Class AuthenticateOidcActionConfig
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<AuthenticateOidcActionConfig.Builder,
AuthenticateOidcActionConfig>
Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionThe query parameters (up to 10) to include in the redirect request to the authorization endpoint.final String
The authorization endpoint of the IdP.builder()
final String
clientId()
The OAuth 2.0 client identifier.final String
The OAuth 2.0 client secret.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final boolean
For responses, this returns true if the service returned a value for the AuthenticationRequestExtraParams property.final int
hashCode()
final String
issuer()
The OIDC issuer identifier of the IdP.The behavior if the user is not authenticated.final String
The behavior if the user is not authenticated.final String
scope()
The set of user claims to be requested from the IdP.static Class
<? extends AuthenticateOidcActionConfig.Builder> final String
The name of the cookie used to maintain session information.final Long
The maximum duration of the authentication session, in seconds.Take this object and create a builder that contains all of the current property values of this object.final String
The token endpoint of the IdP.final String
toString()
Returns a string representation of this object.final Boolean
Indicates whether to use the existing client secret when modifying a rule.final String
The user info endpoint of the IdP.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
issuer
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Returns:
- The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
authorizationEndpoint
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Returns:
- The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
tokenEndpoint
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Returns:
- The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
userInfoEndpoint
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
- Returns:
- The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
-
clientId
The OAuth 2.0 client identifier.
- Returns:
- The OAuth 2.0 client identifier.
-
clientSecret
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set
UseExistingClientSecret
to true.- Returns:
- The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying
a rule, you can omit this parameter if you set
UseExistingClientSecret
to true.
-
sessionCookieName
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
- Returns:
- The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
-
scope
The set of user claims to be requested from the IdP. The default is
openid
.To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
- Returns:
- The set of user claims to be requested from the IdP. The default is
openid
.To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
-
sessionTimeout
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
- Returns:
- The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
-
hasAuthenticationRequestExtraParams
public final boolean hasAuthenticationRequestExtraParams()For responses, this returns true if the service returned a value for the AuthenticationRequestExtraParams property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
authenticationRequestExtraParams
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasAuthenticationRequestExtraParams()
method.- Returns:
- The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
-
onUnauthenticatedRequest
The behavior if the user is not authenticated. The following are possible values:
-
deny
- Return an HTTP 401 Unauthorized error.
-
allow
- Allow the request to be forwarded to the target.
-
authenticate
- Redirect the request to the IdP authorization endpoint. This is the default value.
If the service returns an enum value that is not available in the current SDK version,
onUnauthenticatedRequest
will returnAuthenticateOidcActionConditionalBehaviorEnum.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromonUnauthenticatedRequestAsString()
.- Returns:
- The behavior if the user is not authenticated. The following are possible values:
-
deny
- Return an HTTP 401 Unauthorized error.
-
allow
- Allow the request to be forwarded to the target.
-
authenticate
- Redirect the request to the IdP authorization endpoint. This is the default value.
-
- See Also:
-
-
onUnauthenticatedRequestAsString
The behavior if the user is not authenticated. The following are possible values:
-
deny
- Return an HTTP 401 Unauthorized error.
-
allow
- Allow the request to be forwarded to the target.
-
authenticate
- Redirect the request to the IdP authorization endpoint. This is the default value.
If the service returns an enum value that is not available in the current SDK version,
onUnauthenticatedRequest
will returnAuthenticateOidcActionConditionalBehaviorEnum.UNKNOWN_TO_SDK_VERSION
. The raw value returned by the service is available fromonUnauthenticatedRequestAsString()
.- Returns:
- The behavior if the user is not authenticated. The following are possible values:
-
deny
- Return an HTTP 401 Unauthorized error.
-
allow
- Allow the request to be forwarded to the target.
-
authenticate
- Redirect the request to the IdP authorization endpoint. This is the default value.
-
- See Also:
-
-
useExistingClientSecret
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
- Returns:
- Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<AuthenticateOidcActionConfig.Builder,
AuthenticateOidcActionConfig> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-