AWS::VerifiedPermissions::IdentitySource OpenIdConnectTokenSelection

The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "AccessTokenOnly" : OpenIdConnectAccessTokenConfiguration,
  "IdentityTokenOnly" : OpenIdConnectIdentityTokenConfiguration
}

YAML


  AccessTokenOnly: 
    OpenIdConnectAccessTokenConfiguration
  IdentityTokenOnly: 
    OpenIdConnectIdentityTokenConfiguration

Properties

AccessTokenOnly

The OIDC configuration for processing access tokens. Contains allowed audience claims, for example https://auth.example.com, and the claim that you want to map to the principal, for example sub.

Required: No

Type: OpenIdConnectAccessTokenConfiguration

Update requires: No interruption

IdentityTokenOnly

The OIDC configuration for processing identity (ID) tokens. Contains allowed client ID claims, for example 1example23456789, and the claim that you want to map to the principal, for example sub.

Required: No

Type: OpenIdConnectIdentityTokenConfiguration

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

OpenIdConnectIdentityTokenConfiguration

AWS::VerifiedPermissions::Policy