticloadbalancingv2.AuthenticateOidcOptions(*, authorization_endpoint, client_id, client_secret, issuer, next, token_endpoint, user_info_endpoint, authentication_request_extra_params=None, on_unauthenticated_request=None, scope=None, session_cookie_name=None, session_timeout=None)

Bases: object

__init__(*, authorization_endpoint, client_id, client_secret, issuer, next, token_endpoint, user_info_endpoint, authentication_request_extra_params=None, on_unauthenticated_request=None, scope=None, session_cookie_name=None, session_timeout=None)

Options for ListenerAction.authenciateOidc().

Parameters
  • authorization_endpoint (str) – The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • client_id (str) – The OAuth 2.0 client identifier.

  • client_secret (SecretValue) – The OAuth 2.0 client secret.

  • issuer (str) – The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • next (ListenerAction) – What action to execute next.

  • token_endpoint (str) – The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • user_info_endpoint (str) – The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • authentication_request_extra_params (Optional[Mapping[str, str]]) – The query parameters (up to 10) to include in the redirect request to the authorization endpoint. Default: - No extra parameters

  • on_unauthenticated_request (Optional[UnauthenticatedAction]) – The behavior if the user is not authenticated. Default: UnauthenticatedAction.AUTHENTICATE

  • scope (Optional[str]) – The set of user claims to be requested from the IdP. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. Default: “openid”

  • session_cookie_name (Optional[str]) – The name of the cookie used to maintain session information. Default: “AWSELBAuthSessionCookie”

  • session_timeout (Optional[Duration]) – The maximum duration of the authentication session. Default: Duration.days(7)

Return type

None

Attributes

authentication_request_extra_params

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

default :default: - No extra parameters

Return type

Optional[Mapping[str, str]]

authorization_endpoint

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Return type

str

client_id

The OAuth 2.0 client identifier.

Return type

str

client_secret

The OAuth 2.0 client secret.

Return type

SecretValue

issuer

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Return type

str

next

What action to execute next.

Return type

ListenerAction

on_unauthenticated_request

The behavior if the user is not authenticated.

default :default: UnauthenticatedAction.AUTHENTICATE

Return type

Optional[UnauthenticatedAction]

scope

The set of user claims to be requested from the IdP.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

default :default: “openid”

Return type

Optional[str]

The name of the cookie used to maintain session information.

default :default: “AWSELBAuthSessionCookie”

Return type

Optional[str]

session_timeout

The maximum duration of the authentication session.

default :default: Duration.days(7)

Return type

Optional[Duration]

token_endpoint

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Return type

str

user_info_endpoint

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Return type

str