{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ELBV2.Types.AuthenticateOidcActionConfig
-- Copyright   : (c) 2013-2021 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay <brendan.g.hay+amazonka@gmail.com>
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ELBV2.Types.AuthenticateOidcActionConfig where

import qualified Amazonka.Core as Core
import Amazonka.ELBV2.Types.AuthenticateOidcActionConditionalBehaviorEnum
import qualified Amazonka.Lens as Lens
import qualified Amazonka.Prelude as Prelude

-- | Request parameters when using an identity provider (IdP) that is
-- compliant with OpenID Connect (OIDC) to authenticate users.
--
-- /See:/ 'newAuthenticateOidcActionConfig' smart constructor.
data AuthenticateOidcActionConfig = AuthenticateOidcActionConfig'
  { -- | The OAuth 2.0 client secret. This parameter is required if you are
    -- creating a rule. If you are modifying a rule, you can omit this
    -- parameter if you set @UseExistingClientSecret@ to true.
    AuthenticateOidcActionConfig -> Maybe Text
clientSecret :: Prelude.Maybe Prelude.Text,
    -- | Indicates whether to use the existing client secret when modifying a
    -- rule. If you are creating a rule, you can omit this parameter or set it
    -- to false.
    AuthenticateOidcActionConfig -> Maybe Bool
useExistingClientSecret :: Prelude.Maybe Prelude.Bool,
    -- | The query parameters (up to 10) to include in the redirect request to
    -- the authorization endpoint.
    AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
authenticationRequestExtraParams :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The set of user claims to be requested from the IdP. The default is
    -- @openid@.
    --
    -- To verify which scope values your IdP supports and how to separate
    -- multiple values, see the documentation for your IdP.
    AuthenticateOidcActionConfig -> Maybe Text
scope :: Prelude.Maybe Prelude.Text,
    -- | The behavior if the user is not authenticated. The following are
    -- possible values:
    --
    -- -   deny@@ - Return an HTTP 401 Unauthorized error.
    --
    -- -   allow@@ - Allow the request to be forwarded to the target.
    --
    -- -   authenticate@@ - Redirect the request to the IdP authorization
    --     endpoint. This is the default value.
    AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest :: Prelude.Maybe AuthenticateOidcActionConditionalBehaviorEnum,
    -- | The name of the cookie used to maintain session information. The default
    -- is AWSELBAuthSessionCookie.
    AuthenticateOidcActionConfig -> Maybe Text
sessionCookieName :: Prelude.Maybe Prelude.Text,
    -- | The maximum duration of the authentication session, in seconds. The
    -- default is 604800 seconds (7 days).
    AuthenticateOidcActionConfig -> Maybe Integer
sessionTimeout :: Prelude.Maybe Prelude.Integer,
    -- | The OIDC issuer identifier of the IdP. This must be a full URL,
    -- including the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
issuer :: Prelude.Text,
    -- | The authorization endpoint of the IdP. This must be a full URL,
    -- including the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
authorizationEndpoint :: Prelude.Text,
    -- | The token endpoint of the IdP. This must be a full URL, including the
    -- HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
tokenEndpoint :: Prelude.Text,
    -- | The user info endpoint of the IdP. This must be a full URL, including
    -- the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
userInfoEndpoint :: Prelude.Text,
    -- | The OAuth 2.0 client identifier.
    AuthenticateOidcActionConfig -> Text
clientId :: Prelude.Text
  }
  deriving (AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
(AuthenticateOidcActionConfig
 -> AuthenticateOidcActionConfig -> Bool)
-> (AuthenticateOidcActionConfig
    -> AuthenticateOidcActionConfig -> Bool)
-> Eq AuthenticateOidcActionConfig
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
$c/= :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
== :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
$c== :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
Prelude.Eq, ReadPrec [AuthenticateOidcActionConfig]
ReadPrec AuthenticateOidcActionConfig
Int -> ReadS AuthenticateOidcActionConfig
ReadS [AuthenticateOidcActionConfig]
(Int -> ReadS AuthenticateOidcActionConfig)
-> ReadS [AuthenticateOidcActionConfig]
-> ReadPrec AuthenticateOidcActionConfig
-> ReadPrec [AuthenticateOidcActionConfig]
-> Read AuthenticateOidcActionConfig
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AuthenticateOidcActionConfig]
$creadListPrec :: ReadPrec [AuthenticateOidcActionConfig]
readPrec :: ReadPrec AuthenticateOidcActionConfig
$creadPrec :: ReadPrec AuthenticateOidcActionConfig
readList :: ReadS [AuthenticateOidcActionConfig]
$creadList :: ReadS [AuthenticateOidcActionConfig]
readsPrec :: Int -> ReadS AuthenticateOidcActionConfig
$creadsPrec :: Int -> ReadS AuthenticateOidcActionConfig
Prelude.Read, Int -> AuthenticateOidcActionConfig -> ShowS
[AuthenticateOidcActionConfig] -> ShowS
AuthenticateOidcActionConfig -> String
(Int -> AuthenticateOidcActionConfig -> ShowS)
-> (AuthenticateOidcActionConfig -> String)
-> ([AuthenticateOidcActionConfig] -> ShowS)
-> Show AuthenticateOidcActionConfig
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AuthenticateOidcActionConfig] -> ShowS
$cshowList :: [AuthenticateOidcActionConfig] -> ShowS
show :: AuthenticateOidcActionConfig -> String
$cshow :: AuthenticateOidcActionConfig -> String
showsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS
$cshowsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS
Prelude.Show, (forall x.
 AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x)
-> (forall x.
    Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig)
-> Generic AuthenticateOidcActionConfig
forall x.
Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig
forall x.
AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig
$cfrom :: forall x.
AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x
Prelude.Generic)

