Class: Aws::VerifiedPermissions::Types::OpenIdConnectConfiguration
- Inherits:
-
Struct
- Object
- Struct
- Aws::VerifiedPermissions::Types::OpenIdConnectConfiguration
- Defined in:
- gems/aws-sdk-verifiedpermissions/lib/aws-sdk-verifiedpermissions/types.rb
Overview
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource.
Constant Summary collapse
- SENSITIVE =
[:entity_id_prefix]
Instance Attribute Summary collapse
-
#entity_id_prefix ⇒ String
A descriptive string that you want to prefix to user entities from your OIDC identity provider.
-
#group_configuration ⇒ Types::OpenIdConnectGroupConfiguration
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
-
#issuer ⇒ String
The issuer URL of an OIDC identity provider.
-
#token_selection ⇒ Types::OpenIdConnectTokenSelection
The token type that you want to process from your OIDC identity provider.
Instance Attribute Details
#entity_id_prefix ⇒ String
A descriptive string that you want to prefix to user entities from
your OIDC identity provider. For example, if you set an
entityIdPrefix
of MyOIDCProvider
, you can reference principals
in your policies in the format
MyCorp::User::MyOIDCProvider|Carlos
.
2611 2612 2613 2614 2615 2616 2617 2618 |
# File 'gems/aws-sdk-verifiedpermissions/lib/aws-sdk-verifiedpermissions/types.rb', line 2611 class OpenIdConnectConfiguration < Struct.new( :issuer, :entity_id_prefix, :group_configuration, :token_selection) SENSITIVE = [:entity_id_prefix] include Aws::Structure end |
#group_configuration ⇒ Types::OpenIdConnectGroupConfiguration
The claim in OIDC identity provider tokens that indicates a user's
group membership, and the entity type that you want to map it to.
For example, this object can map the contents of a groups
claim to
MyCorp::UserGroup
.
2611 2612 2613 2614 2615 2616 2617 2618 |
# File 'gems/aws-sdk-verifiedpermissions/lib/aws-sdk-verifiedpermissions/types.rb', line 2611 class OpenIdConnectConfiguration < Struct.new( :issuer, :entity_id_prefix, :group_configuration, :token_selection) SENSITIVE = [:entity_id_prefix] include Aws::Structure end |
#issuer ⇒ String
The issuer URL of an OIDC identity provider. This URL must have an
OIDC discovery endpoint at the path
.well-known/openid-configuration
.
2611 2612 2613 2614 2615 2616 2617 2618 |
# File 'gems/aws-sdk-verifiedpermissions/lib/aws-sdk-verifiedpermissions/types.rb', line 2611 class OpenIdConnectConfiguration < Struct.new( :issuer, :entity_id_prefix, :group_configuration, :token_selection) SENSITIVE = [:entity_id_prefix] include Aws::Structure end |
#token_selection ⇒ Types::OpenIdConnectTokenSelection
The token type that you want to process from your OIDC identity provider. Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
2611 2612 2613 2614 2615 2616 2617 2618 |
# File 'gems/aws-sdk-verifiedpermissions/lib/aws-sdk-verifiedpermissions/types.rb', line 2611 class OpenIdConnectConfiguration < Struct.new( :issuer, :entity_id_prefix, :group_configuration, :token_selection) SENSITIVE = [:entity_id_prefix] include Aws::Structure end |