class Aws::ElasticLoadBalancingV2::Types::AuthenticateOidcActionConfig
Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
@note When making an API call, you may pass AuthenticateOidcActionConfig
data as a hash: { issuer: "AuthenticateOidcActionIssuer", # required authorization_endpoint: "AuthenticateOidcActionAuthorizationEndpoint", # required token_endpoint: "AuthenticateOidcActionTokenEndpoint", # required user_info_endpoint: "AuthenticateOidcActionUserInfoEndpoint", # required client_id: "AuthenticateOidcActionClientId", # required client_secret: "AuthenticateOidcActionClientSecret", session_cookie_name: "AuthenticateOidcActionSessionCookieName", scope: "AuthenticateOidcActionScope", session_timeout: 1, authentication_request_extra_params: { "AuthenticateOidcActionAuthenticationRequestParamName" => "AuthenticateOidcActionAuthenticationRequestParamValue", }, on_unauthenticated_request: "deny", # accepts deny, allow, authenticate use_existing_client_secret: false, }
@!attribute [rw] issuer
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. @return [String]
@!attribute [rw] authorization_endpoint
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. @return [String]
@!attribute [rw] token_endpoint
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. @return [String]
@!attribute [rw] user_info_endpoint
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path. @return [String]
@!attribute [rw] client_id
The OAuth 2.0 client identifier. @return [String]
@!attribute [rw] client_secret
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set `UseExistingClientSecret` to true. @return [String]
@!attribute [rw] session_cookie_name
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie. @return [String]
@!attribute [rw] scope
The set of user claims to be requested from the IdP. The default is `openid`. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP. @return [String]
@!attribute [rw] session_timeout
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days). @return [Integer]
@!attribute [rw] authentication_request_extra_params
The query parameters (up to 10) to include in the redirect request to the authorization endpoint. @return [Hash<String,String>]
@!attribute [rw] on_unauthenticated_request
The behavior if the user is not authenticated. The following are possible values: * deny`` - Return an HTTP 401 Unauthorized error. * allow`` - Allow the request to be forwarded to the target. * authenticate`` - Redirect the request to the IdP authorization endpoint. This is the default value. @return [String]
@!attribute [rw] use_existing_client_secret
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false. @return [Boolean]
@see docs.aws.amazon.com/goto/WebAPI/elasticloadbalancingv2-2015-12-01/AuthenticateOidcActionConfig AWS API Documentation
Constants
- SENSITIVE