AuthenticateOidcOptions¶
-
class
aws_cdk.aws_elasticloadbalancingv2.
AuthenticateOidcOptions
(*, authorization_endpoint, client_id, client_secret, issuer, next, token_endpoint, user_info_endpoint, authentication_request_extra_params=None, on_unauthenticated_request=None, scope=None, session_cookie_name=None, session_timeout=None)¶ Bases:
object
Options for
ListenerAction.authenciateOidc()
.- Parameters
authorization_endpoint (
str
) – The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.client_id (
str
) – The OAuth 2.0 client identifier.client_secret (
SecretValue
) – The OAuth 2.0 client secret.issuer (
str
) – The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.next (
ListenerAction
) – What action to execute next.token_endpoint (
str
) – The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.user_info_endpoint (
str
) – The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.authentication_request_extra_params (
Optional
[Mapping
[str
,str
]]) – The query parameters (up to 10) to include in the redirect request to the authorization endpoint. Default: - No extra parameterson_unauthenticated_request (
Optional
[UnauthenticatedAction
]) – The behavior if the user is not authenticated. Default: UnauthenticatedAction.AUTHENTICATEscope (
Optional
[str
]) – The set of user claims to be requested from the IdP. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. Default: “openid”session_cookie_name (
Optional
[str
]) – The name of the cookie used to maintain session information. Default: “AWSELBAuthSessionCookie”session_timeout (
Optional
[Duration
]) – The maximum duration of the authentication session. Default: Duration.days(7)
- ExampleMetadata
infused
Example:
# listener: elbv2.ApplicationListener # my_target_group: elbv2.ApplicationTargetGroup listener.add_action("DefaultAction", action=elbv2.ListenerAction.authenticate_oidc( authorization_endpoint="https://example.com/openid", # Other OIDC properties here client_id="...", client_secret=SecretValue.secrets_manager("..."), issuer="...", token_endpoint="...", user_info_endpoint="...", # Next next=elbv2.ListenerAction.forward([my_target_group]) ) )
Attributes
-
authentication_request_extra_params
¶ The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
- Default
No extra parameters
- Return type
Optional
[Mapping
[str
,str
]]
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Return type
str
-
client_id
¶ The OAuth 2.0 client identifier.
- Return type
str
-
client_secret
¶ The OAuth 2.0 client secret.
- Return type
-
issuer
¶ The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Return type
str
-
next
¶ What action to execute next.
- Return type
-
on_unauthenticated_request
¶ The behavior if the user is not authenticated.
- Default
UnauthenticatedAction.AUTHENTICATE
- Return type
Optional
[UnauthenticatedAction
]
-
scope
¶ The set of user claims to be requested from the IdP.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
- Default
“openid”
- Return type
Optional
[str
]
The name of the cookie used to maintain session information.
- Default
“AWSELBAuthSessionCookie”
- Return type
Optional
[str
]
-
session_timeout
¶ The maximum duration of the authentication session.
- Default
Duration.days(7)
- Return type
Optional
[Duration
]
-
token_endpoint
¶ The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Return type
str
-
user_info_endpoint
¶ The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Return type
str