interface OidcIdentityProviderConfigProperty
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EKS.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awseks#CfnIdentityProviderConfig_OidcIdentityProviderConfigProperty |
 Java | software.amazon.awscdk.services.eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty |
 Python | aws_cdk.aws_eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty |
 TypeScript | aws-cdk-lib » aws_eks » CfnIdentityProviderConfig » OidcIdentityProviderConfigProperty |
An object representing the configuration for an OpenID Connect (OIDC) identity provider.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_eks as eks } from 'aws-cdk-lib';
const oidcIdentityProviderConfigProperty: eks.CfnIdentityProviderConfig.OidcIdentityProviderConfigProperty = {
clientId: 'clientId',
issuerUrl: 'issuerUrl',
// the properties below are optional
groupsClaim: 'groupsClaim',
groupsPrefix: 'groupsPrefix',
requiredClaims: [{
key: 'key',
value: 'value',
}],
usernameClaim: 'usernameClaim',
usernamePrefix: 'usernamePrefix',
};
Properties
| Name | Type | Description |
|---|---|---|
| client | string | This is also known as audience . |
| issuer | string | The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. |
| groups | string | The JSON web token (JWT) claim that the provider uses to return your groups. |
| groups | string | The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). |
| required | IResolvable | IResolvable | Required[] | The key-value pairs that describe required claims in the identity token. |
| username | string | The JSON Web token (JWT) claim that is used as the username. |
| username | string | The prefix that is prepended to username claims to prevent clashes with existing names. |
clientId
Type:
string
This is also known as audience .
The ID of the client application that makes authentication requests to the OIDC identity provider.
issuerUrl
Type:
string
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.
groupsClaim?
Type:
string
(optional)
The JSON web token (JWT) claim that the provider uses to return your groups.
groupsPrefix?
Type:
string
(optional)
The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups).
For example, the value oidc: creates group names like oidc:engineering and oidc:infra . The prefix can't contain system:
requiredClaims?
Type:
IResolvable | IResolvable | Required[]
(optional)
The key-value pairs that describe required claims in the identity token.
If set, each claim is verified to be present in the token with a matching value.
usernameClaim?
Type:
string
(optional)
The JSON Web token (JWT) claim that is used as the username.
usernamePrefix?
Type:
string
(optional)
The prefix that is prepended to username claims to prevent clashes with existing names.
The prefix can't contain system: