interface OpenIdConnectTokenSelectionProperty

Language	Type name
.NET	Amazon.CDK.CfnPropertyMixins.AWS.VerifiedPermissions.CfnIdentitySourcePropsMixin.OpenIdConnectTokenSelectionProperty
Go	github.com/aws/aws-cdk-go/awscdkcfnpropertymixins/v2/awsverifiedpermissions#CfnIdentitySourcePropsMixin_OpenIdConnectTokenSelectionProperty
Java	software.amazon.awscdk.cfnpropertymixins.services.verifiedpermissions.CfnIdentitySourcePropsMixin.OpenIdConnectTokenSelectionProperty
Python	aws_cdk.cfn_property_mixins.aws_verifiedpermissions.CfnIdentitySourcePropsMixin.OpenIdConnectTokenSelectionProperty
TypeScript	@aws-cdk/cfn-property-mixins » aws_verifiedpermissions » CfnIdentitySourcePropsMixin » OpenIdConnectTokenSelectionProperty

The token type that you want to process from your OIDC identity provider.

Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

This data type is part of a OpenIdConnectConfiguration structure, which is a parameter of CreateIdentitySource .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnecttokenselection.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_verifiedpermissions as verifiedpermissions } from '@aws-cdk/cfn-property-mixins';
const openIdConnectTokenSelectionProperty: verifiedpermissions.CfnIdentitySourcePropsMixin.OpenIdConnectTokenSelectionProperty = {
  accessTokenOnly: {
    audiences: ['audiences'],
    principalIdClaim: 'principalIdClaim',
  },
  identityTokenOnly: {
    clientIds: ['clientIds'],
    principalIdClaim: 'principalIdClaim',
  },
};

Properties

Name	Type	Description
accessTokenOnly?	IResolvable | OpenIdConnectAccessTokenConfigurationProperty	The OIDC configuration for processing access tokens.
identityTokenOnly?	IResolvable | OpenIdConnectIdentityTokenConfigurationProperty	The OIDC configuration for processing identity (ID) tokens.

---

accessTokenOnly?

Type: IResolvable | OpenIdConnectAccessTokenConfigurationProperty (optional)

The OIDC configuration for processing access tokens.

Contains allowed audience claims, for example https://auth.example.com , and the claim that you want to map to the principal, for example sub .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnecttokenselection.html#cfn-verifiedpermissions-identitysource-openidconnecttokenselection-accesstokenonly

---

identityTokenOnly?

Type: IResolvable | OpenIdConnectIdentityTokenConfigurationProperty (optional)

The OIDC configuration for processing identity (ID) tokens.

Contains allowed client ID claims, for example 1example23456789 , and the claim that you want to map to the principal, for example sub .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnecttokenselection.html#cfn-verifiedpermissions-identitysource-openidconnecttokenselection-identitytokenonly