Class: AWSCDK::ElasticLoadBalancingv2::CfnListenerRule::AuthenticateCognitoConfigProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
elastic_load_balancingv2/cfn_listener_rule.rb

Overview

Specifies information required when integrating with Amazon Cognito to authenticate users.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(user_pool_arn:, user_pool_client_id:, user_pool_domain:, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil) ⇒ AuthenticateCognitoConfigProperty

Returns a new instance of AuthenticateCognitoConfigProperty.

Parameters:

  • user_pool_arn (String)

    The Amazon Resource Name (ARN) of the Amazon Cognito user pool.

  • user_pool_client_id (String)

    The ID of the Amazon Cognito user pool client.

  • user_pool_domain (String)

    The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.

  • authentication_request_extra_params (AWSCDK::IResolvable, Hash{String => String}, nil) (defaults to: nil)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • on_unauthenticated_request (String, nil) (defaults to: nil)

    The behavior if the user is not authenticated. The following are possible values:.

  • scope (String, nil) (defaults to: nil)

    The set of user claims to be requested from the IdP. The default is openid .

  • session_cookie_name (String, nil) (defaults to: nil)

    The name of the cookie used to maintain session information.

  • session_timeout (Numeric, nil) (defaults to: nil)

    The maximum duration of the authentication session, in seconds.



700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 700

def initialize(user_pool_arn:, user_pool_client_id:, user_pool_domain:, authentication_request_extra_params: nil, on_unauthenticated_request: nil, scope: nil, session_cookie_name: nil, session_timeout: nil)
  @user_pool_arn = user_pool_arn
  Jsii::Type.check_type(@user_pool_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolArn")
  @user_pool_client_id = user_pool_client_id
  Jsii::Type.check_type(@user_pool_client_id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolClientId")
  @user_pool_domain = user_pool_domain
  Jsii::Type.check_type(@user_pool_domain, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "userPoolDomain")
  @authentication_request_extra_params = authentication_request_extra_params
  Jsii::Type.check_type(@authentication_request_extra_params, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImNvbGxlY3Rpb24iOnsiZWxlbWVudHR5cGUiOnsicHJpbWl0aXZlIjoic3RyaW5nIn0sImtpbmQiOiJtYXAifX1dfX0=")), "authenticationRequestExtraParams") unless @authentication_request_extra_params.nil?
  @on_unauthenticated_request = on_unauthenticated_request
  Jsii::Type.check_type(@on_unauthenticated_request, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "onUnauthenticatedRequest") unless @on_unauthenticated_request.nil?
  @scope = scope
  Jsii::Type.check_type(@scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "scope") unless @scope.nil?
  @session_cookie_name = session_cookie_name
  Jsii::Type.check_type(@session_cookie_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "sessionCookieName") unless @session_cookie_name.nil?
  @session_timeout = session_timeout
  Jsii::Type.check_type(@session_timeout, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJudW1iZXIifQ==")), "sessionTimeout") unless @session_timeout.nil?
end

Instance Attribute Details

#authentication_request_extra_paramsAWSCDK::IResolvable, ... (readonly)

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.



738
739
740
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 738

def authentication_request_extra_params
  @authentication_request_extra_params
end

#on_unauthenticated_requestString? (readonly)

The behavior if the user is not authenticated. The following are possible values:.

  • deny `` - Return an HTTP 401 Unauthorized error.
  • allow `` - Allow the request to be forwarded to the target.
  • authenticate `` - Redirect the request to the IdP authorization endpoint. This is the default value.


747
748
749
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 747

def on_unauthenticated_request
  @on_unauthenticated_request
end

#scopeString? (readonly)

The set of user claims to be requested from the IdP. The default is openid .

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.



754
755
756
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 754

def scope
  @scope
end

The name of the cookie used to maintain session information.

The default is AWSELBAuthSessionCookie.



761
762
763
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 761

def session_cookie_name
  @session_cookie_name
end

#session_timeoutNumeric? (readonly)

The maximum duration of the authentication session, in seconds.

The default is 604800 seconds (7 days).



768
769
770
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 768

def session_timeout
  @session_timeout
end

#user_pool_arnString (readonly)

The Amazon Resource Name (ARN) of the Amazon Cognito user pool.



723
724
725
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 723

def user_pool_arn
  @user_pool_arn
end

#user_pool_client_idString (readonly)

The ID of the Amazon Cognito user pool client.



728
729
730
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 728

def user_pool_client_id
  @user_pool_client_id
end

#user_pool_domainString (readonly)

The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.



733
734
735
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 733

def user_pool_domain
  @user_pool_domain
end

Class Method Details

.jsii_propertiesObject



770
771
772
773
774
775
776
777
778
779
780
781
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 770

def self.jsii_properties
  {
    :user_pool_arn => "userPoolArn",
    :user_pool_client_id => "userPoolClientId",
    :user_pool_domain => "userPoolDomain",
    :authentication_request_extra_params => "authenticationRequestExtraParams",
    :on_unauthenticated_request => "onUnauthenticatedRequest",
    :scope => "scope",
    :session_cookie_name => "sessionCookieName",
    :session_timeout => "sessionTimeout",
  }
end

Instance Method Details

#to_jsiiObject



783
784
785
786
787
788
789
790
791
792
793
794
795
796
# File 'elastic_load_balancingv2/cfn_listener_rule.rb', line 783

def to_jsii
  result = {}
  result.merge!({
    "userPoolArn" => @user_pool_arn,
    "userPoolClientId" => @user_pool_client_id,
    "userPoolDomain" => @user_pool_domain,
    "authenticationRequestExtraParams" => @authentication_request_extra_params,
    "onUnauthenticatedRequest" => @on_unauthenticated_request,
    "scope" => @scope,
    "sessionCookieName" => @session_cookie_name,
    "sessionTimeout" => @session_timeout,
  })
  result.compact
end