-- |
-- Create a value of 'AuthenticateOidcActionConfig' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'clientSecret', 'authenticateOidcActionConfig_clientSecret' - The OAuth 2.0 client secret. This parameter is required if you are
-- creating a rule. If you are modifying a rule, you can omit this
-- parameter if you set @UseExistingClientSecret@ to true.
--
-- 'useExistingClientSecret', 'authenticateOidcActionConfig_useExistingClientSecret' - Indicates whether to use the existing client secret when modifying a
-- rule. If you are creating a rule, you can omit this parameter or set it
-- to false.
--
-- 'authenticationRequestExtraParams', 'authenticateOidcActionConfig_authenticationRequestExtraParams' - The query parameters (up to 10) to include in the redirect request to
-- the authorization endpoint.
--
-- 'scope', 'authenticateOidcActionConfig_scope' - The set of user claims to be requested from the IdP. The default is
-- @openid@.
--
-- To verify which scope values your IdP supports and how to separate
-- multiple values, see the documentation for your IdP.
--
-- 'onUnauthenticatedRequest', 'authenticateOidcActionConfig_onUnauthenticatedRequest' - The behavior if the user is not authenticated. The following are
-- possible values:
--
-- -   deny@@ - Return an HTTP 401 Unauthorized error.
--
-- -   allow@@ - Allow the request to be forwarded to the target.
--
-- -   authenticate@@ - Redirect the request to the IdP authorization
--     endpoint. This is the default value.
--
-- 'sessionCookieName', 'authenticateOidcActionConfig_sessionCookieName' - The name of the cookie used to maintain session information. The default
-- is AWSELBAuthSessionCookie.
--
-- 'sessionTimeout', 'authenticateOidcActionConfig_sessionTimeout' - The maximum duration of the authentication session, in seconds. The
-- default is 604800 seconds (7 days).
--
-- 'issuer', 'authenticateOidcActionConfig_issuer' - The OIDC issuer identifier of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
--
-- 'authorizationEndpoint', 'authenticateOidcActionConfig_authorizationEndpoint' - The authorization endpoint of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
--
-- 'tokenEndpoint', 'authenticateOidcActionConfig_tokenEndpoint' - The token endpoint of the IdP. This must be a full URL, including the
-- HTTPS protocol, the domain, and the path.
--
-- 'userInfoEndpoint', 'authenticateOidcActionConfig_userInfoEndpoint' - The user info endpoint of the IdP. This must be a full URL, including
-- the HTTPS protocol, the domain, and the path.
--
-- 'clientId', 'authenticateOidcActionConfig_clientId' - The OAuth 2.0 client identifier.
newAuthenticateOidcActionConfig ::
  -- | 'issuer'
  Prelude.Text ->
  -- | 'authorizationEndpoint'
  Prelude.Text ->
  -- | 'tokenEndpoint'
  Prelude.Text ->
  -- | 'userInfoEndpoint'
  Prelude.Text ->
  -- | 'clientId'
  Prelude.Text ->
  AuthenticateOidcActionConfig
newAuthenticateOidcActionConfig :: Text
-> Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig
newAuthenticateOidcActionConfig
  Text
pIssuer_
  Text
pAuthorizationEndpoint_
  Text
pTokenEndpoint_
  Text
pUserInfoEndpoint_
  Text
pClientId_ =
    AuthenticateOidcActionConfig' :: Maybe Text
-> Maybe Bool
-> Maybe (HashMap Text Text)
-> Maybe Text
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
-> Maybe Text
-> Maybe Integer
-> Text
-> Text
-> Text
-> Text
-> Text
-> AuthenticateOidcActionConfig
AuthenticateOidcActionConfig'
      { $sel:clientSecret:AuthenticateOidcActionConfig' :: Maybe Text
clientSecret =
          Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: Maybe Bool
useExistingClientSecret = Maybe Bool
forall a. Maybe a
Prelude.Nothing,
        $sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: Maybe (HashMap Text Text)
authenticationRequestExtraParams =
          Maybe (HashMap Text Text)
forall a. Maybe a
Prelude.Nothing,
        $sel:scope:AuthenticateOidcActionConfig' :: Maybe Text
scope = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest = Maybe AuthenticateOidcActionConditionalBehaviorEnum
forall a. Maybe a
Prelude.Nothing,
        $sel:sessionCookieName:AuthenticateOidcActionConfig' :: Maybe Text
sessionCookieName = Maybe Text
forall a. Maybe a
Prelude.Nothing,
        $sel:sessionTimeout:AuthenticateOidcActionConfig' :: Maybe Integer
sessionTimeout = Maybe Integer
forall a. Maybe a
Prelude.Nothing,
        $sel:issuer:AuthenticateOidcActionConfig' :: Text
issuer = Text
pIssuer_,
        $sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: Text
authorizationEndpoint =
          Text
pAuthorizationEndpoint_,
        $sel:tokenEndpoint:AuthenticateOidcActionConfig' :: Text
tokenEndpoint = Text
pTokenEndpoint_,
        $sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: Text
userInfoEndpoint = Text
pUserInfoEndpoint_,
        $sel:clientId:AuthenticateOidcActionConfig' :: Text
clientId = Text
pClientId_
      }

