aws-cdk-lib.aws_elasticloadbalancingv2.AuthenticateOidcOptions

interface AuthenticateOidcOptions

LanguageType name
.NETAmazon.CDK.AWS.ElasticLoadBalancingV2.AuthenticateOidcOptions
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2#AuthenticateOidcOptions
Javasoftware.amazon.awscdk.services.elasticloadbalancingv2.AuthenticateOidcOptions
Pythonaws_cdk.aws_elasticloadbalancingv2.AuthenticateOidcOptions
TypeScript (source)aws-cdk-lib » aws_elasticloadbalancingv2 » AuthenticateOidcOptions

Options for ListenerAction.authenciateOidc().

Example

declare const listener: elbv2.ApplicationListener;
declare const myTargetGroup: elbv2.ApplicationTargetGroup;

listener.addAction('DefaultAction', {
  action: elbv2.ListenerAction.authenticateOidc({
    authorizationEndpoint: 'https://example.com/openid',
    // Other OIDC properties here
    clientId: '...',
    clientSecret: SecretValue.secretsManager('...'),
    issuer: '...',
    tokenEndpoint: '...',
    userInfoEndpoint: '...',

    // Next
    next: elbv2.ListenerAction.forward([myTargetGroup]),
  }),
});

Properties

NameTypeDescription
authorizationEndpointstringThe authorization endpoint of the IdP.
clientIdstringThe OAuth 2.0 client identifier.
clientSecretSecretValueThe OAuth 2.0 client secret.
issuerstringThe OIDC issuer identifier of the IdP.
nextListenerActionWhat action to execute next.
tokenEndpointstringThe token endpoint of the IdP.
userInfoEndpointstringThe user info endpoint of the IdP.
allowHttpsOutbound?booleanAllow HTTPS outbound traffic to communicate with the IdP.
authenticationRequestExtraParams?{ [string]: string }The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
onUnauthenticatedRequest?UnauthenticatedActionThe behavior if the user is not authenticated.
scope?stringThe set of user claims to be requested from the IdP.
sessionCookieName?stringThe name of the cookie used to maintain session information.
sessionTimeout?DurationThe maximum duration of the authentication session.

authorizationEndpoint

Type: string

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


clientId

Type: string

The OAuth 2.0 client identifier.


clientSecret

Type: SecretValue

The OAuth 2.0 client secret.


issuer

Type: string

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


next

Type: ListenerAction

What action to execute next.


tokenEndpoint

Type: string

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


userInfoEndpoint

Type: string

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.


allowHttpsOutbound?

Type: boolean (optional, default: true)

Allow HTTPS outbound traffic to communicate with the IdP.

Set this property to false if the IP address used for the IdP endpoint is identifiable and you want to control outbound traffic. Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.

See also: https://repost.aws/knowledge-center/elb-configure-authentication-alb


authenticationRequestExtraParams?

Type: { [string]: string } (optional, default: No extra parameters)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.


onUnauthenticatedRequest?

Type: UnauthenticatedAction (optional, default: UnauthenticatedAction.AUTHENTICATE)

The behavior if the user is not authenticated.


scope?

Type: string (optional, default: "openid")

The set of user claims to be requested from the IdP.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.


sessionCookieName?

Type: string (optional, default: "AWSELBAuthSessionCookie")

The name of the cookie used to maintain session information.


sessionTimeout?

Type: Duration (optional, default: Duration.days(7))

The maximum duration of the authentication session.