Class AuthenticateOidcOptions

Options for ListenerAction.authenciateOidc().

Inheritance
System.Object
AuthenticateOidcOptions
Namespace: Amazon.CDK.AWS.ElasticLoadBalancingV2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class AuthenticateOidcOptions : Object, IAuthenticateOidcOptions
Syntax (vb)
Public Class AuthenticateOidcOptions
    Inherits Object
    Implements IAuthenticateOidcOptions
Remarks

ExampleMetadata: infused

Examples
ApplicationListener listener;
ApplicationTargetGroup myTargetGroup;


listener.AddAction("DefaultAction", new AddApplicationActionProps {
    Action = ListenerAction.AuthenticateOidc(new AuthenticateOidcOptions {
        AuthorizationEndpoint = "https://example.com/openid",
        // Other OIDC properties here
        ClientId = "...",
        ClientSecret = SecretValue.SecretsManager("..."),
        Issuer = "...",
        TokenEndpoint = "...",
        UserInfoEndpoint = "...",

        // Next
        Next = ListenerAction.Forward(new [] { myTargetGroup })
    })
});

Synopsis

Constructors

AuthenticateOidcOptions()

Properties

AllowHttpsOutbound

Allow HTTPS outbound traffic to communicate with the IdP.
AuthenticationRequestExtraParams

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
AuthorizationEndpoint

The authorization endpoint of the IdP.
ClientId

The OAuth 2.0 client identifier.
ClientSecret

The OAuth 2.0 client secret.
Issuer

The OIDC issuer identifier of the IdP.
Next

What action to execute next.
OnUnauthenticatedRequest

The behavior if the user is not authenticated.
Scope

The set of user claims to be requested from the IdP.
SessionCookieName

The name of the cookie used to maintain session information.
SessionTimeout

The maximum duration of the authentication session.
TokenEndpoint

The token endpoint of the IdP.
UserInfoEndpoint

The user info endpoint of the IdP.

Constructors

AuthenticateOidcOptions()

public AuthenticateOidcOptions()

Properties

AllowHttpsOutbound

Allow HTTPS outbound traffic to communicate with the IdP.

public Nullable<bool> AllowHttpsOutbound { get; set; }
Property Value

System.Nullable<System.Boolean>

Remarks

Set this property to false if the IP address used for the IdP endpoint is identifiable and you want to control outbound traffic. Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.

Default: true

See: https://repost.aws/knowledge-center/elb-configure-authentication-alb

AuthenticationRequestExtraParams

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

public IDictionary<string, string> AuthenticationRequestExtraParams { get; set; }
Property Value

System.Collections.Generic.IDictionary<System.String, System.String>

Remarks

Default: - No extra parameters

AuthorizationEndpoint

The authorization endpoint of the IdP.

public string AuthorizationEndpoint { get; set; }
Property Value

System.String

Remarks

This must be a full URL, including the HTTPS protocol, the domain, and the path.

ClientId

The OAuth 2.0 client identifier.

public string ClientId { get; set; }
Property Value

System.String

ClientSecret

The OAuth 2.0 client secret.

public SecretValue ClientSecret { get; set; }
Property Value

SecretValue

Issuer

The OIDC issuer identifier of the IdP.

public string Issuer { get; set; }
Property Value

System.String

Remarks

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Next

What action to execute next.

public ListenerAction Next { get; set; }
Property Value

ListenerAction

OnUnauthenticatedRequest

The behavior if the user is not authenticated.

public Nullable<UnauthenticatedAction> OnUnauthenticatedRequest { get; set; }
Property Value

System.Nullable<UnauthenticatedAction>

Remarks

Default: UnauthenticatedAction.AUTHENTICATE

Scope

The set of user claims to be requested from the IdP.

public string Scope { get; set; }
Property Value

System.String

Remarks

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Default: "openid"

SessionCookieName

The name of the cookie used to maintain session information.

public string SessionCookieName { get; set; }
Property Value

System.String

Remarks

Default: "AWSELBAuthSessionCookie"

SessionTimeout

The maximum duration of the authentication session.

public Duration SessionTimeout { get; set; }
Property Value

Duration

Remarks

Default: Duration.days(7)

TokenEndpoint

The token endpoint of the IdP.

public string TokenEndpoint { get; set; }
Property Value

System.String

Remarks

This must be a full URL, including the HTTPS protocol, the domain, and the path.

UserInfoEndpoint

The user info endpoint of the IdP.

public string UserInfoEndpoint { get; set; }
Property Value

System.String

Remarks

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Implements