-- | The OAuth 2.0 client secret. This parameter is required if you are
-- creating a rule. If you are modifying a rule, you can omit this
-- parameter if you set @UseExistingClientSecret@ to true.
authenticateOidcActionConfig_clientSecret :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_clientSecret :: (Maybe Text -> f (Maybe Text))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_clientSecret = (AuthenticateOidcActionConfig -> Maybe Text)
-> (AuthenticateOidcActionConfig
    -> Maybe Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
clientSecret :: Maybe Text
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
clientSecret} -> Maybe Text
clientSecret) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:clientSecret:AuthenticateOidcActionConfig' :: Maybe Text
clientSecret = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | Indicates whether to use the existing client secret when modifying a
-- rule. If you are creating a rule, you can omit this parameter or set it
-- to false.
authenticateOidcActionConfig_useExistingClientSecret :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Bool)
authenticateOidcActionConfig_useExistingClientSecret :: (Maybe Bool -> f (Maybe Bool))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_useExistingClientSecret = (AuthenticateOidcActionConfig -> Maybe Bool)
-> (AuthenticateOidcActionConfig
    -> Maybe Bool -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe Bool)
     (Maybe Bool)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Bool
useExistingClientSecret :: Maybe Bool
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
useExistingClientSecret} -> Maybe Bool
useExistingClientSecret) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Bool
a -> AuthenticateOidcActionConfig
s {$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: Maybe Bool
useExistingClientSecret = Maybe Bool
a} :: AuthenticateOidcActionConfig)

