aws-cdk-lib.aws_elasticloadbalancingv2.CfnListener.AuthenticateOidcConfigProperty

interface AuthenticateOidcConfigProperty

LanguageType name
.NETAmazon.CDK.AWS.ElasticLoadBalancingV2.CfnListener.AuthenticateOidcConfigProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2#CfnListener_AuthenticateOidcConfigProperty
Javasoftware.amazon.awscdk.services.elasticloadbalancingv2.CfnListener.AuthenticateOidcConfigProperty
Pythonaws_cdk.aws_elasticloadbalancingv2.CfnListener.AuthenticateOidcConfigProperty
TypeScript aws-cdk-lib » aws_elasticloadbalancingv2 » CfnListener » AuthenticateOidcConfigProperty

Specifies information required using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_elasticloadbalancingv2 as elbv2 } from 'aws-cdk-lib';
const authenticateOidcConfigProperty: elbv2.CfnListener.AuthenticateOidcConfigProperty = {
  authorizationEndpoint: 'authorizationEndpoint',
  clientId: 'clientId',
  issuer: 'issuer',
  tokenEndpoint: 'tokenEndpoint',
  userInfoEndpoint: 'userInfoEndpoint',

  // the properties below are optional
  authenticationRequestExtraParams: {
    authenticationRequestExtraParamsKey: 'authenticationRequestExtraParams',
  },
  clientSecret: 'clientSecret',
  onUnauthenticatedRequest: 'onUnauthenticatedRequest',
  scope: 'scope',
  sessionCookieName: 'sessionCookieName',
  sessionTimeout: 'sessionTimeout',
  useExistingClientSecret: false,
};

Properties

NameTypeDescription
authorizationEndpointstringThe authorization endpoint of the IdP.
clientIdstringThe OAuth 2.0 client identifier.
issuerstringThe OIDC issuer identifier of the IdP.
tokenEndpointstringThe token endpoint of the IdP.
userInfoEndpointstringThe user info endpoint of the IdP.
authenticationRequestExtraParams?IResolvable | { [string]: string }The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
clientSecret?stringThe OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
onUnauthenticatedRequest?stringThe behavior if the user is not authenticated. The following are possible values:.
scope?stringThe set of user claims to be requested from the IdP. The default is openid .
sessionCookieName?stringThe name of the cookie used to maintain session information.
sessionTimeout?stringThe maximum duration of the authentication session, in seconds.
useExistingClientSecret?boolean | IResolvableIndicates whether to use the existing client secret when modifying a rule.

authorizationEndpoint

Type: string

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


clientId

Type: string

The OAuth 2.0 client identifier.


issuer

Type: string

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


tokenEndpoint

Type: string

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


userInfoEndpoint

Type: string

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


authenticationRequestExtraParams?

Type: IResolvable | { [string]: string } (optional)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.


clientSecret?

Type: string (optional)

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.


onUnauthenticatedRequest?

Type: string (optional)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope?

Type: string (optional)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.


sessionCookieName?

Type: string (optional)

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.


sessionTimeout?

Type: string (optional)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).


useExistingClientSecret?

Type: boolean | IResolvable (optional)

Indicates whether to use the existing client secret when modifying a rule.

If you are creating a rule, you can omit this parameter or set it to false.