class GatewayCustomClaim
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.Bedrock.Agentcore.Alpha.GatewayCustomClaim |
 Go | github.com/aws/aws-cdk-go/awsbedrockagentcorealpha/v2#GatewayCustomClaim |
 Java | software.amazon.awscdk.services.bedrock.agentcore.alpha.GatewayCustomClaim |
 Python | aws_cdk.aws_bedrock_agentcore_alpha.GatewayCustomClaim |
 TypeScript (source) | @aws-cdk/aws-bedrock-agentcore-alpha ยป GatewayCustomClaim |
Represents a custom claim validation configuration for Gateway JWT authorizers.
Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.
Example
// Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
const customClaims = [
agentcore.GatewayCustomClaim.withStringValue('department', 'engineering'),
agentcore.GatewayCustomClaim.withStringArrayValue('roles', ['admin'], agentcore.CustomClaimOperator.CONTAINS),
agentcore.GatewayCustomClaim.withStringArrayValue('permissions', ['read', 'write'], agentcore.CustomClaimOperator.CONTAINS_ANY),
];
const gateway = new agentcore.Gateway(this, "MyGateway", {
gatewayName: "my-gateway",
authorizerConfiguration: agentcore.GatewayAuthorizer.usingCustomJwt({
discoveryUrl: "https://auth.example.com/.well-known/openid-configuration",
allowedAudience: ["my-app"],
allowedClients: ["my-client-id"],
allowedScopes: ["read", "write"],
customClaims: customClaims, // Optional custom claims
}),
});
Methods
| Name | Description |
|---|---|
| static with | Create a custom claim with a string array value. |
| static with | Create a custom claim with a string value. |
static withStringArrayValue(name, values, operator?)
public static withStringArrayValue(name: string, values: string[], operator?: CustomClaimOperator): GatewayCustomClaim
Parameters
- name
stringโ The name of the claim in the JWT token. - values
string[]โ The array of string values to match. - operator
Customโ The match operator (defaults to CONTAINS).Claim Operator
Returns
Create a custom claim with a string array value.
String array claims can use CONTAINS (default) or CONTAINS_ANY operator.
static withStringValue(name, value)
public static withStringValue(name: string, value: string): GatewayCustomClaim
Parameters
- name
stringโ The name of the claim in the JWT token. - value
stringโ The string value to match (must exactly equal).
Returns
Create a custom claim with a string value.
String claims must use the EQUALS operator.