interface CognitoAuthorizerProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.CognitoAuthorizerProps |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#CognitoAuthorizerProps |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.CognitoAuthorizerProps |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.CognitoAuthorizerProps |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป CognitoAuthorizerProps |
**************************************************************************** Factory ***************************************************************************.
Example
declare const userPool: cognito.UserPool;
declare const userPoolClient: cognito.UserPoolClient;
// Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
const customClaims = [
agentcore.GatewayCustomClaim.withStringValue('department', 'engineering'),
agentcore.GatewayCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
agentcore.GatewayCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
];
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
authorizerConfiguration: agentcore.GatewayAuthorizer.usingCognito({
userPool: userPool,
allowedClients: [userPoolClient],
allowedAudiences: ["audience1"],
allowedScopes: ["read", "write"],
customClaims: customClaims, // Optional custom claims
}),
});
Properties
| Name | Type | Description |
|---|---|---|
| user | IUser | The Cognito User Pool to use for authentication. |
| allowed | string[] | The allowed audiences for JWT validation. |
| allowed | IUser[] | The allowed User Pool clients. |
| allowed | string[] | The allowed scopes for JWT validation. |
| custom | Gateway[] | Custom claims for additional JWT token validation. |
userPool
Type:
IUser
The Cognito User Pool to use for authentication.
allowedAudiences?
Type:
string[]
(optional, default: No audience validation)
The allowed audiences for JWT validation.
allowedClients?
Type:
IUser[]
(optional, default: All clients are allowed)
The allowed User Pool clients.
allowedScopes?
Type:
string[]
(optional, default: No scope validation)
The allowed scopes for JWT validation.
customClaims?
Type:
Gateway[]
(optional, default: No custom claim validation)
Custom claims for additional JWT token validation.
Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.