Module Values.AuthenticateOidcActionConfigSource

Request parameters when using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) to authenticate users.

Sourcetype nonrec t = {
  1. issuer : AuthenticateOidcActionIssuer.t;
    (*

    The OIDC issuer identifier of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

    *)
  2. authorizationEndpoint : AuthenticateOidcActionAuthorizationEndpoint.t;
    (*

    The authorization endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

    *)
  3. tokenEndpoint : AuthenticateOidcActionTokenEndpoint.t;
    (*

    The token endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

    *)
  4. userInfoEndpoint : AuthenticateOidcActionUserInfoEndpoint.t;
    (*

    The user info endpoint of the IdP. This must be a full URL, including the HTTPS protocol, the domain, and the path.

    *)
  5. clientId : AuthenticateOidcActionClientId.t;
    (*

    The OAuth 2.0 client identifier.

    *)
  6. clientSecret : AuthenticateOidcActionClientSecret.t option;
    (*

    The OAuth 2.0 client secret. This parameter is required if you are creating a rule. If you are modifying a rule, you can omit this parameter if you set UseExistingClientSecret to true.

    *)
  7. sessionCookieName : AuthenticateOidcActionSessionCookieName.t option;
    (*

    The name of the cookie used to maintain session information. The default is AWSELBAuthSessionCookie.

    *)
  8. scope : AuthenticateOidcActionScope.t option;
    (*

    The set of user claims to be requested from the IdP. The default is openid. To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.

    *)
  9. sessionTimeout : AuthenticateOidcActionSessionTimeout.t option;
    (*

    The maximum duration of the authentication session, in seconds. The default is 604800 seconds (7 days).

    *)
  10. authenticationRequestExtraParams : AuthenticateOidcActionAuthenticationRequestExtraParams.t option;
    (*

    The query parameters (up to 10) to include in the redirect request to the authorization endpoint.

    *)
  11. onUnauthenticatedRequest : AuthenticateOidcActionConditionalBehaviorEnum.t option;
    (*

    The behavior if the user is not authenticated. The following are possible values: deny - Return an HTTP 401 Unauthorized error. allow - Allow the request to be forwarded to the target. authenticate - Redirect the request to the IdP authorization endpoint. This is the default value.

    *)
  12. useExistingClientSecret : AuthenticateOidcActionUseExistingClientSecret.t option;
    (*

    Indicates whether to use the existing client secret when modifying a rule. If you are creating a rule, you can omit this parameter or set it to false.

    *)
}
Sourceval context_ : string
Sourceval make : ?clientSecret:??? -> ?sessionCookieName:??? -> ?scope:??? -> ?sessionTimeout:??? -> ?authenticationRequestExtraParams:??? -> ?onUnauthenticatedRequest:??? -> ?useExistingClientSecret:??? -> issuer:AuthenticateOidcActionIssuer.t -> authorizationEndpoint:AuthenticateOidcActionAuthorizationEndpoint.t -> tokenEndpoint:AuthenticateOidcActionTokenEndpoint.t -> userInfoEndpoint:AuthenticateOidcActionUserInfoEndpoint.t -> clientId:AuthenticateOidcActionClientId.t -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Boolean of AuthenticateOidcActionUseExistingClientSecret.t | `Enum of string | `Long of AuthenticateOidcActionSessionTimeout.t | `Map of ([> `String of AuthenticateOidcActionAuthenticationRequestParamName.t ] * [> `String of AuthenticateOidcActionAuthenticationRequestParamValue.t ]) list | `String of AuthenticateOidcActionIssuer.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t