Package software.amazon.awscdk.cfnpropertymixins.services.verifiedpermissions

Interface CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Jsii$Proxy

Enclosing class:

CfnIdentitySourcePropsMixin

@Stability(Stable)
public static interface CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty
extends software.amazon.jsii.JsiiSerializable

Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities.

It specifies the issuer URL, token type that you want to use, and policy store entity details.

This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource .

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.cfnpropertymixins.services.verifiedpermissions.*;
 OpenIdConnectConfigurationProperty openIdConnectConfigurationProperty = OpenIdConnectConfigurationProperty.builder()
         .entityIdPrefix("entityIdPrefix")
         .groupConfiguration(OpenIdConnectGroupConfigurationProperty.builder()
                 .groupClaim("groupClaim")
                 .groupEntityType("groupEntityType")
                 .build())
         .issuer("issuer")
         .tokenSelection(OpenIdConnectTokenSelectionProperty.builder()
                 .accessTokenOnly(OpenIdConnectAccessTokenConfigurationProperty.builder()
                         .audiences(List.of("audiences"))
                         .principalIdClaim("principalIdClaim")
                         .build())
                 .identityTokenOnly(OpenIdConnectIdentityTokenConfigurationProperty.builder()
                         .clientIds(List.of("clientIds"))
                         .principalIdClaim("principalIdClaim")
                         .build())
                 .build())
         .build();
 

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Builder	A builder for CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty
static final class	CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Jsii$Proxy	An implementation for CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty

Method Summary

Modifier and Type	Method	Description
static CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Builder	builder()
default String	getEntityIdPrefix()	A descriptive string that you want to prefix to user entities from your OIDC identity provider.
default Object	getGroupConfiguration()	The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
default String	getIssuer()	The issuer URL of an OIDC identity provider.
default Object	getTokenSelection()	The token type that you want to process from your OIDC identity provider.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getEntityIdPrefix

@Stability(Stable)
@Nullable
default String getEntityIdPrefix()

A descriptive string that you want to prefix to user entities from your OIDC identity provider.

For example, if you set an entityIdPrefix of MyOIDCProvider , you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-entityidprefix

getGroupConfiguration

@Stability(Stable)
@Nullable
default Object getGroupConfiguration()

The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.

For example, this object can map the contents of a groups claim to MyCorp::UserGroup .

Returns union: either IResolvable or CfnIdentitySourcePropsMixin.OpenIdConnectGroupConfigurationProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-groupconfiguration

getIssuer

@Stability(Stable)
@Nullable
default String getIssuer()

The issuer URL of an OIDC identity provider.

This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration .

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-issuer

getTokenSelection

@Stability(Stable)
@Nullable
default Object getTokenSelection()

The token type that you want to process from your OIDC identity provider.

Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.

Returns union: either IResolvable or CfnIdentitySourcePropsMixin.OpenIdConnectTokenSelectionProperty

See Also:

• http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-verifiedpermissions-identitysource-openidconnectconfiguration.html#cfn-verifiedpermissions-identitysource-openidconnectconfiguration-tokenselection

builder

@Stability(Stable)
static CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Builder builder()

Returns:

a CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty.Builder of CfnIdentitySourcePropsMixin.OpenIdConnectConfigurationProperty