aws-cdk-lib.aws_appsync.OpenIdConnectConfig

interface OpenIdConnectConfig

LanguageType name
.NETAmazon.CDK.AWS.AppSync.OpenIdConnectConfig
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsappsync#OpenIdConnectConfig
Javasoftware.amazon.awscdk.services.appsync.OpenIdConnectConfig
Pythonaws_cdk.aws_appsync.OpenIdConnectConfig
TypeScript (source)aws-cdk-lib » aws_appsync » OpenIdConnectConfig

Configuration for OpenID Connect authorization in AppSync.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_appsync as appsync } from 'aws-cdk-lib';
const openIdConnectConfig: appsync.OpenIdConnectConfig = {
  oidcProvider: 'oidcProvider',

  // the properties below are optional
  clientId: 'clientId',
  tokenExpiryFromAuth: 123,
  tokenExpiryFromIssue: 123,
};

Properties

NameTypeDescription
oidcProviderstringThe issuer for the OIDC configuration.
clientId?stringThe client identifier of the Relying party at the OpenID identity provider.
tokenExpiryFromAuth?numberThe number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.
tokenExpiryFromIssue?numberThe number of milliseconds an OIDC token is valid after being issued to a user.

oidcProvider

Type: string

The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.


clientId?

Type: string (optional, default: * (All))

The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time. Example

- 'ABCD|CDEF' // where ABCD and CDEF are two different clientId

tokenExpiryFromAuth?

Type: number (optional, default: no validation)

The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.


tokenExpiryFromIssue?

Type: number (optional, default: no validation)

The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.