OidcConfigInfo - AWS Wickr
ContentsSee Also

OidcConfigInfo

Contains the OpenID Connect (OIDC) configuration information for Single Sign-On (SSO) authentication, including identity provider settings and client credentials.

Contents

Note

In the following list, the required parameters are described first.

companyId

Custom identifier your end users will use to sign in with SSO.

Type: String

Pattern: [\S\s]*

Required: Yes

issuer

The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

Type: String

Pattern: [\S\s]*

Required: Yes

scopes

The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').

Type: String

Pattern: [\S\s]*

Required: Yes

applicationId

The unique identifier for the registered OIDC application. Valid range is 1-10.

Type: Integer

Valid Range: Minimum value of 1. Maximum value of 10.

Required: No

applicationName

The name of the OIDC application as registered with the identity provider.

Type: String

Pattern: [\S\s]*

Required: No

caCertificate

The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

Type: String

Pattern: [\S\s]*

Required: No

clientId

The OAuth client ID assigned by the identity provider for authentication requests.

Type: String

Pattern: [\S\s]*

Required: No

clientSecret

The OAuth client secret used to authenticate the application with the identity provider.

Type: String

Pattern: [\S\s]*

Required: No

customUsername

A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

Type: String

Pattern: [\S\s]*

Required: No

extraAuthParams

Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

Type: String

Pattern: [\S\s]*

Required: No

redirectUrl

The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

Type: String

Pattern: [\S\s]*

Required: No

secret

An additional secret credential used by the identity provider for authentication.

Type: String

Pattern: [\S\s]*

Required: No

ssoTokenBufferMinutes

The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

Type: Integer

Required: No

userId

The claim field from the OIDC token to use as the unique user identifier (e.g., 'email', 'sub', or a custom claim).

Type: String

Pattern: [\S\s]*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: