Builder

class Builder

Properties

Link copied to clipboard

A map that associates each scope in allowedScopes with a corresponding advertised scope value. The advertised scope appears in OAuth protected resource metadata and WWW-Authenticate response headers. Use this parameter when the scope that clients request from your identity provider differs from the scope in the validated token. Each key is a scope from allowedScopes that the service uses for token validation. Each value is the corresponding scope that the service advertises to clients. Scopes without a mapping entry appear unchanged to clients.

Link copied to clipboard

Represents individual audience values that are validated in the incoming JWT token validation process.

Link copied to clipboard

Represents individual client IDs that are validated in the incoming JWT token validation process.

Link copied to clipboard

An array of scopes that are allowed to access the token.

Link copied to clipboard

The configuration that restricts which workloads in the request's identity chain are allowed to invoke the target, identified by their hosting environments and workload identities. At launch, this is supported only for AgentCore Runtime targets, and the allowed workloads are AgentCore Gateways.

Link copied to clipboard

An array of objects that define a custom claim validation name, value, and operation

Link copied to clipboard

This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

Link copied to clipboard

The private endpoint configuration for a gateway target. Defines how the gateway connects to private resources in your VPC.

Link copied to clipboard

The private endpoint overrides for the custom JWT authorizer configuration.