Class: AWSCDK::ElasticLoadBalancingv2::CfnListener::AuthenticateCognitoConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
elastic_load_balancingv2/cfn_listener.rb

Overview

Specifies information required when integrating with Amazon Cognito to authenticate users.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user_pool_arn:, user_pool_client_id:, user_pool_domain:, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) ⇒ AuthenticateCognitoConfigProperty

Returns a new instance of AuthenticateCognitoConfigProperty.

Parameters:

  • user_pool_arn (String)

    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

  • user_pool_client_id (String)

    The ID of the Amazon Cognito user pool client.

  • user_pool_domain (String)

    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

  • authentication_request_extra_params (AWSCDK::IResolvable, Hash{String => String}, nil) (defaults to: nil)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • on_unauthenticated_request (String, nil) (defaults to: nil)

    The behavior if the user is not authenticated. The following are possible values:.

  • scope (String, nil) (defaults to: nil)

    The set of user claims to be requested from the IdP. The default is openid .

  • session_cookie_name (String, nil) (defaults to: nil)

    The name of the cookie used to maintain session information.

  • session_timeout (String, nil) (defaults to: nil)

    The maximum duration of the authentication session, in seconds.



750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
# File 'elastic_load_balancingv2/cfn_listener.rb', line 750

def initialize(user_pool_arn:, user_pool_client_id:, user_pool_domain:, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil)
  @user_pool_arn = user_pool_arn
  Jsii::Type.check_type(@user_pool_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolArn")
  @user_pool_client_id = user_pool_client_id
  Jsii::Type.check_type(@user_pool_client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolClientId")
  @user_pool_domain = user_pool_domain
  Jsii::Type.check_type(@user_pool_domain, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolDomain")
  @authentication_request_extra_params = authentication_request_extra_params
  Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsicHJpbWl0aXZlIjoic3RyaW5nIn0sImtpbmQiOiJtYXAifX1dfX0=")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil?
  @on_unauthenticated_request = on_unauthenticated_request
  Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil?
  @scope = scope
  Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil?
  @session_cookie_name = session_cookie_name
  Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionTimeout") unless @session_timeout.nil?
end

Instance Attribute Details

#authentication_request_extra_paramsAWSCDK::IResolvable, ... (readonly)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.



788
789
790
# File 'elastic_load_balancingv2/cfn_listener.rb', line 788

def authentication_request_extra_params
  @authentication_request_extra_params
end

#on_unauthenticated_requestString? (readonly)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.


797
798
799
# File 'elastic_load_balancingv2/cfn_listener.rb', line 797

def on_unauthenticated_request
  @on_unauthenticated_request
end

#scopeString? (readonly)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.



804
805
806
# File 'elastic_load_balancingv2/cfn_listener.rb', line 804

def scope
  @scope
end

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.



811
812
813
# File 'elastic_load_balancingv2/cfn_listener.rb', line 811

def session_cookie_name
  @session_cookie_name
end

#session_timeoutString? (readonly)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).



818
819
820
# File 'elastic_load_balancingv2/cfn_listener.rb', line 818

def session_timeout
  @session_timeout
end

#user_pool_arnString (readonly)

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.



773
774
775
# File 'elastic_load_balancingv2/cfn_listener.rb', line 773

def user_pool_arn
  @user_pool_arn
end

#user_pool_client_idString (readonly)

The ID of the Amazon Cognito user pool client.



778
779
780
# File 'elastic_load_balancingv2/cfn_listener.rb', line 778

def user_pool_client_id
  @user_pool_client_id
end

#user_pool_domainString (readonly)

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.



783
784
785
# File 'elastic_load_balancingv2/cfn_listener.rb', line 783

def user_pool_domain
  @user_pool_domain
end

Class Method Details

.jsii_propertiesObject



820
821
822
823
824
825
826
827
828
829
830
831
# File 'elastic_load_balancingv2/cfn_listener.rb', line 820

def self.jsii_properties
  {
    :user_pool_arn => "userPoolArn",
    :user_pool_client_id => "userPoolClientId",
    :user_pool_domain => "userPoolDomain",
    :authentication_request_extra_params => "authenticationRequestExtraParams",
    :on_unauthenticated_request => "onUnauthenticatedRequest",
    :scope => "scope",
    :session_cookie_name => "sessionCookieName",
    :session_timeout => "sessionTimeout",
  }
end

Instance Method Details

#to_jsiiObject



833
834
835
836
837
838
839
840
841
842
843
844
845
846
# File 'elastic_load_balancingv2/cfn_listener.rb', line 833

def to_jsii
  result = {}
  result.merge!({
    "userPoolArn" => @user_pool_arn,
    "userPoolClientId" => @user_pool_client_id,
    "userPoolDomain" => @user_pool_domain,
    "authenticationRequestExtraParams" => @authentication_request_extra_params,
    "onUnauthenticatedRequest" => @on_unauthenticated_request,
    "scope" => @scope,
    "sessionCookieName" => @session_cookie_name,
    "sessionTimeout" => @session_timeout,
  })
  result.compact
end