You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig
- Inherits:
-
Struct
- Object
- Struct
- Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig
- Defined in:
- (unknown)
Overview
When passing AuthenticateOidcActionConfig as input to an Aws::Client method, you can use a vanilla Hash:
{
issuer: "AuthenticateOidcActionIssuer", # required
authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
client_id: "AuthenticateOidcActionClientId", # required
client_secret: "AuthenticateOidcActionClientSecret",
session_cookie_name: "AuthenticateOidcActionSessionCookieName",
scope: "AuthenticateOidcActionScope",
session_timeout: 1,
authentication_request_extra_params: {
"AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
},
on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
use_existing_client_secret: false,
}
Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
Returned by:
Instance Attribute Summary collapse
-
#authentication_request_extra_params ⇒ Hash<String,String>
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
-
#authorization_endpoint ⇒ String
The authorization endpoint of the IdP.
-
#client_id ⇒ String
The OAuth 2.0 client identifier.
-
#client_secret ⇒ String
The OAuth 2.0 client secret.
-
#issuer ⇒ String
The OIDC issuer identifier of the IdP.
-
#on_unauthenticated_request ⇒ String
The behavior if the user is not authenticated.
-
#scope ⇒ String
The set of user claims to be requested from the IdP.
-
#session_cookie_name ⇒ String
The name of the cookie used to maintain session information.
-
#session_timeout ⇒ Integer
The maximum duration of the authentication session, in seconds.
-
#token_endpoint ⇒ String
The token endpoint of the IdP.
-
#use_existing_client_secret ⇒ Boolean
Indicates whether to use the existing client secret when modifying a rule.
-
#user_info_endpoint ⇒ String
The user info endpoint of the IdP.
Instance Attribute Details
#authentication_request_extra_params ⇒ Hash<String,String>
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
#authorization_endpoint ⇒ String
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
#client_id ⇒ String
The OAuth 2.0 client identifier.
#client_secret ⇒ String
The OAuth 2.0 client secret. This parameter is required if you are
creating a rule. If you are modifying a rule, you can omit this
parameter if you set UseExistingClientSecret
to true.
#issuer ⇒ String
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
#on_unauthenticated_request ⇒ String
The behavior if the user is not authenticated. The following are possible values:
deny`` - Return an HTTP 401 Unauthorized error.
allow`` - Allow the request to be forwarded to the target.
authenticate`` - Redirect the request to the IdP authorization endpoint. This is the default value.
Possible values:
- deny
- allow
- authenticate
#scope ⇒ String
The set of user claims to be requested from the IdP. The default is
openid
.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
#session_cookie_name ⇒ String
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
#session_timeout ⇒ Integer
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
#token_endpoint ⇒ String
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
#use_existing_client_secret ⇒ Boolean
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
#user_info_endpoint ⇒ String
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.