Class: AWSCDK::ElasticLoadBalancingv2::AuthenticateOidcOptions
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::ElasticLoadBalancingv2::AuthenticateOidcOptions
- Defined in:
- elastic_load_balancingv2/authenticate_oidc_options.rb
Overview
Options for ListenerAction.authenciateOidc().
Instance Attribute Summary collapse
-
#_next ⇒ AWSCDK::ElasticLoadBalancingv2::ListenerAction
readonly
What action to execute next.
-
#allow_https_outbound ⇒ Boolean?
readonly
Allow HTTPS outbound traffic to communicate with the IdP.
-
#authentication_request_extra_params ⇒ Hash{String => String}?
readonly
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
-
#authorization_endpoint ⇒ String
readonly
The authorization endpoint of the IdP.
-
#client_id ⇒ String
readonly
The OAuth 2.0 client identifier.
-
#client_secret ⇒ AWSCDK::SecretValue
readonly
The OAuth 2.0 client secret.
-
#issuer ⇒ String
readonly
The OIDC issuer identifier of the IdP.
-
#on_unauthenticated_request ⇒ AWSCDK::ElasticLoadBalancingv2::UnauthenticatedAction?
readonly
The behavior if the user is not authenticated.
-
#scope ⇒ String?
readonly
The set of user claims to be requested from the IdP.
-
#session_cookie_name ⇒ String?
readonly
The name of the cookie used to maintain session information.
-
#session_timeout ⇒ AWSCDK::Duration?
readonly
The maximum duration of the authentication session.
-
#token_endpoint ⇒ String
readonly
The token endpoint of the IdP.
-
#user_info_endpoint ⇒ String
readonly
The user info endpoint of the IdP.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(authorization_endpoint:, client_id:, client_secret:, issuer:, _next:, token_endpoint:, user_info_endpoint:, allow_https_outbound: nil, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) ⇒ AuthenticateOidcOptions
constructor
A new instance of AuthenticateOidcOptions.
- #to_jsii ⇒ Object
Constructor Details
#initialize(authorization_endpoint:, client_id:, client_secret:, issuer:, _next:, token_endpoint:, user_info_endpoint:, allow_https_outbound: nil, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) ⇒ AuthenticateOidcOptions
Returns a new instance of AuthenticateOidcOptions.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 20 def initialize(authorization_endpoint:, client_id:, client_secret:, issuer:, _next:, token_endpoint:, user_info_endpoint:, allow_https_outbound: nil, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) @authorization_endpoint = Jsii::Type.check_type(@authorization_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationEndpoint") @client_id = client_id Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId") @client_secret = client_secret Jsii::Type.check_type(@client_secret, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRWYWx1ZSJ9")), "clientSecret") @issuer = issuer Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer") @_next = _next Jsii::Type.check_type(@_next, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWxhc3RpY2xvYWRiYWxhbmNpbmd2Mi5MaXN0ZW5lckFjdGlvbiJ9")), "next") @token_endpoint = token_endpoint Jsii::Type.check_type(@token_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tokenEndpoint") @user_info_endpoint = user_info_endpoint Jsii::Type.check_type(@user_info_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userInfoEndpoint") @allow_https_outbound = allow_https_outbound Jsii::Type.check_type(@allow_https_outbound, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "allowHttpsOutbound") unless @allow_https_outbound.nil? @authentication_request_extra_params = authentication_request_extra_params Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoibWFwIn19")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil? @on_unauthenticated_request = on_unauthenticated_request Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWxhc3RpY2xvYWRiYWxhbmNpbmd2Mi5VbmF1dGhlbnRpY2F0ZWRBY3Rpb24ifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil? @scope = scope Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil? @session_cookie_name = Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil? @session_timeout = session_timeout Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "sessionTimeout") unless @session_timeout.nil? end |
Instance Attribute Details
#_next ⇒ AWSCDK::ElasticLoadBalancingv2::ListenerAction (readonly)
What action to execute next.
72 73 74 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 72 def _next @_next end |
#allow_https_outbound ⇒ Boolean? (readonly)
Default: true
Allow HTTPS outbound traffic to communicate with the IdP.
Set this property to false if the IP address used for the IdP endpoint is identifiable
and you want to control outbound traffic.
Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.
94 95 96 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 94 def allow_https_outbound @allow_https_outbound end |
#authentication_request_extra_params ⇒ Hash{String => String}? (readonly)
Default: - No extra parameters
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
99 100 101 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 99 def authentication_request_extra_params @authentication_request_extra_params end |
#authorization_endpoint ⇒ String (readonly)
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
54 55 56 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 54 def @authorization_endpoint end |
#client_id ⇒ String (readonly)
The OAuth 2.0 client identifier.
58 59 60 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 58 def client_id @client_id end |
#client_secret ⇒ AWSCDK::SecretValue (readonly)
The OAuth 2.0 client secret.
62 63 64 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 62 def client_secret @client_secret end |
#issuer ⇒ String (readonly)
The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
68 69 70 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 68 def issuer @issuer end |
#on_unauthenticated_request ⇒ AWSCDK::ElasticLoadBalancingv2::UnauthenticatedAction? (readonly)
Default: UnauthenticatedAction.AUTHENTICATE
The behavior if the user is not authenticated.
104 105 106 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 104 def on_unauthenticated_request @on_unauthenticated_request end |
#scope ⇒ String? (readonly)
Default: "openid"
The set of user claims to be requested from the IdP.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
111 112 113 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 111 def scope @scope end |
#session_cookie_name ⇒ String? (readonly)
Default: "AWSELBAuthSessionCookie"
The name of the cookie used to maintain session information.
116 117 118 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 116 def @session_cookie_name end |
#session_timeout ⇒ AWSCDK::Duration? (readonly)
Default: Duration.days(7)
The maximum duration of the authentication session.
121 122 123 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 121 def session_timeout @session_timeout end |
#token_endpoint ⇒ String (readonly)
The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
78 79 80 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 78 def token_endpoint @token_endpoint end |
#user_info_endpoint ⇒ String (readonly)
The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
84 85 86 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 84 def user_info_endpoint @user_info_endpoint end |
Class Method Details
.jsii_properties ⇒ Object
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 123 def self.jsii_properties { :authorization_endpoint => "authorizationEndpoint", :client_id => "clientId", :client_secret => "clientSecret", :issuer => "issuer", :_next => "next", :token_endpoint => "tokenEndpoint", :user_info_endpoint => "userInfoEndpoint", :allow_https_outbound => "allowHttpsOutbound", :authentication_request_extra_params => "authenticationRequestExtraParams", :on_unauthenticated_request => "onUnauthenticatedRequest", :scope => "scope", :session_cookie_name => "sessionCookieName", :session_timeout => "sessionTimeout", } end |
Instance Method Details
#to_jsii ⇒ Object
141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 |
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 141 def to_jsii result = {} result.merge!({ "authorizationEndpoint" => @authorization_endpoint, "clientId" => @client_id, "clientSecret" => @client_secret, "issuer" => @issuer, "next" => @_next, "tokenEndpoint" => @token_endpoint, "userInfoEndpoint" => @user_info_endpoint, "allowHttpsOutbound" => @allow_https_outbound, "authenticationRequestExtraParams" => @authentication_request_extra_params, "onUnauthenticatedRequest" => @on_unauthenticated_request, "scope" => @scope, "sessionCookieName" => @session_cookie_name, "sessionTimeout" => @session_timeout, }) result.compact end |