Class AuthenticateOidcOptions
Options for ListenerAction.authenciateOidc().
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.ElasticLoadBalancingV2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class AuthenticateOidcOptions : IAuthenticateOidcOptionsSyntax (vb)
Public Class AuthenticateOidcOptions Implements IAuthenticateOidcOptionsRemarks
ExampleMetadata: infused
Examples
ApplicationListener listener;
ApplicationTargetGroup myTargetGroup;
listener.AddAction("DefaultAction", new AddApplicationActionProps {
Action = ListenerAction.AuthenticateOidc(new AuthenticateOidcOptions {
AuthorizationEndpoint = "https://example.com/openid",
// Other OIDC properties here
ClientId = "...",
ClientSecret = SecretValue.SecretsManager("..."),
Issuer = "...",
TokenEndpoint = "...",
UserInfoEndpoint = "...",
// Next
Next = ListenerAction.Forward(new [] { myTargetGroup })
})
});Synopsis
Constructors
| AuthenticateOidcOptions() | Options for |
Properties
| AllowHttpsOutbound | Allow HTTPS outbound traffic to communicate with the IdP. |
| AuthenticationRequestExtraParams | The query parameters (up to 10) to include in the redirect request to the authorization endpoint. |
| AuthorizationEndpoint | The authorization endpoint of the IdP. |
| ClientId | The OAuth 2.0 client identifier. |
| ClientSecret | The OAuth 2.0 client secret. |
| Issuer | The OIDC issuer identifier of the IdP. |
| Next | What action to execute next. |
| OnUnauthenticatedRequest | The behavior if the user is not authenticated. |
| Scope | The set of user claims to be requested from the IdP. |
| SessionCookieName | The name of the cookie used to maintain session information. |
| SessionTimeout | The maximum duration of the authentication session. |
| TokenEndpoint | The token endpoint of the IdP. |
| UserInfoEndpoint | The user info endpoint of the IdP. |
Constructors
AuthenticateOidcOptions()
Options for ListenerAction.authenciateOidc().
public AuthenticateOidcOptions()Remarks
ExampleMetadata: infused
Examples
ApplicationListener listener;
ApplicationTargetGroup myTargetGroup;
listener.AddAction("DefaultAction", new AddApplicationActionProps {
Action = ListenerAction.AuthenticateOidc(new AuthenticateOidcOptions {
AuthorizationEndpoint = "https://example.com/openid",
// Other OIDC properties here
ClientId = "...",
ClientSecret = SecretValue.SecretsManager("..."),
Issuer = "...",
TokenEndpoint = "...",
UserInfoEndpoint = "...",
// Next
Next = ListenerAction.Forward(new [] { myTargetGroup })
})
});Properties
AllowHttpsOutbound
Allow HTTPS outbound traffic to communicate with the IdP.
public bool? AllowHttpsOutbound { get; set; }Property Value
bool?
Remarks
Set this property to false if the IP address used for the IdP endpoint is identifiable
and you want to control outbound traffic.
Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.
Default: true
See: https://repost.aws/knowledge-center/elb-configure-authentication-alb
AuthenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
public IDictionary<string, string>? AuthenticationRequestExtraParams { get; set; }Property Value
Remarks
Default: - No extra parameters
AuthorizationEndpoint
The authorization endpoint of the IdP.
public string AuthorizationEndpoint { get; set; }Property Value
Remarks
This must be a full URL, including the HTTPS protocol, the domain, and the path.
ClientId
The OAuth 2.0 client identifier.
public string ClientId { get; set; }Property Value
Remarks
ExampleMetadata: infused
ClientSecret
The OAuth 2.0 client secret.
public SecretValue ClientSecret { get; set; }Property Value
Remarks
ExampleMetadata: infused
Issuer
The OIDC issuer identifier of the IdP.
public string Issuer { get; set; }Property Value
Remarks
This must be a full URL, including the HTTPS protocol, the domain, and the path.
Next
What action to execute next.
public ListenerAction Next { get; set; }Property Value
Remarks
ExampleMetadata: infused
OnUnauthenticatedRequest
The behavior if the user is not authenticated.
public UnauthenticatedAction? OnUnauthenticatedRequest { get; set; }Property Value
Remarks
Default: UnauthenticatedAction.AUTHENTICATE
Scope
The set of user claims to be requested from the IdP.
public string? Scope { get; set; }Property Value
Remarks
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
Default: "openid"
SessionCookieName
The name of the cookie used to maintain session information.
public string? SessionCookieName { get; set; }Property Value
Remarks
Default: "AWSELBAuthSessionCookie"
SessionTimeout
The maximum duration of the authentication session.
public Duration? SessionTimeout { get; set; }Property Value
Remarks
Default: Duration.days(7)
TokenEndpoint
The token endpoint of the IdP.
public string TokenEndpoint { get; set; }Property Value
Remarks
This must be a full URL, including the HTTPS protocol, the domain, and the path.
UserInfoEndpoint
The user info endpoint of the IdP.
public string UserInfoEndpoint { get; set; }Property Value
Remarks
This must be a full URL, including the HTTPS protocol, the domain, and the path.