aws-sdk-verifiedpermissions 1.23.0 → 1.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-verifiedpermissions/client.rb +83 -36
- data/lib/aws-sdk-verifiedpermissions/client_api.rb +138 -0
- data/lib/aws-sdk-verifiedpermissions/types.rb +828 -28
- data/lib/aws-sdk-verifiedpermissions.rb +1 -1
- data/sig/client.rbs +36 -0
- data/sig/types.rbs +173 -1
- metadata +2 -2
@@ -500,9 +500,8 @@ module Aws::VerifiedPermissions
|
|
500
500
|
# to an Amazon Cognito user pool used as an identity provider for
|
501
501
|
# Verified Permissions.
|
502
502
|
#
|
503
|
-
# This data type
|
504
|
-
#
|
505
|
-
# [CreateIdentitySource][2].
|
503
|
+
# This data type part of a [Configuration][1] structure that is used as
|
504
|
+
# a parameter to [CreateIdentitySource][2].
|
506
505
|
#
|
507
506
|
# Example:`"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
|
508
507
|
# ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
|
@@ -670,13 +669,6 @@ module Aws::VerifiedPermissions
|
|
670
669
|
# Contains configuration information used when creating a new identity
|
671
670
|
# source.
|
672
671
|
#
|
673
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
674
|
-
# Cognito user pool configuration.
|
675
|
-
#
|
676
|
-
# Specifies a `userPoolArn`, a `groupConfiguration`, and a `ClientId`.
|
677
|
-
#
|
678
|
-
# </note>
|
679
|
-
#
|
680
672
|
# This data type is used as a request parameter for the
|
681
673
|
# [CreateIdentitySource][1] operation.
|
682
674
|
#
|
@@ -702,16 +694,28 @@ module Aws::VerifiedPermissions
|
|
702
694
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
703
695
|
# @return [Types::CognitoUserPoolConfiguration]
|
704
696
|
#
|
697
|
+
# @!attribute [rw] open_id_connect_configuration
|
698
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
699
|
+
# provider, or identity source, that Verified Permissions can use to
|
700
|
+
# generate entities from authenticated identities. It specifies the
|
701
|
+
# issuer URL, token type that you want to use, and policy store entity
|
702
|
+
# details.
|
703
|
+
#
|
704
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
705
|
+
# @return [Types::OpenIdConnectConfiguration]
|
706
|
+
#
|
705
707
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/Configuration AWS API Documentation
|
706
708
|
#
|
707
709
|
class Configuration < Struct.new(
|
708
710
|
:cognito_user_pool_configuration,
|
711
|
+
:open_id_connect_configuration,
|
709
712
|
:unknown)
|
710
713
|
SENSITIVE = []
|
711
714
|
include Aws::Structure
|
712
715
|
include Aws::Structure::Union
|
713
716
|
|
714
717
|
class CognitoUserPoolConfiguration < Configuration; end
|
718
|
+
class OpenIdConnectConfiguration < Configuration; end
|
715
719
|
class Unknown < Configuration; end
|
716
720
|
end
|
717
721
|
|
@@ -743,16 +747,28 @@ module Aws::VerifiedPermissions
|
|
743
747
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
744
748
|
# @return [Types::CognitoUserPoolConfigurationDetail]
|
745
749
|
#
|
750
|
+
# @!attribute [rw] open_id_connect_configuration
|
751
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
752
|
+
# provider, or identity source, that Verified Permissions can use to
|
753
|
+
# generate entities from authenticated identities. It specifies the
|
754
|
+
# issuer URL, token type that you want to use, and policy store entity
|
755
|
+
# details.
|
756
|
+
#
|
757
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
758
|
+
# @return [Types::OpenIdConnectConfigurationDetail]
|
759
|
+
#
|
746
760
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationDetail AWS API Documentation
|
747
761
|
#
|
748
762
|
class ConfigurationDetail < Struct.new(
|
749
763
|
:cognito_user_pool_configuration,
|
764
|
+
:open_id_connect_configuration,
|
750
765
|
:unknown)
|
751
766
|
SENSITIVE = []