-- | The query parameters (up to 10) to include in the redirect request to
-- the authorization endpoint.
authenticateOidcActionConfig_authenticationRequestExtraParams :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
authenticateOidcActionConfig_authenticationRequestExtraParams :: (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_authenticationRequestExtraParams = (AuthenticateOidcActionConfig -> Maybe (HashMap Text Text))
-> (AuthenticateOidcActionConfig
    -> Maybe (HashMap Text Text) -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe (HashMap Text Text)
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
authenticationRequestExtraParams} -> Maybe (HashMap Text Text)
authenticationRequestExtraParams) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe (HashMap Text Text)
a -> AuthenticateOidcActionConfig
s {$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: Maybe (HashMap Text Text)
authenticationRequestExtraParams = Maybe (HashMap Text Text)
a} :: AuthenticateOidcActionConfig) ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
 -> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig)
-> ((Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
    -> Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> (Maybe (HashMap Text Text) -> f (Maybe (HashMap Text Text)))
-> AuthenticateOidcActionConfig
-> f AuthenticateOidcActionConfig
forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
-> Iso
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
     (Maybe (HashMap Text Text))
forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping AnIso
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
  (HashMap Text Text)
forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The set of user claims to be requested from the IdP. The default is
-- @openid@.
--
-- To verify which scope values your IdP supports and how to separate
-- multiple values, see the documentation for your IdP.
authenticateOidcActionConfig_scope :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_scope :: (Maybe Text -> f (Maybe Text))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_scope = (AuthenticateOidcActionConfig -> Maybe Text)
-> (AuthenticateOidcActionConfig
    -> Maybe Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
scope :: Maybe Text
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
scope} -> Maybe Text
scope) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:scope:AuthenticateOidcActionConfig' :: Maybe Text
scope = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | The behavior if the user is not authenticated. The following are
-- possible values:
--
-- -   deny@@ - Return an HTTP 401 Unauthorized error.
--
-- -   allow@@ - Allow the request to be forwarded to the target.
--
-- -   authenticate@@ - Redirect the request to the IdP authorization
--     endpoint. This is the default value.
authenticateOidcActionConfig_onUnauthenticatedRequest :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe AuthenticateOidcActionConditionalBehaviorEnum)
authenticateOidcActionConfig_onUnauthenticatedRequest :: (Maybe AuthenticateOidcActionConditionalBehaviorEnum
 -> f (Maybe AuthenticateOidcActionConditionalBehaviorEnum))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_onUnauthenticatedRequest = (AuthenticateOidcActionConfig
 -> Maybe AuthenticateOidcActionConditionalBehaviorEnum)
-> (AuthenticateOidcActionConfig
    -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
    -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe AuthenticateOidcActionConditionalBehaviorEnum)
     (Maybe AuthenticateOidcActionConditionalBehaviorEnum)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest} -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe AuthenticateOidcActionConditionalBehaviorEnum
a -> AuthenticateOidcActionConfig
s {$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest = Maybe AuthenticateOidcActionConditionalBehaviorEnum
a} :: AuthenticateOidcActionConfig)

-- | The name of the cookie used to maintain session information. The default
-- is AWSELBAuthSessionCookie.
authenticateOidcActionConfig_sessionCookieName :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_sessionCookieName :: (Maybe Text -> f (Maybe Text))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_sessionCookieName = (AuthenticateOidcActionConfig -> Maybe Text)
-> (AuthenticateOidcActionConfig
    -> Maybe Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe Text)
     (Maybe Text)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
sessionCookieName :: Maybe Text
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
sessionCookieName} -> Maybe Text
sessionCookieName) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:sessionCookieName:AuthenticateOidcActionConfig' :: Maybe Text
sessionCookieName = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | The maximum duration of the authentication session, in seconds. The
-- default is 604800 seconds (7 days).
authenticateOidcActionConfig_sessionTimeout :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Integer)
authenticateOidcActionConfig_sessionTimeout :: (Maybe Integer -> f (Maybe Integer))
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_sessionTimeout = (AuthenticateOidcActionConfig -> Maybe Integer)
-> (AuthenticateOidcActionConfig
    -> Maybe Integer -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig
     AuthenticateOidcActionConfig
     (Maybe Integer)
     (Maybe Integer)
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Integer
sessionTimeout :: Maybe Integer
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
sessionTimeout} -> Maybe Integer
sessionTimeout) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Integer
a -> AuthenticateOidcActionConfig
s {$sel:sessionTimeout:AuthenticateOidcActionConfig' :: Maybe Integer
sessionTimeout = Maybe Integer
a} :: AuthenticateOidcActionConfig)

-- | The OIDC issuer identifier of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_issuer :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_issuer :: (Text -> f Text)
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_issuer = (AuthenticateOidcActionConfig -> Text)
-> (AuthenticateOidcActionConfig
    -> Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig AuthenticateOidcActionConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
issuer :: Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
issuer} -> Text
issuer) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:issuer:AuthenticateOidcActionConfig' :: Text
issuer = Text
a} :: AuthenticateOidcActionConfig)

