class Aws::ElasticLoadBalancingV2::Types::AuthenticateCognitoActionConfig

Request parameters to use when integrating with Amazon Cognito to authenticate users.

@note When making an API call, you may pass AuthenticateCognitoActionConfig

data as a hash:

    {
      user_pool_arn: "AuthenticateCognitoActionUserPoolArn", # required
      user_pool_client_id: "AuthenticateCognitoActionUserPoolClientId", # required
      user_pool_domain: "AuthenticateCognitoActionUserPoolDomain", # required
      session_cookie_name: "AuthenticateCognitoActionSessionCookieName",
      scope: "AuthenticateCognitoActionScope",
      session_timeout: 1,
      authentication_request_extra_params: {
        "AuthenticateCognitoActionAuthenticationRequestParamName" => "AuthenticateCognitoActionAuthenticationRequestParamValue",
      },
      on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
    }

@!attribute [rw] user_pool_arn

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.
@return [String]

@!attribute [rw] user_pool_client_id

The ID of the Amazon Cognito user pool client.
@return [String]

@!attribute [rw] user_pool_domain

The domain prefix or fully-qualified domain name of the Amazon
Cognito user pool.
@return [String]

@!attribute [rw] session_cookie_name

The name of the cookie used to maintain session information. The
default is AWSELBAuthSessionCookie.
@return [String]

@!attribute [rw] scope

The set of user claims to be requested from the IdP. The default is
`openid`.

To verify which scope values your IdP supports and how to separate
multiple values, see the documentation for your IdP.
@return [String]

@!attribute [rw] session_timeout

The maximum duration of the authentication session, in seconds. The
default is 604800 seconds (7 days).
@return [Integer]

@!attribute [rw] authentication_request_extra_params

The query parameters (up to 10) to include in the redirect request
to the authorization endpoint.
@return [Hash<String,String>]

@!attribute [rw] on_unauthenticated_request

The behavior if the user is not authenticated. The following are
possible values:

* deny`` - Return an HTTP 401 Unauthorized error.

* allow`` - Allow the request to be forwarded to the target.

* authenticate`` - Redirect the request to the IdP authorization
  endpoint. This is the default value.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AuthenticateCognitoActionConfig AWS API Documentation

Constants

SENSITIVE