|
752
767
|
include Aws::Structure
|
753
768
|
include Aws::Structure::Union
|
754
769
|
|
755
770
|
class CognitoUserPoolConfiguration < ConfigurationDetail; end
|
771
|
+
class OpenIdConnectConfiguration < ConfigurationDetail; end
|
756
772
|
class Unknown < ConfigurationDetail; end
|
757
773
|
end
|
758
774
|
|
@@ -784,16 +800,28 @@ module Aws::VerifiedPermissions
|
|
784
800
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
785
801
|
# @return [Types::CognitoUserPoolConfigurationItem]
|
786
802
|
#
|
803
|
+
# @!attribute [rw] open_id_connect_configuration
|
804
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
805
|
+
# provider, or identity source, that Verified Permissions can use to
|
806
|
+
# generate entities from authenticated identities. It specifies the
|
807
|
+
# issuer URL, token type that you want to use, and policy store entity
|
808
|
+
# details.
|
809
|
+
#
|
810
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
811
|
+
# @return [Types::OpenIdConnectConfigurationItem]
|
812
|
+
#
|
787
813
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationItem AWS API Documentation
|
788
814
|
#
|
789
815
|
class ConfigurationItem < Struct.new(
|
790
816
|
:cognito_user_pool_configuration,
|
817
|
+
:open_id_connect_configuration,
|
791
818
|
:unknown)
|
792
819
|
SENSITIVE = []
|
793
820
|
include Aws::Structure
|
794
821
|
include Aws::Structure::Union
|
795
822
|
|
796
823
|
class CognitoUserPoolConfiguration < ConfigurationItem; end
|
824
|
+
class OpenIdConnectConfiguration < ConfigurationItem; end
|
797
825
|
class Unknown < ConfigurationItem; end
|
798
826
|
end
|
799
827
|
|
@@ -851,7 +879,7 @@ module Aws::VerifiedPermissions
|
|
851
879
|
class ContextDefinition < Struct.new(
|
852
880
|
:context_map,
|
853
881
|
:unknown)
|
854
|
-
SENSITIVE = []
|
882
|
+
SENSITIVE = [:context_map]
|
855
883
|
include Aws::Structure
|
856
884
|
include Aws::Structure::Union
|
857
885
|
|
@@ -897,13 +925,6 @@ module Aws::VerifiedPermissions
|
|
897
925
|
# @!attribute [rw] configuration
|
898
926
|
# Specifies the details required to communicate with the identity
|
899
927
|
# provider (IdP) associated with this identity source.
|
900
|
-
#
|
901
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
902
|
-
# Cognito user pool configuration.
|
903
|
-
#
|
904
|
-
# You must specify a `UserPoolArn`, and optionally, a `ClientId`.
|
905
|
-
#
|
906
|
-
# </note>
|
907
928
|
# @return [Types::Configuration]
|
908
929
|
#
|
909
930
|
# @!attribute [rw] principal_entity_type
|
@@ -1430,7 +1451,15 @@ module Aws::VerifiedPermissions
|
|
1430
1451
|
# @return [Hash<String,Types::AttributeValue>]
|
1431
1452
|
#
|
1432
1453
|
# @!attribute [rw] parents
|
1433
|
-
# The
|
1454
|
+
# The parent entities in the hierarchy that contains the entity. A
|
1455
|
+
# principal or resource entity can be defined with at most 99
|
1456
|
+
# *transitive parents* per authorization request.
|
1457
|
+
#
|
1458
|
+
# A transitive parent is an entity in the hierarchy of entities
|
1459
|
+
# including all direct parents, and parents of parents. For example, a
|
1460
|
+
# user can be a member of 91 groups if one of those groups is a member
|
1461
|
+
# of eight groups, for a total of 100: one entity, 91 entity parents,
|
1462
|
+
# and eight parents of parents.
|
1434
1463
|
# @return [Array<Types::EntityIdentifier>]
|
1435
1464
|
#
|
1436
1465
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/EntityItem AWS API Documentation
