Class: AWSCDK::ElasticLoadBalancingv2::AuthenticateOidcOptions

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
elastic_load_balancingv2/authenticate_oidc_options.rb

Overview

Options for ListenerAction.authenciateOidc().

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(authorization_endpoint:, client_id:, client_secret:, issuer:, _next:, token_endpoint:, user_info_endpoint:, allow_https_outbound: nil, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) ⇒ AuthenticateOidcOptions

Returns a new instance of AuthenticateOidcOptions.

Parameters:

  • authorization_endpoint (String)

    The authorization endpoint of the IdP.

  • client_id (String)

    The OAuth 2.0 client identifier.

  • client_secret (AWSCDK::SecretValue)

    The OAuth 2.0 client secret.

  • issuer (String)

    The OIDC issuer identifier of the IdP.

  • _next (AWSCDK::ElasticLoadBalancingv2::ListenerAction)

    What action to execute next.

  • token_endpoint (String)

    The token endpoint of the IdP.

  • user_info_endpoint (String)

    The user info endpoint of the IdP.

  • allow_https_outbound (Boolean, nil) (defaults to: nil)

    Allow HTTPS outbound traffic to communicate with the IdP.

  • authentication_request_extra_params (Hash{String => String}, nil) (defaults to: nil)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • on_unauthenticated_request (AWSCDK::ElasticLoadBalancingv2::UnauthenticatedAction, nil) (defaults to: nil)

    The behavior if the user is not authenticated.

  • scope (String, nil) (defaults to: nil)

    The set of user claims to be requested from the IdP.

  • session_cookie_name (String, nil) (defaults to: nil)

    The name of the cookie used to maintain session information.

  • session_timeout (AWSCDK::Duration, nil) (defaults to: nil)

    The maximum duration of the authentication session.



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 20

def initialize(authorization_endpoint:, client_id:, client_secret:, issuer:, _next:, token_endpoint:, user_info_endpoint:, allow_https_outbound: nil, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil)
  @authorization_endpoint = authorization_endpoint
  Jsii::Type.check_type(@authorization_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "authorizationEndpoint")
  @client_id = client_id
  Jsii::Type.check_type(@client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "clientId")
  @client_secret = client_secret
  Jsii::Type.check_type(@client_secret, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5TZWNyZXRWYWx1ZSJ9")), "clientSecret")
  @issuer = issuer
  Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer")
  @_next = _next
  Jsii::Type.check_type(@_next, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWxhc3RpY2xvYWRiYWxhbmNpbmd2Mi5MaXN0ZW5lckFjdGlvbiJ9")), "next")
  @token_endpoint = token_endpoint
  Jsii::Type.check_type(@token_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "tokenEndpoint")
  @user_info_endpoint = 
  Jsii::Type.check_type(@user_info_endpoint, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userInfoEndpoint")
  @allow_https_outbound = allow_https_outbound
  Jsii::Type.check_type(@allow_https_outbound, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "allowHttpsOutbound") unless @allow_https_outbound.nil?
  @authentication_request_extra_params = authentication_request_extra_params
  Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoibWFwIn19")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil?
  @on_unauthenticated_request = on_unauthenticated_request
  Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfZWxhc3RpY2xvYWRiYWxhbmNpbmd2Mi5VbmF1dGhlbnRpY2F0ZWRBY3Rpb24ifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil?
  @scope = scope
  Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil?
  @session_cookie_name = session_cookie_name
  Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5EdXJhdGlvbiJ9")), "sessionTimeout") unless @session_timeout.nil?
end

Instance Attribute Details

#_nextAWSCDK::ElasticLoadBalancingv2::ListenerAction (readonly)

What action to execute next.



72
73
74
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 72

def _next
  @_next
end

#allow_https_outboundBoolean? (readonly)

Note:

Default: true

Allow HTTPS outbound traffic to communicate with the IdP.

