Package software.amazon.awscdk.services.appsync

Interface AppSyncOpenIdConnectConfig

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

AppSyncOpenIdConnectConfig.Jsii$Proxy

@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)",
           date="2025-11-13T16:09:58.876Z")
@Stability(Stable)
public interface AppSyncOpenIdConnectConfig
extends software.amazon.jsii.JsiiSerializable

Configuration for OpenID Connect authorization in AppSync.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.appsync.*;
 AppSyncOpenIdConnectConfig appSyncOpenIdConnectConfig = AppSyncOpenIdConnectConfig.builder()
         .oidcProvider("oidcProvider")
         // the properties below are optional
         .clientId("clientId")
         .tokenExpiryFromAuth(123)
         .tokenExpiryFromIssue(123)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static final class	AppSyncOpenIdConnectConfig.Builder	A builder for AppSyncOpenIdConnectConfig
static final class	AppSyncOpenIdConnectConfig.Jsii$Proxy	An implementation for AppSyncOpenIdConnectConfig

Method Summary

Modifier and Type	Method	Description
static AppSyncOpenIdConnectConfig.Builder	builder()
default String	getClientId()	The client identifier of the Relying party at the OpenID identity provider.
String	getOidcProvider()	The issuer for the OIDC configuration.
default Number	getTokenExpiryFromAuth()	The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.
default Number	getTokenExpiryFromIssue()	The number of milliseconds an OIDC token is valid after being issued to a user.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Details

getOidcProvider

@Stability(Stable)
@NotNull
String getOidcProvider()

The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.

getClientId

@Stability(Stable)
@Nullable
default String getClientId()

The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.

Default: - * (All)

Example:

 -"ABCD|CDEF";
 

getTokenExpiryFromAuth

@Stability(Stable)
@Nullable
default Number getTokenExpiryFromAuth()

The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.

Default: - no validation

getTokenExpiryFromIssue

@Stability(Stable)
@Nullable
default Number getTokenExpiryFromIssue()

The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.

Default: - no validation

builder

@Stability(Stable)
static AppSyncOpenIdConnectConfig.Builder builder()

Returns:

a AppSyncOpenIdConnectConfig.Builder of AppSyncOpenIdConnectConfig