Class CfnIdentitySourcePropsMixin
- All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable,software.constructs.IMixin
If you are creating a new identity source, then you must specify a Configuration . If you are updating an existing identity source, then you must specify an UpdateConfiguration .
After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the IsAuthorizedWithToken operation. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Amazon Cognito provides both identity tokens and access tokens, and Verified Permissions can use either or both. Any combination of identity and access tokens results in the same Cedar principal. Verified Permissions automatically translates the information about the identities into the standard Cedar attributes that can be evaluated by your policies. Because the Amazon Cognito identity and access tokens can contain different information, the tokens you choose to use determine the attributes that are available to access in the Cedar principal from your policies.
Amazon Cognito Identity is not available in all of the same AWS Regions as . Because of this, the AWS::VerifiedPermissions::IdentitySource type is not available to create from CloudFormation in Regions where Amazon Cognito Identity is not currently available. Users can still create AWS::VerifiedPermissions::IdentitySource in those Regions, but only from the AWS CLI , SDK, or from the AWS console.
To reference a user from this identity source in your Cedar policies, use the following syntax.
IdentityType::"
| Where
IdentityTypeis the string that you provide to thePrincipalEntityTypeparameter for this operation. TheCognitoUserPoolIdandCognitoClientIdare defined by the Amazon Cognito user pool.
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.cfnpropertymixins.services.verifiedpermissions.*;
import software.amazon.awscdk.*;
IMergeStrategy mergeStrategy;
CfnIdentitySourcePropsMixin cfnIdentitySourcePropsMixin = CfnIdentitySourcePropsMixin.Builder.create(CfnIdentitySourceMixinProps.builder()
.configuration(IdentitySourceConfigurationProperty.builder()
.cognitoUserPoolConfiguration(CognitoUserPoolConfigurationProperty.builder()
.clientIds(List.of("clientIds"))
.groupConfiguration(CognitoGroupConfigurationProperty.builder()
.groupEntityType("groupEntityType")
.build())
.userPoolArn("userPoolArn")
.build())
.openIdConnectConfiguration(OpenIdConnectConfigurationProperty.builder()
.entityIdPrefix("entityIdPrefix")
.groupConfiguration(OpenIdConnectGroupConfigurationProperty.builder()
.groupClaim("groupClaim")
.groupEntityType("groupEntityType")
.build())
.issuer("issuer")
.tokenSelection(OpenIdConnectTokenSelectionProperty.builder()
.accessTokenOnly(OpenIdConnectAccessTokenConfigurationProperty.builder()
.audiences(List.of("audiences"))
.principalIdClaim("principalIdClaim")
.build())
.identityTokenOnly(OpenIdConnectIdentityTokenConfigurationProperty.builder()
.clientIds(List.of("clientIds"))
.principalIdClaim("principalIdClaim")
.build())
.build())
.build())
.build())
.policyStoreId("policyStoreId")
.principalEntityType("principalEntityType")
.build())
.strategy(mergeStrategy)
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic final classA fluent builder forCfnIdentitySourcePropsMixin.static interfaceThe type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.static interfaceA structure that contains configuration information used when creating or updating an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions .static interfaceA structure that contains configuration information used when creating or updating a new identity source.static interfaceExample:static interfaceThe configuration of an OpenID Connect (OIDC) identity source for handling access token claims.static interfaceContains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities.static interfaceThe claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.static interfaceThe configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims.static interfaceThe token type that you want to process from your OIDC identity provider.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IMixin
software.constructs.IMixin.Jsii$Default, software.constructs.IMixin.Jsii$Proxy -
Field Summary
Fields -
Constructor Summary
ConstructorsModifierConstructorDescriptionCreate a mixin to apply properties toAWS::VerifiedPermissions::IdentitySource.Create a mixin to apply properties toAWS::VerifiedPermissions::IdentitySource.protectedCfnIdentitySourcePropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnIdentitySourcePropsMixin(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionvoidapplyTo(software.constructs.IConstruct construct) Apply the mixin properties to the construct.protected CfnIdentitySourceMixinPropsgetProps()protected IMergeStrategysupports(software.constructs.IConstruct construct) Check if this mixin supports the given construct.Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_PROPERTY_KEYS
-
-
Constructor Details
-
CfnIdentitySourcePropsMixin
protected CfnIdentitySourcePropsMixin(software.amazon.jsii.JsiiObjectRef objRef) -
CfnIdentitySourcePropsMixin
protected CfnIdentitySourcePropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnIdentitySourcePropsMixin
@Stability(Stable) public CfnIdentitySourcePropsMixin(@NotNull CfnIdentitySourceMixinProps props, @Nullable CfnPropertyMixinOptions options) Create a mixin to apply properties toAWS::VerifiedPermissions::IdentitySource.- Parameters:
props- L1 properties to apply. This parameter is required.options- Mixin options.
-
CfnIdentitySourcePropsMixin
Create a mixin to apply properties toAWS::VerifiedPermissions::IdentitySource.- Parameters:
props- L1 properties to apply. This parameter is required.
-
-
Method Details
-
applyTo
@Stability(Stable) public void applyTo(@NotNull software.constructs.IConstruct construct) Apply the mixin properties to the construct. -
supports
@Stability(Stable) @NotNull public Boolean supports(@NotNull software.constructs.IConstruct construct) Check if this mixin supports the given construct. -
getProps
-
getStrategy
-