Class: AWSCDK::AppSync::OpenIdConnectConfig

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
app_sync/open_id_connect_config.rb

Overview

Configuration for OpenID Connect authorization in AppSync.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(oidc_provider:, client_id: nil, token_expiry_from_auth: nil, token_expiry_from_issue: nil) ⇒ OpenIdConnectConfig

Returns a new instance of OpenIdConnectConfig.

Parameters:

  • oidc_provider (String)

    The issuer for the OIDC configuration.

  • client_id (String, nil) (defaults to: nil)

    The client identifier of the Relying party at the OpenID identity provider.

  • token_expiry_from_auth (Numeric, nil) (defaults to: nil)

    The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

  • token_expiry_from_issue (Numeric, nil) (defaults to: nil)

    The number of milliseconds an OIDC token is valid after being issued to a user.



11
12
13
14
15
16
17
18
19
20
# File 'app_sync/open_id_connect_config.rb', line 11

def initialize(oidc_provider:, client_id: nil, token_expiry_from_auth: nil, token_expiry_from_issue: nil)
  @oidc_provider = oidc_provider
  Jsii::Type.check_type(@oidc_provider, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "oidcProvider")
  @client_id = client_id
  Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId") unless @client_id.nil?
  @token_expiry_from_auth = token_expiry_from_auth
  Jsii::Type.check_type(@token_expiry_from_auth, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "tokenExpiryFromAuth") unless @token_expiry_from_auth.nil?
  @token_expiry_from_issue = token_expiry_from_issue
  Jsii::Type.check_type(@token_expiry_from_issue, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "tokenExpiryFromIssue") unless @token_expiry_from_issue.nil?
end

Instance Attribute Details

#client_idString? (readonly)

Note:

Default: - * (All)

The client identifier of the Relying party at the OpenID identity provider.

A regular expression can be specified so AppSync can validate against multiple client identifiers at a time.

Examples:

-"ABCD|CDEF"

Returns:

  • (String, nil)


36
37
38
# File 'app_sync/open_id_connect_config.rb', line 36

def client_id
  @client_id
end

#oidc_providerString (readonly)

The issuer for the OIDC configuration.

The issuer returned by discovery must exactly match the value of iss in the OIDC token.

Returns:

  • (String)


27
28
29
# File 'app_sync/open_id_connect_config.rb', line 27

def oidc_provider
  @oidc_provider
end

#token_expiry_from_authNumeric? (readonly)

Note:

Default: - no validation

The number of milliseconds an OIDC token is valid after being authenticated by OIDC provider.

auth_time claim in OIDC token is required for this validation to work.

Returns:

  • (Numeric, nil)


43
44
45
# File 'app_sync/open_id_connect_config.rb', line 43

def token_expiry_from_auth
  @token_expiry_from_auth
end

#token_expiry_from_issueNumeric? (readonly)

Note:

Default: - no validation

The number of milliseconds an OIDC token is valid after being issued to a user.

This validation uses iat claim of OIDC token.

Returns:

  • (Numeric, nil)


50
51
52
# File 'app_sync/open_id_connect_config.rb', line 50

def token_expiry_from_issue
  @token_expiry_from_issue
end

Class Method Details

.jsii_propertiesObject



52
53
54
55
56
57
58
59
# File 'app_sync/open_id_connect_config.rb', line 52

def self.jsii_properties
  {
    :oidc_provider => "oidcProvider",
    :client_id => "clientId",
    :token_expiry_from_auth => "tokenExpiryFromAuth",
    :token_expiry_from_issue => "tokenExpiryFromIssue",
  }
end

Instance Method Details

#to_jsiiObject



61
62
63
64
65
66
67
68
69
70
# File 'app_sync/open_id_connect_config.rb', line 61

def to_jsii
  result = {}
  result.merge!({
    "oidcProvider" => @oidc_provider,
    "clientId" => @client_id,
    "tokenExpiryFromAuth" => @token_expiry_from_auth,
    "tokenExpiryFromIssue" => @token_expiry_from_issue,
  })
  result.compact
end