Set this property to false if the IP address used for the IdP endpoint is identifiable and you want to control outbound traffic. Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.



94
95
96
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 94

def allow_https_outbound
  @allow_https_outbound
end

#authentication_request_extra_paramsHash{String => String}? (readonly)

Note:

Default: - No extra parameters

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

Returns:

  • (Hash{String => String}, nil)


99
100
101
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 99

def authentication_request_extra_params
  @authentication_request_extra_params
end

#authorization_endpointString (readonly)

The authorization endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


54
55
56
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 54

def authorization_endpoint
  @authorization_endpoint
end

#client_idString (readonly)

The OAuth 2.0 client identifier.

Returns:

  • (String)


58
59
60
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 58

def client_id
  @client_id
end

#client_secretAWSCDK::SecretValue (readonly)

The OAuth 2.0 client secret.

Returns:



62
63
64
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 62

def client_secret
  @client_secret
end

#issuerString (readonly)

The OIDC issuer identifier of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


68
69
70
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 68

def issuer
  @issuer
end

#on_unauthenticated_requestAWSCDK::ElasticLoadBalancingv2::UnauthenticatedAction? (readonly)

Note:

Default: UnauthenticatedAction.AUTHENTICATE

The behavior if the user is not authenticated.



104
105
106
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 104

def on_unauthenticated_request
  @on_unauthenticated_request
end

#scopeString? (readonly)

Note:

Default: "openid"

The set of user claims to be requested from the IdP.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

Returns:

  • (String, nil)


111
112
113
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 111

def scope
  @scope
end
Note:

Default: "AWSELBAuthSessionCookie"

The name of the cookie used to maintain session information.

Returns:

  • (String, nil)


116
117
118
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 116

def session_cookie_name
  @session_cookie_name
end

#session_timeoutAWSCDK::Duration? (readonly)

Note:

Default: Duration.days(7)

The maximum duration of the authentication session.

Returns:



121
122
123
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 121

def session_timeout
  @session_timeout
end

#token_endpointString (readonly)

The token endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


78
79
80
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 78

def token_endpoint
  @token_endpoint
end

#user_info_endpointString (readonly)

The user info endpoint of the IdP.

This must be a full URL, including the HTTPS protocol, the domain, and the path.

Returns:

  • (String)


84
85
86
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 84

def 
  @user_info_endpoint
end

Class Method Details

.jsii_propertiesObject



123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 123

def self.jsii_properties
  {
    :authorization_endpoint => "authorizationEndpoint",
    :client_id => "clientId",
    :client_secret => "clientSecret",
    :issuer => "issuer",
    :_next => "next",
    :token_endpoint => "tokenEndpoint",
    :user_info_endpoint => "userInfoEndpoint",
    :allow_https_outbound => "allowHttpsOutbound",
    :authentication_request_extra_params => "authenticationRequestExtraParams",
    :on_unauthenticated_request => "onUnauthenticatedRequest",
    :scope => "scope",
    :session_cookie_name => "sessionCookieName",
    :session_timeout => "sessionTimeout",
  }
end

Instance Method Details

#to_jsiiObject



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# File 'elastic_load_balancingv2/authenticate_oidc_options.rb', line 141

def to_jsii
  result = {}
  result.merge!({
    "authorizationEndpoint" => @authorization_endpoint,
    "clientId" => @client_id,
    "clientSecret" => @client_secret,
    "issuer" => @issuer,
    "next" => @_next,
    "tokenEndpoint" => @token_endpoint,
    "userInfoEndpoint" => @user_info_endpoint,
    "allowHttpsOutbound" => @allow_https_outbound,
    "authenticationRequestExtraParams" => @authentication_request_extra_params,
    "onUnauthenticatedRequest" => @on_unauthenticated_request,
    "scope" => @scope,
    "sessionCookieName" => @session_cookie_name,
    "sessionTimeout" => @session_timeout,
  })
  result.compact
end