Class: AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectConfigurationProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectConfigurationProperty
- Defined in:
- verifiedpermissions/cfn_identity_source.rb
Overview
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities.
It specifies the issuer URL, token type that you want to use, and policy store entity details.
This data type is part of a Configuration structure, which is a parameter to CreateIdentitySource .
Instance Attribute Summary collapse
-
#entity_id_prefix ⇒ String?
readonly
A descriptive string that you want to prefix to user entities from your OIDC identity provider.
-
#group_configuration ⇒ AWSCDK::IResolvable, ...
readonly
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
-
#issuer ⇒ String
readonly
The issuer URL of an OIDC identity provider.
-
#token_selection ⇒ AWSCDK::IResolvable, AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectTokenSelectionProperty
readonly
The token type that you want to process from your OIDC identity provider.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(issuer:, token_selection:, entity_id_prefix: nil, group_configuration: nil) ⇒ OpenIdConnectConfigurationProperty
constructor
A new instance of OpenIdConnectConfigurationProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(issuer:, token_selection:, entity_id_prefix: nil, group_configuration: nil) ⇒ OpenIdConnectConfigurationProperty
Returns a new instance of OpenIdConnectConfigurationProperty.
816 817 818 819 820 821 822 823 824 825 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 816 def initialize(issuer:, token_selection:, entity_id_prefix: nil, group_configuration: nil) @issuer = issuer Jsii::Type.check_type(@issuer, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "issuer") @token_selection = token_selection.is_a?(Hash) ? ::AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectTokenSelectionProperty.new(**token_selection.transform_keys(&:to_sym)) : token_selection Jsii::Type.check_type(@token_selection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c192ZXJpZmllZHBlcm1pc3Npb25zLkNmbklkZW50aXR5U291cmNlLk9wZW5JZENvbm5lY3RUb2tlblNlbGVjdGlvblByb3BlcnR5In1dfX0=")), "tokenSelection") @entity_id_prefix = entity_id_prefix Jsii::Type.check_type(@entity_id_prefix, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "entityIdPrefix") unless @entity_id_prefix.nil? @group_configuration = group_configuration.is_a?(Hash) ? ::AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectGroupConfigurationProperty.new(**group_configuration.transform_keys(&:to_sym)) : group_configuration Jsii::Type.check_type(@group_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c192ZXJpZmllZHBlcm1pc3Npb25zLkNmbklkZW50aXR5U291cmNlLk9wZW5JZENvbm5lY3RHcm91cENvbmZpZ3VyYXRpb25Qcm9wZXJ0eSJ9XX19")), "groupConfiguration") unless @group_configuration.nil? end |
Instance Attribute Details
#entity_id_prefix ⇒ String? (readonly)
A descriptive string that you want to prefix to user entities from your OIDC identity provider.
For example, if you set an entity_id_prefix of MyOIDCProvider , you can reference principals in your policies in the format MyCorp::User::MyOIDCProvider|Carlos .
847 848 849 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 847 def entity_id_prefix @entity_id_prefix end |
#group_configuration ⇒ AWSCDK::IResolvable, ... (readonly)
The claim in OIDC identity provider tokens that indicates a user's group membership, and the entity type that you want to map it to.
For example, this object can map the contents of a groups claim to MyCorp::UserGroup .
854 855 856 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 854 def group_configuration @group_configuration end |
#issuer ⇒ String (readonly)
The issuer URL of an OIDC identity provider.
This URL must have an OIDC discovery endpoint at the path .well-known/openid-configuration .
833 834 835 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 833 def issuer @issuer end |
#token_selection ⇒ AWSCDK::IResolvable, AWSCDK::Verifiedpermissions::CfnIdentitySource::OpenIdConnectTokenSelectionProperty (readonly)
The token type that you want to process from your OIDC identity provider.
Your policy store can process either identity (ID) or access tokens from a given OIDC identity source.
840 841 842 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 840 def token_selection @token_selection end |
Class Method Details
.jsii_properties ⇒ Object
856 857 858 859 860 861 862 863 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 856 def self.jsii_properties { :issuer => "issuer", :token_selection => "tokenSelection", :entity_id_prefix => "entityIdPrefix", :group_configuration => "groupConfiguration", } end |
Instance Method Details
#to_jsii ⇒ Object
865 866 867 868 869 870 871 872 873 874 |
# File 'verifiedpermissions/cfn_identity_source.rb', line 865 def to_jsii result = {} result.merge!({ "issuer" => @issuer, "tokenSelection" => @token_selection, "entityIdPrefix" => @entity_id_prefix, "groupConfiguration" => @group_configuration, }) result.compact end |