Interface CustomJwtConfiguration
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CustomJwtConfiguration.Jsii$Proxy
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)",
date="2026-05-19T08:18:44.376Z")
@Stability(Stable)
public interface CustomJwtConfiguration
extends software.amazon.jsii.JsiiSerializable
Custom JWT authorizer configuration.
Example:
// Create a custom execution role
Role executionRole = Role.Builder.create(this, "GatewayExecutionRole")
.assumedBy(new ServicePrincipal("bedrock-agentcore.amazonaws.com"))
.managedPolicies(List.of(ManagedPolicy.fromAwsManagedPolicyName("AmazonBedrockAgentCoreGatewayExecutionRolePolicy")))
.build();
// Create gateway with custom execution role
Gateway gateway = Gateway.Builder.create(this, "MyGateway")
.gatewayName("my-gateway")
.description("Gateway with custom execution role")
.protocolConfiguration(McpProtocolConfiguration.Builder.create()
.instructions("Use this gateway to connect to external MCP tools")
.searchType(McpGatewaySearchType.SEMANTIC)
.supportedVersions(List.of(MCPProtocolVersion.MCP_2025_03_26))
.build())
.authorizerConfiguration(GatewayAuthorizer.usingCustomJwt(CustomJwtConfiguration.builder()
.discoveryUrl("https://auth.example.com/.well-known/openid-configuration")
.allowedAudience(List.of("my-app"))
.allowedClients(List.of("my-client-id"))
.allowedScopes(List.of("read", "write"))
.build()))
.role(executionRole)
.build();
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCustomJwtConfigurationstatic final classAn implementation forCustomJwtConfiguration -
Method Summary
Modifier and TypeMethodDescriptionbuilder()Represents individual audience values that are validated in the incoming JWT token validation process.Represents individual client IDs that are validated in the incoming JWT token validation process.Represents individual scopes that are validated in the incoming JWT token validation process.default List<GatewayCustomClaim> Custom claims for additional JWT token validation.This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getDiscoveryUrl
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.Pattern: .+/.well-known/openid-configuration Required: Yes
-
getAllowedAudience
Represents individual audience values that are validated in the incoming JWT token validation process.Default: - No audience validation
-
getAllowedClients
Represents individual client IDs that are validated in the incoming JWT token validation process.Default: - No client ID validation
-
getAllowedScopes
Represents individual scopes that are validated in the incoming JWT token validation process.Default: - No scope validation
-
getCustomClaims
Custom claims for additional JWT token validation.Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.
Default: - No custom claim validation
-
builder
- Returns:
- a
CustomJwtConfiguration.BuilderofCustomJwtConfiguration
-