|
@@ -2437,6 +2466,582 @@ module Aws::VerifiedPermissions
|
|
2437
2466
|
include Aws::Structure
|
2438
2467
|
end
|
2439
2468
|
|
2469
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2470
|
+
# handling access token claims. Contains the claim that you want to
|
2471
|
+
# identify as the principal in an authorization request, and the values
|
2472
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2473
|
+
#
|
2474
|
+
# This data type is part of a [OpenIdConnectTokenSelection][1]
|
2475
|
+
# structure, which is a parameter of [CreateIdentitySource][2].
|
2476
|
+
#
|
2477
|
+
#
|
2478
|
+
#
|
2479
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html
|
2480
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2481
|
+
#
|
2482
|
+
# @!attribute [rw] principal_id_claim
|
2483
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2484
|
+
# example, `sub`.
|
2485
|
+
# @return [String]
|
2486
|
+
#
|
2487
|
+
# @!attribute [rw] audiences
|
2488
|
+
# The access token `aud` claim values that you want to accept in your
|
2489
|
+
# policy store. For example, `https://myapp.example.com,
|
2490
|
+
# https://myapp2.example.com`.
|
2491
|
+
# @return [Array<String>]
|
2492
|
+
#
|
2493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfiguration AWS API Documentation
|
2494
|
+
#
|
2495
|
+
class OpenIdConnectAccessTokenConfiguration < Struct.new(
|
2496
|
+
:principal_id_claim,
|
2497
|
+
:audiences)
|
2498
|
+
SENSITIVE = [:principal_id_claim]
|
2499
|
+
include Aws::Structure
|
2500
|
+
end
|
2501
|
+
|
2502
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2503
|
+
# handling access token claims. Contains the claim that you want to
|
2504
|
+
# identify as the principal in an authorization request, and the values
|
2505
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2506
|
+
#
|
2507
|
+
# This data type is part of a [OpenIdConnectTokenSelectionDetail][1]
|
2508
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2509
|
+
#
|
2510
|
+
#
|
2511
|
+
#
|
2512
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html
|
2513
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2514
|
+
#
|
2515
|
+
# @!attribute [rw] principal_id_claim
|
2516
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2517
|
+
# example, `sub`.
|
2518
|
+
# @return [String]
|
2519
|
+
#
|
2520
|
+
# @!attribute [rw] audiences
|
2521
|
+
# The access token `aud` claim values that you want to accept in your
|
2522
|
+
# policy store. For example, `https://myapp.example.com,
|
2523
|
+
# https://myapp2.example.com`.
|
2524
|
+
# @return [Array<String>]
|
2525
|
+
#
|
2526
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfigurationDetail AWS API Documentation
|
2527
|
+
#
|
2528
|
+
class OpenIdConnectAccessTokenConfigurationDetail < Struct.new(
|
2529
|
+
:principal_id_claim,
|
2530
|
+
:audiences)
|
2531
|
+
SENSITIVE = [:principal_id_claim]
|
2532
|
+
include Aws::Structure
|
2533
|
+
end
|
2534
|
+
|
2535
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2536
|
+
# handling access token claims. Contains the claim that you want to
|
2537
|
+
# identify as the principal in an authorization request, and the values
|
2538
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2539
|
+
#
|
2540
|
+
# This data type is part of a [OpenIdConnectTokenSelectionItem][1]
|
2541
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
2542
|
+
#
|
2543
|
+
#
|
2544
|
+
#
|
2545
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html
|
2546
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2547
|
+
#
|
2548
|
+
# @!attribute [rw] principal_id_claim
|
2549
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2550
|
+
# example, `sub`.
|
2551
|
+
# @return [String]
|
2552
|
+
#
|
2553
|
+
# @!attribute [rw] audiences
|
2554
|
+
# The access token `aud` claim values that you want to accept in your
|
2555
|
+
# policy store. For example, `https://myapp.example.com,
|
2556
|
+
# https://myapp2.example.com`.
|
2557
|
+
# @return [Array<String>]
|
2558
|
+
#
|
2559
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfigurationItem AWS API Documentation
|
2560
|
+
#
|
2561
|
+
class OpenIdConnectAccessTokenConfigurationItem < Struct.new(
|
2562
|
+
:principal_id_claim,
|
2563
|
+
:audiences)
|
2564
|
+
SENSITIVE = [:principal_id_claim]
