Interface CfnListener.AuthenticateOidcConfigProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnListener.AuthenticateOidcConfigProperty.Jsii$Proxy
- Enclosing class:
CfnListener
@Stability(Stable)
public static interface CfnListener.AuthenticateOidcConfigProperty
extends software.amazon.jsii.JsiiSerializable
Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.elasticloadbalancingv2.*; AuthenticateOidcConfigProperty authenticateOidcConfigProperty = AuthenticateOidcConfigProperty.builder() .authorizationEndpoint("authorizationEndpoint") .clientId("clientId") .issuer("issuer") .tokenEndpoint("tokenEndpoint") .userInfoEndpoint("userInfoEndpoint") // the properties below are optional .authenticationRequestExtraParams(Map.of( "authenticationRequestExtraParamsKey", "authenticationRequestExtraParams")) .clientSecret("clientSecret") .onUnauthenticatedRequest("onUnauthenticatedRequest") .scope("scope") .sessionCookieName("sessionCookieName") .sessionTimeout("sessionTimeout") .useExistingClientSecret(false) .build();
- See Also:
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forCfnListener.AuthenticateOidcConfigProperty
static final class
An implementation forCfnListener.AuthenticateOidcConfigProperty
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
default Object
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.The authorization endpoint of the IdP.The OAuth 2.0 client identifier.default String
The OAuth 2.0 client secret.The OIDC issuer identifier of the IdP.default String
The behavior if the user is not authenticated.default String
getScope()
The set of user claims to be requested from the IdP.default String
The name of the cookie used to maintain session information.default String
The maximum duration of the authentication session, in seconds.The token endpoint of the IdP.default Object
Indicates whether to use the existing client secret when modifying a rule.The user info endpoint of the IdP.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getAuthorizationEndpoint
The authorization endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
- See Also:
-
getClientId
The OAuth 2.0 client identifier.- See Also:
-
getIssuer
The OIDC issuer identifier of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
- See Also:
-
getTokenEndpoint
The token endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
- See Also:
-
getUserInfoEndpoint
The user info endpoint of the IdP.This must be a full URL, including the HTTPS protocol, the domain, and the path.
- See Also:
-
getAuthenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.- See Also:
-
getClientSecret
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you setUseExistingClientSecret
to true.- See Also:
-
getOnUnauthenticatedRequest
The behavior if the user is not authenticated. The following are possible values:.- deny `` - Return an HTTP 401 Unauthorized error.
- allow `` - Allow the request to be forwarded to the target.
- authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.
- See Also:
-
getScope
The set of user claims to be requested from the IdP. The default isopenid
.To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
- See Also:
-
getSessionCookieName
The name of the cookie used to maintain session information.The default is AWSELBAuthSessionCookie.
- See Also:
-
getSessionTimeout
The maximum duration of the authentication session, in seconds.The default is 604800 seconds (7 days).
- See Also:
-
getUseExistingClientSecret
Indicates whether to use the existing client secret when modifying a rule.If you are creating a rule, you can omit this parameter or set it to false.
- See Also:
-
builder
-