aws-cdk-lib.aws_elasticloadbalancingv2.CfnListenerRule.AuthenticateCognitoConfigProperty

interface AuthenticateCognitoConfigProperty

LanguageType name
.NETAmazon.CDK.AWS.ElasticLoadBalancingV2.CfnListenerRule.AuthenticateCognitoConfigProperty
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2#CfnListenerRule_AuthenticateCognitoConfigProperty
Javasoftware.amazon.awscdk.services.elasticloadbalancingv2.CfnListenerRule.AuthenticateCognitoConfigProperty
Pythonaws_cdk.aws_elasticloadbalancingv2.CfnListenerRule.AuthenticateCognitoConfigProperty
TypeScript aws-cdk-lib » aws_elasticloadbalancingv2 » CfnListenerRule » AuthenticateCognitoConfigProperty

Specifies information required when integrating with Amazon Cognito to authenticate users.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_elasticloadbalancingv2 as elbv2 } from 'aws-cdk-lib';
const authenticateCognitoConfigProperty: elbv2.CfnListenerRule.AuthenticateCognitoConfigProperty = {
  userPoolArn: 'userPoolArn',
  userPoolClientId: 'userPoolClientId',
  userPoolDomain: 'userPoolDomain',

  // the properties below are optional
  authenticationRequestExtraParams: {
    authenticationRequestExtraParamsKey: 'authenticationRequestExtraParams',
  },
  onUnauthenticatedRequest: 'onUnauthenticatedRequest',
  scope: 'scope',
  sessionCookieName: 'sessionCookieName',
  sessionTimeout: 123,
};

Properties

NameTypeDescription
userPoolArnstringThe Amazon Resource Name (ARN) of the Amazon Cognito user pool.
userPoolClientIdstringThe ID of the Amazon Cognito user pool client.
userPoolDomainstringThe domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
authenticationRequestExtraParams?IResolvable | { [string]: string }The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
onUnauthenticatedRequest?stringThe behavior if the user is not authenticated. The following are possible values:.
scope?stringThe set of user claims to be requested from the IdP. The default is openid .
sessionCookieName?stringThe name of the cookie used to maintain session information.
sessionTimeout?numberThe maximum duration of the authentication session, in seconds.

userPoolArn

Type: string

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.


userPoolClientId

Type: string

The ID of the Amazon Cognito user pool client.


userPoolDomain

Type: string

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.


authenticationRequestExtraParams?

Type: IResolvable | { [string]: string } (optional)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.


onUnauthenticatedRequest?

Type: string (optional)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.

scope?

Type: string (optional)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.


sessionCookieName?

Type: string (optional)

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.


sessionTimeout?

Type: number (optional)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).