CustomOauth2ProviderConfigInput

The OAuth2 discovery information for the custom provider.

Type: Oauth2Discovery object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: Yes

The client authentication method to use when authenticating with the token endpoint.

Type: String

Valid Values: CLIENT_SECRET_BASIC | CLIENT_SECRET_POST | AWS_IAM_ID_TOKEN_JWT

Required: No

The client ID for the custom OAuth2 provider.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 256.

Required: No

The client secret for the custom OAuth2 provider.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 2048.

Required: No

A reference to the AWS Secrets Manager secret that stores the client secret. This includes the secret ID and the JSON key used to extract the client secret value from the secret. Required when clientSecretSource is set to EXTERNAL.

Type: SecretReference object

Required: No

The source type of the client secret. Use MANAGED if the secret is managed by the service, or EXTERNAL if you manage the secret yourself in AWS Secrets Manager.

Type: String

Valid Values: MANAGED | EXTERNAL

Required: No

The configuration for on-behalf-of token exchange. This enables authentication flows that use RFC 8693 token exchange or RFC 7523 JWT authorization grants.

Type: OnBehalfOfTokenExchangeConfigType object

Required: No

The default private endpoint for the custom OAuth2 provider, enabling secure connectivity through a VPC Lattice resource configuration.

Type: PrivateEndpoint object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: No

The private endpoint overrides for the custom OAuth2 provider configuration.

Type: Array of PrivateEndpointOverride objects

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Required: No