Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Description

Synopsis

Documentation

data AuthenticateOidcActionConfig Source #

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

See: newAuthenticateOidcActionConfig smart constructor.

Constructors

AuthenticateOidcActionConfig'

Fields

clientSecret :: Maybe Text
The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.
useExistingClientSecret :: Maybe Bool
Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
scope :: Maybe Text
The set of user claims to be requested from the IdP. The default is openid.
To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
The behavior if the user is not authenticated. The following are possible values:
- deny@@ - Return an HTTP 401 Unauthorized error.
- allow@@ - Allow the request to be forwarded to the target.
- authenticate@@ - Redirect the request to the IdP authorization endpoint. This is the default value.
sessionCookieName :: Maybe Text
The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.
sessionTimeout :: Maybe Integer
The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).
issuer :: Text
The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
authorizationEndpoint :: Text
The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
tokenEndpoint :: Text
The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
userInfoEndpoint :: Text
The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.
clientId :: Text
The OAuth 2.0 client identifier.

Instances

Instances details

Eq AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods (==) :: AuthenticateOidcActionConfig -> AuthenticateOidcActionConfig -> Bool # (/=) :: AuthenticateOidcActionConfig -> AuthenticateOidcActionConfig -> Bool #
Read AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods readsPrec :: Int -> ReadS AuthenticateOidcActionConfig # readList :: ReadS [AuthenticateOidcActionConfig] # readPrec :: ReadPrec AuthenticateOidcActionConfig # readListPrec :: ReadPrec [AuthenticateOidcActionConfig] #
Show AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods showsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS # show :: AuthenticateOidcActionConfig -> String # showList :: [AuthenticateOidcActionConfig] -> ShowS #
Generic AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Associated Types type Rep AuthenticateOidcActionConfig :: Type -> Type # Methods from :: AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x # to :: Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig #
NFData AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods rnf :: AuthenticateOidcActionConfig -> () #
Hashable AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods hashWithSalt :: Int -> AuthenticateOidcActionConfig -> Int # hash :: AuthenticateOidcActionConfig -> Int #
ToQuery AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods toQuery :: AuthenticateOidcActionConfig -> QueryString #
FromXML AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig Methods parseXML :: [Node] -> Either String AuthenticateOidcActionConfig #
type Rep AuthenticateOidcActionConfig Source #
Instance details Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig type Rep AuthenticateOidcActionConfig = D1 ('MetaData "AuthenticateOidcActionConfig" "Amazonka.ELBV2.Types.AuthenticateOidcActionConfig" "libZSservicesZSamazonka-elbv2ZSamazonka-elbv2" 'False) (C1 ('MetaCons "AuthenticateOidcActionConfig'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "clientSecret") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "useExistingClientSecret") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: S1 ('MetaSel ('Just "authenticationRequestExtraParams") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text Text))))) :: (S1 ('MetaSel ('Just "scope") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "onUnauthenticatedRequest") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe AuthenticateOidcActionConditionalBehaviorEnum)) :: S1 ('MetaSel ('Just "sessionCookieName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))) :: ((S1 ('MetaSel ('Just "sessionTimeout") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Integer)) :: (S1 ('MetaSel ('Just "issuer") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: S1 ('MetaSel ('Just "authorizationEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) :: (S1 ('MetaSel ('Just "tokenEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Just "userInfoEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "clientId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))))

newAuthenticateOidcActionConfig Source #

Arguments

:: Text	`$sel:issuer:AuthenticateOidcActionConfig'`
-> Text	`$sel:authorizationEndpoint:AuthenticateOidcActionConfig'`
-> Text	`$sel:tokenEndpoint:AuthenticateOidcActionConfig'`
-> Text	`$sel:userInfoEndpoint:AuthenticateOidcActionConfig'`
-> Text	`$sel:clientId:AuthenticateOidcActionConfig'`
-> AuthenticateOidcActionConfig

Create a value of AuthenticateOidcActionConfig with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:clientSecret:AuthenticateOidcActionConfig', authenticateOidcActionConfig_clientSecret - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

$sel:useExistingClientSecret:AuthenticateOidcActionConfig', authenticateOidcActionConfig_useExistingClientSecret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig', authenticateOidcActionConfig_authenticationRequestExtraParams - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

$sel:scope:AuthenticateOidcActionConfig', authenticateOidcActionConfig_scope - The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig', authenticateOidcActionConfig_onUnauthenticatedRequest - The behavior if the user is not authenticated. The following are possible values:

deny@@ - Return an HTTP 401 Unauthorized error.
allow@@ - Allow the request to be forwarded to the target.
authenticate@@ - Redirect the request to the IdP authorization endpoint. This is the default value.

$sel:sessionCookieName:AuthenticateOidcActionConfig', authenticateOidcActionConfig_sessionCookieName - The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

$sel:sessionTimeout:AuthenticateOidcActionConfig', authenticateOidcActionConfig_sessionTimeout - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

$sel:issuer:AuthenticateOidcActionConfig', authenticateOidcActionConfig_issuer - The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:authorizationEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_authorizationEndpoint - The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:tokenEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_tokenEndpoint - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:userInfoEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_userInfoEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:clientId:AuthenticateOidcActionConfig', authenticateOidcActionConfig_clientId - The OAuth 2.0 client identifier.

authenticateOidcActionConfig_clientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

authenticateOidcActionConfig_useExistingClientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Bool) Source #

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authenticateOidcActionConfig_authenticationRequestExtraParams :: Lens' AuthenticateOidcActionConfig (Maybe (HashMap Text Text)) Source #

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

authenticateOidcActionConfig_scope :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

authenticateOidcActionConfig_onUnauthenticatedRequest :: Lens' AuthenticateOidcActionConfig (Maybe AuthenticateOidcActionConditionalBehaviorEnum) Source #

The behavior if the user is not authenticated. The following are possible values:

deny@@ - Return an HTTP 401 Unauthorized error.
allow@@ - Allow the request to be forwarded to the target.
authenticate@@ - Redirect the request to the IdP authorization endpoint. This is the default value.

authenticateOidcActionConfig_sessionCookieName :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

authenticateOidcActionConfig_sessionTimeout :: Lens' AuthenticateOidcActionConfig (Maybe Integer) Source #

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

authenticateOidcActionConfig_issuer :: Lens' AuthenticateOidcActionConfig Text Source #

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_authorizationEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_tokenEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_userInfoEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_clientId :: Lens' AuthenticateOidcActionConfig Text Source #

The OAuth 2.0 client identifier.