CustomJwtAuthorizerConfiguration
Configuration for inbound JWT-based authorization, specifying how incoming requests should be authenticated.
Types
Properties
A map that associates each scope in allowedScopes with a corresponding advertised scope value. The advertised scope appears in OAuth protected resource metadata and WWW-Authenticate response headers. Use this parameter when the scope that clients request from your identity provider differs from the scope in the validated token. Each key is a scope from allowedScopes that the service uses for token validation. Each value is the corresponding scope that the service advertises to clients. Scopes without a mapping entry appear unchanged to clients.
Represents individual audience values that are validated in the incoming JWT token validation process.
Represents individual client IDs that are validated in the incoming JWT token validation process.
An array of scopes that are allowed to access the token.
The configuration that restricts which workloads in the request's identity chain are allowed to invoke the target, identified by their hosting environments and workload identities. At launch, this is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways.
An array of objects that define a custom claim validation name, value, and operation
This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.
The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.
The private endpoint overrides for the custom JWT authorizer configuration.