amazonka-elbv2-2.0: Amazon Elastic Load Balancing SDK.
Copyright(c) 2013-2023 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellSafe-Inferred
LanguageHaskell2010

Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Description

 
Synopsis

Documentation

data AuthenticateOidcActionConfig Source #

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

See: newAuthenticateOidcActionConfig smart constructor.

Constructors

AuthenticateOidcActionConfig' 

Fields

  • authenticationRequestExtraParams :: Maybe (HashMap Text Text)

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

  • clientSecret :: Maybe Text

    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

  • onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum

    The behavior if the user is not authenticated. The following are possible values:

    • deny - Return an HTTP 401 Unauthorized error.
    • allow - Allow the request to be forwarded to the target.
    • authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.
  • scope :: Maybe Text

    The set of user claims to be requested from the IdP. The default is openid.

    To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

  • sessionCookieName :: Maybe Text

    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

  • sessionTimeout :: Maybe Integer

    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

  • useExistingClientSecret :: Maybe Bool

    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

  • issuer :: Text

    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • authorizationEndpoint :: Text

    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • tokenEndpoint :: Text

    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • userInfoEndpoint :: Text

    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

  • clientId :: Text

    The OAuth 2.0 client identifier.

Instances

Instances details
ToQuery AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

toQuery :: AuthenticateOidcActionConfig -> QueryString #

FromXML AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

parseXML :: [Node] -> Either String AuthenticateOidcActionConfig #

Generic AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Associated Types

type Rep AuthenticateOidcActionConfig :: Type -> Type #

Methods

from :: AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x #

to :: Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig #

Read AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

readsPrec :: Int -> ReadS AuthenticateOidcActionConfig #

readList :: ReadS [AuthenticateOidcActionConfig] #

readPrec :: ReadPrec AuthenticateOidcActionConfig #

readListPrec :: ReadPrec [AuthenticateOidcActionConfig] #

Show AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

showsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS #

show :: AuthenticateOidcActionConfig -> String #

showList :: [AuthenticateOidcActionConfig] -> ShowS #

NFData AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

rnf :: AuthenticateOidcActionConfig -> () #

Eq AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

(==) :: AuthenticateOidcActionConfig -> AuthenticateOidcActionConfig -> Bool #

(/=) :: AuthenticateOidcActionConfig -> AuthenticateOidcActionConfig -> Bool #

Hashable AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

Methods

hashWithSalt :: Int -> AuthenticateOidcActionConfig -> Int #

hash :: AuthenticateOidcActionConfig -> Int #

type Rep AuthenticateOidcActionConfig Source # 
Instance details

Defined in Amazonka.ELBV2.Types.AuthenticateOidcActionConfig

type Rep AuthenticateOidcActionConfig = D1 ('MetaData "AuthenticateOidcActionConfig" "Amazonka.ELBV2.Types.AuthenticateOidcActionConfig" "amazonka-elbv2-2.0-361J9F5fkBoAtGaOoJg8Ev" 'False) (C1 ('MetaCons "AuthenticateOidcActionConfig'" 'PrefixI 'True) (((S1 ('MetaSel ('Just "authenticationRequestExtraParams") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text Text))) :*: (S1 ('MetaSel ('Just "clientSecret") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "onUnauthenticatedRequest") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe AuthenticateOidcActionConditionalBehaviorEnum)))) :*: (S1 ('MetaSel ('Just "scope") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "sessionCookieName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "sessionTimeout") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Integer))))) :*: ((S1 ('MetaSel ('Just "useExistingClientSecret") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :*: (S1 ('MetaSel ('Just "issuer") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "authorizationEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))) :*: (S1 ('MetaSel ('Just "tokenEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "userInfoEndpoint") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "clientId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))))

newAuthenticateOidcActionConfig Source #

Arguments

:: Text

$sel:issuer:AuthenticateOidcActionConfig'

-> Text

$sel:authorizationEndpoint:AuthenticateOidcActionConfig'

-> Text

$sel:tokenEndpoint:AuthenticateOidcActionConfig'

-> Text

$sel:userInfoEndpoint:AuthenticateOidcActionConfig'

-> Text

$sel:clientId:AuthenticateOidcActionConfig'

-> AuthenticateOidcActionConfig 

Create a value of AuthenticateOidcActionConfig with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig', authenticateOidcActionConfig_authenticationRequestExtraParams - The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

$sel:clientSecret:AuthenticateOidcActionConfig', authenticateOidcActionConfig_clientSecret - The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig', authenticateOidcActionConfig_onUnauthenticatedRequest - The behavior if the user is not authenticated. The following are possible values:

  • deny - Return an HTTP 401 Unauthorized error.
  • allow - Allow the request to be forwarded to the target.
  • authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.

$sel:scope:AuthenticateOidcActionConfig', authenticateOidcActionConfig_scope - The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

$sel:sessionCookieName:AuthenticateOidcActionConfig', authenticateOidcActionConfig_sessionCookieName - The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

$sel:sessionTimeout:AuthenticateOidcActionConfig', authenticateOidcActionConfig_sessionTimeout - The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

$sel:useExistingClientSecret:AuthenticateOidcActionConfig', authenticateOidcActionConfig_useExistingClientSecret - Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

$sel:issuer:AuthenticateOidcActionConfig', authenticateOidcActionConfig_issuer - The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:authorizationEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_authorizationEndpoint - The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:tokenEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_tokenEndpoint - The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:userInfoEndpoint:AuthenticateOidcActionConfig', authenticateOidcActionConfig_userInfoEndpoint - The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

$sel:clientId:AuthenticateOidcActionConfig', authenticateOidcActionConfig_clientId - The OAuth 2.0 client identifier.

authenticateOidcActionConfig_authenticationRequestExtraParams :: Lens' AuthenticateOidcActionConfig (Maybe (HashMap Text Text)) Source #

The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

authenticateOidcActionConfig_clientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

authenticateOidcActionConfig_onUnauthenticatedRequest :: Lens' AuthenticateOidcActionConfig (Maybe AuthenticateOidcActionConditionalBehaviorEnum) Source #

The behavior if the user is not authenticated. The following are possible values:

  • deny - Return an HTTP 401 Unauthorized error.
  • allow - Allow the request to be forwarded to the target.
  • authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.

authenticateOidcActionConfig_scope :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The set of user claims to be requested from the IdP. The default is openid.

To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

authenticateOidcActionConfig_sessionCookieName :: Lens' AuthenticateOidcActionConfig (Maybe Text) Source #

The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

authenticateOidcActionConfig_sessionTimeout :: Lens' AuthenticateOidcActionConfig (Maybe Integer) Source #

The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

authenticateOidcActionConfig_useExistingClientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Bool) Source #

Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

authenticateOidcActionConfig_issuer :: Lens' AuthenticateOidcActionConfig Text Source #

The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_authorizationEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_tokenEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_userInfoEndpoint :: Lens' AuthenticateOidcActionConfig Text Source #

The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

authenticateOidcActionConfig_clientId :: Lens' AuthenticateOidcActionConfig Text Source #

The OAuth 2.0 client identifier.