-- | The authorization endpoint of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_authorizationEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_authorizationEndpoint :: (Text -> f Text)
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_authorizationEndpoint = (AuthenticateOidcActionConfig -> Text)
-> (AuthenticateOidcActionConfig
    -> Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig AuthenticateOidcActionConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
authorizationEndpoint :: Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
authorizationEndpoint} -> Text
authorizationEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: Text
authorizationEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The token endpoint of the IdP. This must be a full URL, including the
-- HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_tokenEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_tokenEndpoint :: (Text -> f Text)
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_tokenEndpoint = (AuthenticateOidcActionConfig -> Text)
-> (AuthenticateOidcActionConfig
    -> Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig AuthenticateOidcActionConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
tokenEndpoint :: Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
tokenEndpoint} -> Text
tokenEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: Text
tokenEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The user info endpoint of the IdP. This must be a full URL, including
-- the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_userInfoEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_userInfoEndpoint :: (Text -> f Text)
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_userInfoEndpoint = (AuthenticateOidcActionConfig -> Text)
-> (AuthenticateOidcActionConfig
    -> Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig AuthenticateOidcActionConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
userInfoEndpoint :: Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
userInfoEndpoint} -> Text
userInfoEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: Text
userInfoEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The OAuth 2.0 client identifier.
authenticateOidcActionConfig_clientId :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_clientId :: (Text -> f Text)
-> AuthenticateOidcActionConfig -> f AuthenticateOidcActionConfig
authenticateOidcActionConfig_clientId = (AuthenticateOidcActionConfig -> Text)
-> (AuthenticateOidcActionConfig
    -> Text -> AuthenticateOidcActionConfig)
-> Lens
     AuthenticateOidcActionConfig AuthenticateOidcActionConfig Text Text
forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
clientId :: Text
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
clientId} -> Text
clientId) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:clientId:AuthenticateOidcActionConfig' :: Text
clientId = Text
a} :: AuthenticateOidcActionConfig)

instance Core.FromXML AuthenticateOidcActionConfig where
  parseXML :: [Node] -> Either String AuthenticateOidcActionConfig
parseXML [Node]
x =
    Maybe Text
-> Maybe Bool
-> Maybe (HashMap Text Text)
-> Maybe Text
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
-> Maybe Text
-> Maybe Integer
-> Text
-> Text
-> Text
-> Text
-> Text
-> AuthenticateOidcActionConfig
AuthenticateOidcActionConfig'
      (Maybe Text
 -> Maybe Bool
 -> Maybe (HashMap Text Text)
 -> Maybe Text
 -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
 -> Maybe Text
 -> Maybe Integer
 -> Text
 -> Text
 -> Text
 -> Text
 -> Text
 -> AuthenticateOidcActionConfig)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Bool
      -> Maybe (HashMap Text Text)
      -> Maybe Text
      -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
      -> Maybe Text
      -> Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"ClientSecret")
      Either
  String
  (Maybe Bool
   -> Maybe (HashMap Text Text)
   -> Maybe Text
   -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
   -> Maybe Text
   -> Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either String (Maybe Bool)
-> Either
     String
     (Maybe (HashMap Text Text)
      -> Maybe Text
      -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
      -> Maybe Text
      -> Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Bool)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"UseExistingClientSecret")
      Either
  String
  (Maybe (HashMap Text Text)
   -> Maybe Text
   -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
   -> Maybe Text
   -> Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either String (Maybe (HashMap Text Text))
-> Either
     String
     (Maybe Text
      -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
      -> Maybe Text
      -> Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ( [Node]
x [Node] -> Text -> Either String (Maybe [Node])
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"AuthenticationRequestExtraParams"
                      Either String (Maybe [Node]) -> [Node] -> Either String [Node]
forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ [Node]
forall a. Monoid a => a
Prelude.mempty
                      Either String [Node]
-> ([Node] -> Either String (Maybe (HashMap Text Text)))
-> Either String (Maybe (HashMap Text Text))
forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= ([Node] -> Either String (HashMap Text Text))
-> [Node] -> Either String (Maybe (HashMap Text Text))
forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (Text -> Text -> Text -> [Node] -> Either String (HashMap Text Text)
forall k v.
(Eq k, Hashable k, FromText k, FromXML v) =>
Text -> Text -> Text -> [Node] -> Either String (HashMap k v)
Core.parseXMLMap Text
"entry" Text
"key" Text
"value")
                  )
      Either
  String
  (Maybe Text
   -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
   -> Maybe Text
   -> Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe AuthenticateOidcActionConditionalBehaviorEnum
      -> Maybe Text
      -> Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"Scope")
      Either
  String
  (Maybe AuthenticateOidcActionConditionalBehaviorEnum
   -> Maybe Text
   -> Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either
     String (Maybe AuthenticateOidcActionConditionalBehaviorEnum)
-> Either
     String
     (Maybe Text
      -> Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node]
-> Text
-> Either
     String (Maybe AuthenticateOidcActionConditionalBehaviorEnum)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"OnUnauthenticatedRequest")
      Either
  String
  (Maybe Text
   -> Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either String (Maybe Text)
-> Either
     String
     (Maybe Integer
      -> Text
      -> Text
      -> Text
      -> Text
      -> Text
      -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Text)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"SessionCookieName")
      Either
  String
  (Maybe Integer
   -> Text
   -> Text
   -> Text
   -> Text
   -> Text
   -> AuthenticateOidcActionConfig)
-> Either String (Maybe Integer)
-> Either
     String
     (Text
      -> Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String (Maybe Integer)
forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Core..@? Text
"SessionTimeout")
      Either
  String
  (Text
   -> Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig)
-> Either String Text
-> Either
     String
     (Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"Issuer")
      Either
  String
  (Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig)
-> Either String Text
-> Either
     String (Text -> Text -> Text -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"AuthorizationEndpoint")
      Either
  String (Text -> Text -> Text -> AuthenticateOidcActionConfig)
-> Either String Text
-> Either String (Text -> Text -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"TokenEndpoint")
      Either String (Text -> Text -> AuthenticateOidcActionConfig)
-> Either String Text
-> Either String (Text -> AuthenticateOidcActionConfig)
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"UserInfoEndpoint")
      Either String (Text -> AuthenticateOidcActionConfig)
-> Either String Text -> Either String AuthenticateOidcActionConfig
forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x [Node] -> Text -> Either String Text
forall a. FromXML a => [Node] -> Text -> Either String a
Core..@ Text
"ClientId")

