Package software.amazon.awscdk.services.bedrockagentcore

Class GatewayCustomClaim

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.bedrockagentcore.GatewayCustomClaim
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable
@Generated(value="jsii-pacmak/1.129.0 (build eaca441)", date="2026-05-19T08:18:44.410Z") @Stability(Stable) public class GatewayCustomClaim extends software.amazon.jsii.JsiiObject
Represents a custom claim validation configuration for Gateway JWT authorizers.

Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Example: 

 // Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
 GatewayCustomClaim[] customClaims = List.of(GatewayCustomClaim.withStringValue("department", "engineering"), GatewayCustomClaim.withStringArrayValue("roles", List.of("admin"), CustomClaimOperator.CONTAINS), GatewayCustomClaim.withStringArrayValue("permissions", List.of("read", "write"), CustomClaimOperator.CONTAINS_ANY));
 Gateway gateway = Gateway.Builder.create(this, "MyGateway")
         .gatewayName("my-gateway")
         .authorizerConfiguration(GatewayAuthorizer.usingCustomJwt(CustomJwtConfiguration.builder()
                 .discoveryUrl("https://auth.example.com/.well-known/openid-configuration")
                 .allowedAudience(List.of("my-app"))
                 .allowedClients(List.of("my-client-id"))
                 .allowedScopes(List.of("read", "write"))
                 .customClaims(customClaims)
                 .build()))
         .build();

  • Constructor Details

    • GatewayCustomClaim

      protected GatewayCustomClaim(software.amazon.jsii.JsiiObjectRef objRef)

    • GatewayCustomClaim

      protected GatewayCustomClaim(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

  • Method Details

    • withStringArrayValue

      @Stability(Stable) @NotNull public static GatewayCustomClaim withStringArrayValue(@NotNull String name, @NotNull List<String> values, @Nullable CustomClaimOperator operator)
      Create a custom claim with a string array value.

      String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      values - The array of string values to match. This parameter is required.
      operator - The match operator (defaults to CONTAINS).
      Returns:
      A GatewayCustomClaim configured for string array validation

    • withStringArrayValue

      @Stability(Stable) @NotNull public static GatewayCustomClaim withStringArrayValue(@NotNull String name, @NotNull List<String> values)
      Create a custom claim with a string array value.

      String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      values - The array of string values to match. This parameter is required.
      Returns:
      A GatewayCustomClaim configured for string array validation

    • withStringValue

      @Stability(Stable) @NotNull public static GatewayCustomClaim withStringValue(@NotNull String name, @NotNull String value)
      Create a custom claim with a string value.

      String claims must use the EQUALS operator.

      Parameters:
      name - The name of the claim in the JWT token. This parameter is required.
      value - The string value to match (must exactly equal). This parameter is required.
      Returns:
      A GatewayCustomClaim configured for string validation