Documentation

An object that represents the configuration for an OpenID Connect (OIDC) identity provider.

See: newOidcIdentityProviderConfig smart constructor.

Create a value of OidcIdentityProviderConfig with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:groupsPrefix:OidcIdentityProviderConfig', oidcIdentityProviderConfig_groupsPrefix - The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

$sel:usernameClaim:OidcIdentityProviderConfig', oidcIdentityProviderConfig_usernameClaim - The JSON Web token (JWT) claim that is used as the username.

$sel:clientId:OidcIdentityProviderConfig', oidcIdentityProviderConfig_clientId - This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

$sel:status:OidcIdentityProviderConfig', oidcIdentityProviderConfig_status - The status of the OIDC identity provider.

$sel:identityProviderConfigName:OidcIdentityProviderConfig', oidcIdentityProviderConfig_identityProviderConfigName - The name of the configuration.

$sel:identityProviderConfigArn:OidcIdentityProviderConfig', oidcIdentityProviderConfig_identityProviderConfigArn - The ARN of the configuration.

$sel:issuerUrl:OidcIdentityProviderConfig', oidcIdentityProviderConfig_issuerUrl - The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

$sel:requiredClaims:OidcIdentityProviderConfig', oidcIdentityProviderConfig_requiredClaims - The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

$sel:usernamePrefix:OidcIdentityProviderConfig', oidcIdentityProviderConfig_usernamePrefix - The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

$sel:groupsClaim:OidcIdentityProviderConfig', oidcIdentityProviderConfig_groupsClaim - The JSON web token (JWT) claim that the provider uses to return your groups.

$sel:clusterName:OidcIdentityProviderConfig', oidcIdentityProviderConfig_clusterName - The cluster that the configuration is associated to.

$sel:tags:OidcIdentityProviderConfig', oidcIdentityProviderConfig_tags - The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you defined.

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

The JSON Web token (JWT) claim that is used as the username.

This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

The status of the OIDC identity provider.

The name of the configuration.

The ARN of the configuration.

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

The JSON web token (JWT) claim that the provider uses to return your groups.

The cluster that the configuration is associated to.

The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you defined.