AuthenticateOidcOptions
- class aws_cdk.aws_elasticloadbalancingv2.AuthenticateOidcOptions(*, authorization_endpoint, client_id, client_secret, issuer, next, token_endpoint, user_info_endpoint, authentication_request_extra_params=None, on_unauthenticated_request=None, scope=None, session_cookie_name=None, session_timeout=None)
Bases:
object
Options for
ListenerAction.authenciateOidc()
.- Parameters:
authorization_endpoint (
str
) – The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.client_id (
str
) – The OAuth 2.0 client identifier.client_secret (
SecretValue
) – The OAuth 2.0 client secret.issuer (
str
) – The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.next (
ListenerAction
) – What action to execute next.token_endpoint (
str
) – The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.user_info_endpoint (
str
) – The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.authentication_request_extra_params (
Optional
[Mapping
[str
,str
]]) – The query parameters (up to 10) to include in the redirect request to the authorization endpoint. Default: - No extra parameterson_unauthenticated_request (
Optional
[UnauthenticatedAction
]) – The behavior if the user is not authenticated. Default: UnauthenticatedAction.AUTHENTICATEscope (
Optional
[str
]) – The set of user claims to be requested from the IdP. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. Default: “openid”session_cookie_name (
Optional
[str
]) – The name of the cookie used to maintain session information. Default: “AWSELBAuthSessionCookie”session_timeout (
Optional
[Duration
]) – The maximum duration of the authentication session. Default: Duration.days(7)
- ExampleMetadata:
infused
Example:
# listener: elbv2.ApplicationListener # my_target_group: elbv2.ApplicationTargetGroup listener.add_action("DefaultAction", action=elbv2.ListenerAction.authenticate_oidc( authorization_endpoint="https://example.com/openid", # Other OIDC properties here client_id="...", client_secret=SecretValue.secrets_manager("..."), issuer="...", token_endpoint="...", user_info_endpoint="...", # Next next=elbv2.ListenerAction.forward([my_target_group]) ) )
Attributes
- authentication_request_extra_params
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- Default:
No extra parameters
- authorization_endpoint
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- client_id
The OAuth 2.0 client identifier.
- client_secret
The OAuth 2.0 client secret.
- issuer
The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- next
What action to execute next.
- on_unauthenticated_request
The behavior if the user is not authenticated.
- Default:
UnauthenticatedAction.AUTHENTICATE
- scope
The set of user claims to be requested from the IdP.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
- Default:
“openid”
- session_cookie_name
The name of the cookie used to maintain session information.
- Default:
“AWSELBAuthSessionCookie”
- session_timeout
The maximum duration of the authentication session.
- Default:
Duration.days(7)
- token_endpoint
The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- user_info_endpoint
The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.