instance
  Prelude.Hashable
    AuthenticateOidcActionConfig

instance Prelude.NFData AuthenticateOidcActionConfig

instance Core.ToQuery AuthenticateOidcActionConfig where
  toQuery :: AuthenticateOidcActionConfig -> QueryString
toQuery AuthenticateOidcActionConfig' {Maybe Bool
Maybe Integer
Maybe Text
Maybe (HashMap Text Text)
Maybe AuthenticateOidcActionConditionalBehaviorEnum
Text
clientId :: Text
userInfoEndpoint :: Text
tokenEndpoint :: Text
authorizationEndpoint :: Text
issuer :: Text
sessionTimeout :: Maybe Integer
sessionCookieName :: Maybe Text
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
scope :: Maybe Text
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
useExistingClientSecret :: Maybe Bool
clientSecret :: Maybe Text
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
..} =
    [QueryString] -> QueryString
forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"ClientSecret" ByteString -> Maybe Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Text
clientSecret,
        ByteString
"UseExistingClientSecret"
          ByteString -> Maybe Bool -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Bool
useExistingClientSecret,
        ByteString
"AuthenticationRequestExtraParams"
          ByteString -> QueryString -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe QueryString -> QueryString
forall a. ToQuery a => a -> QueryString
Core.toQuery
            ( ByteString
-> ByteString -> ByteString -> HashMap Text Text -> QueryString
forall k v.
(ToQuery k, ToQuery v) =>
ByteString
-> ByteString -> ByteString -> HashMap k v -> QueryString
Core.toQueryMap ByteString
"entry" ByteString
"key" ByteString
"value"
                (HashMap Text Text -> QueryString)
-> Maybe (HashMap Text Text) -> Maybe QueryString
forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
authenticationRequestExtraParams
            ),
        ByteString
"Scope" ByteString -> Maybe Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Text
scope,
        ByteString
"OnUnauthenticatedRequest"
          ByteString
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
-> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest,
        ByteString
"SessionCookieName" ByteString -> Maybe Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Text
sessionCookieName,
        ByteString
"SessionTimeout" ByteString -> Maybe Integer -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Maybe Integer
sessionTimeout,
        ByteString
"Issuer" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
issuer,
        ByteString
"AuthorizationEndpoint"
          ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
authorizationEndpoint,
        ByteString
"TokenEndpoint" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
tokenEndpoint,
        ByteString
"UserInfoEndpoint" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
userInfoEndpoint,
        ByteString
"ClientId" ByteString -> Text -> QueryString
forall a. ToQuery a => ByteString -> a -> QueryString
Core.=: Text
clientId
      ]