GatewayCustomClaim

class aws_cdk.aws_bedrock_agentcore_alpha.GatewayCustomClaim(*args: Any, **kwargs)

Bases: object

(experimental) Represents a custom claim validation configuration for Gateway JWT authorizers.

Custom claims allow you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Stability:: experimental
ExampleMetadata:: fixture=default infused

Example:

# Optional: Create custom claims (CustomClaimOperator and GatewayCustomClaim from agentcore)
custom_claims = [
    agentcore.GatewayCustomClaim.with_string_value("department", "engineering"),
    agentcore.GatewayCustomClaim.with_string_array_value("roles", ["admin"], agentcore.CustomClaimOperator.CONTAINS),
    agentcore.GatewayCustomClaim.with_string_array_value("permissions", ["read", "write"], agentcore.CustomClaimOperator.CONTAINS_ANY)
]

gateway = agentcore.Gateway(self, "MyGateway",
    gateway_name="my-gateway",
    authorizer_configuration=agentcore.GatewayAuthorizer.using_custom_jwt(
        discovery_url="https://auth.example.com/.well-known/openid-configuration",
        allowed_audience=["my-app"],
        allowed_clients=["my-client-id"],
        allowed_scopes=["read", "write"],
        custom_claims=custom_claims
    )
)

Static Methods

classmethod with_string_array_value(name, values, operator=None)

(experimental) Create a custom claim with a string array value.

String array claims can use CONTAINS (default) or CONTAINS_ANY operator.

Parameters:

name (str) – The name of the claim in the JWT token.
values (Sequence[str]) – The array of string values to match. For CONTAINS operator, must contain exactly one value.
operator (Optional[CustomClaimOperator]) – The match operator (defaults to CONTAINS).

Return type:

GatewayCustomClaim

Returns:

A GatewayCustomClaim configured for string array validation

Stability:

experimental

classmethod with_string_value(name, value)

(experimental) Create a custom claim with a string value.

String claims must use the EQUALS operator.