interface AuthenticateOidcOptions
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.ElasticLoadBalancingV2.AuthenticateOidcOptions |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2#AuthenticateOidcOptions |
 Java | software.amazon.awscdk.services.elasticloadbalancingv2.AuthenticateOidcOptions |
 Python | aws_cdk.aws_elasticloadbalancingv2.AuthenticateOidcOptions |
 TypeScript (source) | aws-cdk-lib » aws_elasticloadbalancingv2 » AuthenticateOidcOptions |
Options for ListenerAction.authenciateOidc().
Example
declare const listener: elbv2.ApplicationListener;
declare const myTargetGroup: elbv2.ApplicationTargetGroup;
listener.addAction('DefaultAction', {
action: elbv2.ListenerAction.authenticateOidc({
authorizationEndpoint: 'https://example.com/openid',
// Other OIDC properties here
clientId: '...',
clientSecret: SecretValue.secretsManager('...'),
issuer: '...',
tokenEndpoint: '...',
userInfoEndpoint: '...',
// Next
next: elbv2.ListenerAction.forward([myTargetGroup]),
}),
});
Properties
| Name | Type | Description |
|---|---|---|
| authorization | string | The authorization endpoint of the IdP. |
| client | string | The OAuth 2.0 client identifier. |
| client | Secret | The OAuth 2.0 client secret. |
| issuer | string | The OIDC issuer identifier of the IdP. |
| next | Listener | What action to execute next. |
| token | string | The token endpoint of the IdP. |
| user | string | The user info endpoint of the IdP. |
| allow | boolean | Allow HTTPS outbound traffic to communicate with the IdP. |
| authentication | { [string]: string } | The query parameters (up to 10) to include in the redirect request to the authorization endpoint. |
| on | Unauthenticated | The behavior if the user is not authenticated. |
| scope? | string | The set of user claims to be requested from the IdP. |
| session | string | The name of the cookie used to maintain session information. |
| session | Duration | The maximum duration of the authentication session. |
authorizationEndpoint
Type:
string
The authorization endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
clientId
Type:
string
The OAuth 2.0 client identifier.
clientSecret
Type:
Secret
The OAuth 2.0 client secret.
issuer
Type:
string
The OIDC issuer identifier of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
next
Type:
Listener
What action to execute next.
tokenEndpoint
Type:
string
The token endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
userInfoEndpoint
Type:
string
The user info endpoint of the IdP.
This must be a full URL, including the HTTPS protocol, the domain, and the path.
allowHttpsOutbound?
Type:
boolean
(optional, default: true)
Allow HTTPS outbound traffic to communicate with the IdP.
Set this property to false if the IP address used for the IdP endpoint is identifiable
and you want to control outbound traffic.
Then allow HTTPS outbound traffic to the IdP's IP address using the listener's connections property.
See also: https://repost.aws/knowledge-center/elb-configure-authentication-alb
authenticationRequestExtraParams?
Type:
{ [string]: string }
(optional, default: No extra parameters)
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
onUnauthenticatedRequest?
Type:
Unauthenticated
(optional, default: UnauthenticatedAction.AUTHENTICATE)
The behavior if the user is not authenticated.
scope?
Type:
string
(optional, default: "openid")
The set of user claims to be requested from the IdP.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
sessionCookieName?
Type:
string
(optional, default: "AWSELBAuthSessionCookie")
The name of the cookie used to maintain session information.
sessionTimeout?
Type:
Duration
(optional, default: Duration.days(7))
The maximum duration of the authentication session.