Class CfnIdentitySource.OpenIdConnectConfigurationProperty
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities.
Inheritance
Namespace: Amazon.CDK.AwsVerifiedpermissions
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class OpenIdConnectConfigurationProperty : Object, CfnIdentitySource.IOpenIdConnectConfigurationPropertySyntax (vb)
Public Class OpenIdConnectConfigurationProperty
Inherits Object
Implements CfnIdentitySource.IOpenIdConnectConfigurationPropertyRemarks
It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.Aws_verifiedpermissions;
var openIdConnectConfigurationProperty = new OpenIdConnectConfigurationProperty {
Issuer = "issuer",
TokenSelection = new OpenIdConnectTokenSelectionProperty {
AccessTokenOnly = new OpenIdConnectAccessTokenConfigurationProperty {
Audiences = new [] { "audiences" },
PrincipalIdClaim = "principalIdClaim"
},
IdentityTokenOnly = new OpenIdConnectIdentityTokenConfigurationProperty {
ClientIds = new [] { "clientIds" },
PrincipalIdClaim = "principalIdClaim"
}
},
// the properties below are optional
EntityIdPrefix = "entityIdPrefix",
GroupConfiguration = new OpenIdConnectGroupConfigurationProperty {
GroupClaim = "groupClaim",
GroupEntityType = "groupEntityType"
}
};Synopsis
Constructors
| Open |
Properties
| Entity |
A descriptive string that you want to prefix to user entities from your OIDC identity provider. |
| Group |
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to. |
| Issuer | The issuer URL of an OIDC identity provider. |
| Token |
The token type that you want to process from your OIDC identity provider. |
Constructors
OpenIdConnectConfigurationProperty()
public OpenIdConnectConfigurationProperty()Properties
EntityIdPrefix
A descriptive string that you want to prefix to user entities from your OIDC identity provider.
public string EntityIdPrefix { get; set; }Property Value
System.
Remarks
For example, if you set an entityIdPrefix of MyOIDCProvider , you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos .
GroupConfiguration
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
public object GroupConfiguration { get; set; }Property Value
System.
Remarks
For example, this object can map the contents of a groups claim to MyCorp::UserGroup .
Issuer
The issuer URL of an OIDC identity provider.
public string Issuer { get; set; }Property Value
System.
Remarks
This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration .
TokenSelection
The token type that you want to process from your OIDC identity provider.
public object TokenSelection { get; set; }Property Value
System.
Remarks
Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.