Interface OidcIdentityProviderConfigRequest.Builder
- All Superinterfaces:
Buildable
,CopyableBuilder<OidcIdentityProviderConfigRequest.Builder,
,OidcIdentityProviderConfigRequest> SdkBuilder<OidcIdentityProviderConfigRequest.Builder,
,OidcIdentityProviderConfigRequest> SdkPojo
- Enclosing class:
OidcIdentityProviderConfigRequest
-
Method Summary
Modifier and TypeMethodDescriptionThis is also known as audience.groupsClaim
(String groupsClaim) The JWT claim that the provider uses to return your groups.groupsPrefix
(String groupsPrefix) The prefix that is prepended to group claims to prevent clashes with existing names (such assystem:
groups).identityProviderConfigName
(String identityProviderConfigName) The name of the OIDC provider configuration.The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.requiredClaims
(Map<String, String> requiredClaims) The key value pairs that describe required claims in the identity token.usernameClaim
(String usernameClaim) The JSON Web Token (JWT) claim to use as the username.usernamePrefix
(String usernamePrefix) The prefix that is prepended to username claims to prevent clashes with existing names.Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder
copy
Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder
applyMutation, build
Methods inherited from interface software.amazon.awssdk.core.SdkPojo
equalsBySdkFields, sdkFields
-
Method Details
-
identityProviderConfigName
OidcIdentityProviderConfigRequest.Builder identityProviderConfigName(String identityProviderConfigName) The name of the OIDC provider configuration.
- Parameters:
identityProviderConfigName
- The name of the OIDC provider configuration.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
issuerUrl
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with
https://
and should correspond to theiss
claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, likehttps://server.example.org
orhttps://example.com
. This URL should point to the level below.well-known/openid-configuration
and must be publicly accessible over the internet.- Parameters:
issuerUrl
- The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin withhttps://
and should correspond to theiss
claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, likehttps://server.example.org
orhttps://example.com
. This URL should point to the level below.well-known/openid-configuration
and must be publicly accessible over the internet.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
clientId
This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.
- Parameters:
clientId
- This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
usernameClaim
The JSON Web Token (JWT) claim to use as the username. The default is
sub
, which is expected to be a unique identifier of the end user. You can choose other claims, such asemail
orname
, depending on the OIDC identity provider. Claims other thanemail
are prefixed with the issuer URL to prevent naming clashes with other plug-ins.- Parameters:
usernameClaim
- The JSON Web Token (JWT) claim to use as the username. The default issub
, which is expected to be a unique identifier of the end user. You can choose other claims, such asemail
orname
, depending on the OIDC identity provider. Claims other thanemail
are prefixed with the issuer URL to prevent naming clashes with other plug-ins.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
usernamePrefix
The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and
username
is a value other thanemail
, the prefix defaults toissuerurl#
. You can use the value-
to disable all prefixing.- Parameters:
usernamePrefix
- The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, andusername
is a value other thanemail
, the prefix defaults toissuerurl#
. You can use the value-
to disable all prefixing.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
groupsClaim
The JWT claim that the provider uses to return your groups.
- Parameters:
groupsClaim
- The JWT claim that the provider uses to return your groups.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
groupsPrefix
The prefix that is prepended to group claims to prevent clashes with existing names (such as
system:
groups). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
.- Parameters:
groupsPrefix
- The prefix that is prepended to group claims to prevent clashes with existing names (such assystem:
groups). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
requiredClaims
The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.
- Parameters:
requiredClaims
- The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-