class Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

@note When making an API call, you may pass AuthenticateOidcActionConfig

data as a hash:

    {
      issuer: "AuthenticateOidcActionIssuer", # required
      authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required
      token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required
      user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required
      client_id: "AuthenticateOidcActionClientId", # required
      client_secret: "AuthenticateOidcActionClientSecret",
      session_cookie_name: "AuthenticateOidcActionSessionCookieName",
      scope: "AuthenticateOidcActionScope",
      session_timeout: 1,
      authentication_request_extra_params: {
        "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue",
      },
      on_unauthenticated_request: "deny", # accepts deny, allow, authenticate
      use_existing_client_secret: false,
    }

@!attribute [rw] issuer

The OIDC issuer identifier of the IdP. This must be a full URL,
including the HTTPS protocol, the domain, and the path.
@return [String]

@!attribute [rw] authorization_endpoint

The authorization endpoint of the IdP. This must be a full URL,
including the HTTPS protocol, the domain, and the path.
@return [String]

@!attribute [rw] token_endpoint

The token endpoint of the IdP. This must be a full URL, including
the HTTPS protocol, the domain, and the path.
@return [String]

@!attribute [rw] user_info_endpoint

The user info endpoint of the IdP. This must be a full URL,
including the HTTPS protocol, the domain, and the path.
@return [String]

@!attribute [rw] client_id

The OAuth 2.0 client identifier.
@return [String]

@!attribute [rw] client_secret

The OAuth 2.0 client secret. This parameter is required if you are
creating a rule. If you are modifying a rule, you can omit this
parameter if you set `UseExistingClientSecret` to true.
@return [String]

@!attribute [rw] session_cookie_name

The name of the cookie used to maintain session information. The
default is AWSELBAuthSessionCookie.
@return [String]

@!attribute [rw] scope

The set of user claims to be requested from the IdP. The default is
`openid`.

To verify which scope values your IdP supports and how to separate
multiple values, see the documentation for your IdP.
@return [String]

@!attribute [rw] session_timeout

The maximum duration of the authentication session, in seconds. The
default is 604800 seconds (7 days).
@return [Integer]

@!attribute [rw] authentication_request_extra_params

The query parameters (up to 10) to include in the redirect request
to the authorization endpoint.
@return [Hash<String,String>]

@!attribute [rw] on_unauthenticated_request

The behavior if the user is not authenticated. The following are
possible values:

* deny`` - Return an HTTP 401 Unauthorized error.

* allow`` - Allow the request to be forwarded to the target.

* authenticate`` - Redirect the request to the IdP authorization
  endpoint. This is the default value.
@return [String]

@!attribute [rw] use_existing_client_secret

Indicates whether to use the existing client secret when modifying a
rule. If you are creating a rule, you can omit this parameter or set
it to false.
@return [Boolean]

@see docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AuthenticateOidcActionConfig AWS API Documentation

Constants

SENSITIVE