Module Values.CreateIdentitySourceOutputSource

Adds an identity source to a policy store–an Amazon Cognito user pool or OpenID Connect (OIDC) identity provider (IdP). After you create an identity source, you can use the identities provided by the IdP as proxies for the principal in authorization queries that use the IsAuthorizedWithToken or BatchIsAuthorizedWithToken API operations. These identities take the form of tokens that contain claims about the user, such as IDs, attributes and group memberships. Identity sources provide identity (ID) tokens and access tokens. Verified Permissions derives information about your user and session from token claims. Access tokens provide action context to your policies, and ID tokens provide principal Attributes. Tokens from an identity source user continue to be usable until they expire. Token revocation and resource deletion have no effect on the validity of a token in your policy store To reference a user from this identity source in your Cedar policies, refer to the following syntax examples. Amazon Cognito user pool: Namespace::[Entity type]::[User pool ID]|[user principal attribute], for example MyCorp::User::us-east-1_EXAMPLE|a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. OpenID Connect (OIDC) provider: Namespace::[Entity type]::[entityIdPrefix]|[user principal attribute], for example MyCorp::User::MyOIDCProvider|a1b2c3d4-5678-90ab-cdef-EXAMPLE22222. Verified Permissions is eventually consistent . It can take a few seconds for a new or changed element to propagate through the service and be visible in the results of other Verified Permissions operations.

Sourcetype nonrec t = {
  1. createdDate : TimestampFormat.t option;
    (*

    The date and time the identity source was originally created.

    *)
  2. identitySourceId : IdentitySourceId.t option;
    (*

    The unique ID of the new identity source.

    *)
  3. lastUpdatedDate : TimestampFormat.t option;
    (*

    The date and time the identity source was most recently updated.

    *)
  4. policyStoreId : PolicyStoreId.t option;
    (*

    The ID of the policy store that contains the identity source.

    *)
}
Sourcetype nonrec error = [
  1. | `AccessDeniedException of AccessDeniedException.t
  2. | `ConflictException of ConflictException.t
  3. | `InternalServerException of InternalServerException.t
  4. | `ResourceNotFoundException of ResourceNotFoundException.t
  5. | `ServiceQuotaExceededException of ServiceQuotaExceededException.t
  6. | `ThrottlingException of ThrottlingException.t
  7. | `ValidationException of ValidationException.t
  8. | `Unknown_operation_error of string * string option
]
Sourceval make : ?createdDate:??? -> ?identitySourceId:??? -> ?lastUpdatedDate:??? -> ?policyStoreId:??? -> unit -> t
Sourceval error_of_json : string -> Yojson.Safe.t -> [> `AccessDeniedException of AccessDeniedException.t | `ConflictException of ConflictException.t | `InternalServerException of InternalServerException.t | `ResourceNotFoundException of ResourceNotFoundException.t | `ServiceQuotaExceededException of ServiceQuotaExceededException.t | `ThrottlingException of ThrottlingException.t | `Unknown_operation_error of string * string option | `ValidationException of ValidationException.t ]
Sourceval error_of_xml : string -> Awso.Xml.t -> [> `AccessDeniedException of AccessDeniedException.t | `ConflictException of ConflictException.t | `InternalServerException of InternalServerException.t | `ResourceNotFoundException of ResourceNotFoundException.t | `ServiceQuotaExceededException of ServiceQuotaExceededException.t | `ThrottlingException of ThrottlingException.t | `Unknown_operation_error of string * string option | `ValidationException of ValidationException.t ]
Sourceval error_to_json : error -> Yojson.Safe.t
Sourceval to_value : t -> [> `Structure of (string * [> `String of IdentitySourceId.t | `Timestamp of TimestampFormat.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t