IdentityProvider

The identity provider.

identityProviderArn

The ARN of the identity provider.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: ^arn:[\w+=\/,.@-]+:[a-zA-Z0-9\-]+:[a-zA-Z0-9\-]*:[a-zA-Z0-9]{1,12}:[a-zA-Z]+(\/[a-fA-F0-9\-]{36}){2,}$

Required: Yes

identityProviderDetails

The identity provider details. The following list describes the provider detail keys for each identity provider type.

For Google and Login with Amazon:
- client_id
- client_secret
- authorize_scopes
For Facebook:
- client_id
- client_secret
- authorize_scopes
- api_version
For Sign in with Apple:
- client_id
- team_id
- key_id
- private_key
- authorize_scopes
For OIDC providers:
- client_id
- client_secret
- attributes_request_method
- oidc_issuer
- authorize_scopes
- authorize_url if not available from discovery URL specified by oidc_issuer key
- token_url if not available from discovery URL specified by oidc_issuer key
- attributes_url if not available from discovery URL specified by oidc_issuer key
- jwks_uri if not available from discovery URL specified by oidc_issuer key
For SAML providers:
- MetadataFile OR MetadataURL
- IDPSignout (boolean) optional
- IDPInit (boolean) optional
- RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256
- EncryptedResponses (boolean) optional

Type: String to string map

Key Length Constraints: Minimum length of 0. Maximum length of 131072.

Key Pattern: ^[\s\S]*$

Value Length Constraints: Minimum length of 0. Maximum length of 131072.

Value Pattern: ^[\s\S]*$

Required: No

identityProviderName

The identity provider name.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 32.

Pattern: ^[^_][\p{L}\p{M}\p{S}\p{N}\p{P}][^_]+$

Required: No

identityProviderType

The identity provider type.

Type: String

Required: No

Contents