|
2565
|
+
include Aws::Structure
|
2566
|
+
end
|
2567
|
+
|
2568
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2569
|
+
# provider, or identity source, that Verified Permissions can use to
|
2570
|
+
# generate entities from authenticated identities. It specifies the
|
2571
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2572
|
+
# details.
|
2573
|
+
#
|
2574
|
+
# This data type is part of a [Configuration][1] structure, which is a
|
2575
|
+
# parameter to [CreateIdentitySource][2].
|
2576
|
+
#
|
2577
|
+
#
|
2578
|
+
#
|
2579
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html
|
2580
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2581
|
+
#
|
2582
|
+
# @!attribute [rw] issuer
|
2583
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2584
|
+
# OIDC discovery endpoint at the path
|
2585
|
+
# `.well-known/openid-configuration`.
|
2586
|
+
# @return [String]
|
2587
|
+
#
|
2588
|
+
# @!attribute [rw] entity_id_prefix
|
2589
|
+
# A descriptive string that you want to prefix to user entities from
|
2590
|
+
# your OIDC identity provider. For example, if you set an
|
2591
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2592
|
+
# in your policies in the format
|
2593
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2594
|
+
# @return [String]
|
2595
|
+
#
|
2596
|
+
# @!attribute [rw] group_configuration
|
2597
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2598
|
+
# group membership, and the entity type that you want to map it to.
|
2599
|
+
# For example, this object can map the contents of a `groups` claim to
|
2600
|
+
# `MyCorp::UserGroup`.
|
2601
|
+
# @return [Types::OpenIdConnectGroupConfiguration]
|
2602
|
+
#
|
2603
|
+
# @!attribute [rw] token_selection
|
2604
|
+
# The token type that you want to process from your OIDC identity
|
2605
|
+
# provider. Your policy store can process either identity (ID) or
|
2606
|
+
# access tokens from a given OIDC identity source.
|
2607
|
+
# @return [Types::OpenIdConnectTokenSelection]
|
2608
|
+
#
|
2609
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfiguration AWS API Documentation
|
2610
|
+
#
|
2611
|
+
class OpenIdConnectConfiguration < Struct.new(
|
2612
|
+
:issuer,
|
2613
|
+
:entity_id_prefix,
|
2614
|
+
:group_configuration,
|
2615
|
+
:token_selection)
|
2616
|
+
SENSITIVE = [:entity_id_prefix]
|
2617
|
+
include Aws::Structure
|
2618
|
+
end
|
2619
|
+
|
2620
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2621
|
+
# provider, or identity source, that Verified Permissions can use to
|
2622
|
+
# generate entities from authenticated identities. It specifies the
|
2623
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2624
|
+
# details.
|
2625
|
+
#
|
2626
|
+
# This data type is part of a [ConfigurationDetail][1] structure, which
|
2627
|
+
# is a parameter to [GetIdentitySource][2].
|
2628
|
+
#
|
2629
|
+
#
|
2630
|
+
#
|
2631
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
|
2632
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2633
|
+
#
|
2634
|
+
# @!attribute [rw] issuer
|
2635
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2636
|
+
# OIDC discovery endpoint at the path
|
2637
|
+
# `.well-known/openid-configuration`.
|
2638
|
+
# @return [String]
|
2639
|
+
#
|
2640
|
+
# @!attribute [rw] entity_id_prefix
|
2641
|
+
# A descriptive string that you want to prefix to user entities from
|
2642
|
+
# your OIDC identity provider. For example, if you set an
|
2643
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2644
|
+
# in your policies in the format
|
2645
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2646
|
+
# @return [String]
|
2647
|
+
#
|
2648
|
+
# @!attribute [rw] group_configuration
|
2649
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2650
|
+
# group membership, and the entity type that you want to map it to.
|
2651
|
+
# For example, this object can map the contents of a `groups` claim to
|
2652
|
+
# `MyCorp::UserGroup`.
|
2653
|
+
# @return [Types::OpenIdConnectGroupConfigurationDetail]
|
2654
|
+
#
|
2655
|
+
# @!attribute [rw] token_selection
|
2656
|
+
# The token type that you want to process from your OIDC identity
|
2657
|
+
# provider. Your policy store can process either identity (ID) or
|
2658
|
+
# access tokens from a given OIDC identity source.
|
2659
|
+
# @return [Types::OpenIdConnectTokenSelectionDetail]
|
2660
|
+
#
|
2661
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfigurationDetail AWS API Documentation
|
2662
|
+
#
|
2663
|
+
class OpenIdConnectConfigurationDetail < Struct.new(
|
2664
|
+
:issuer,
|
2665
|
+
:entity_id_prefix,
|
2666
|
+
:group_configuration,
|
2667
|
+
:token_selection)
|
2668
|
+
SENSITIVE = [:entity_id_prefix]
|
2669
|
+
include Aws::Structure
|
2670
|
+
end
|
2671
|
+
|
2672
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2673
|
+
# provider, or identity source, that Verified Permissions can use to
|
2674
|
+
# generate entities from authenticated identities. It specifies the
|
2675
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2676
|
+
# details.
|
2677
|
+
#
|
2678
|
+
# This data type is part of a [ConfigurationItem][1] structure, which is
|
2679
|
+
# a parameter to [ListIdentitySources][2].
|
2680
|
+
#
|
2681
|
+
#
|
2682
|
+
#
|
2683
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
|
2684
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2685
|
+
#
|
2686
|
+
# @!attribute [rw] issuer
|
2687
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2688
|
+
# OIDC discovery endpoint at the path
|
2689
|
+
# `.well-known/openid-configuration`.
|
2690
|
+
# @return [String]
|
2691
|
+
#
|
2692
|
+
# @!attribute [rw] entity_id_prefix
|
2693
|
+
# A descriptive string that you want to prefix to user entities from
|
2694
|
+
# your OIDC identity provider. For example, if you set an
|
2695
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2696
|
+
# in your policies in the format
|
2697
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2698
|
+
# @return [String]
|
2699
|
+
#
|
2700
|
+
# @!attribute [rw] group_configuration
|
2701
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2702
|
+
# group membership, and the entity type that you want to map it to.
|
2703
|
+
# For example, this object can map the contents of a `groups` claim to
|
2704
|
+
# `MyCorp::UserGroup`.
|
2705
|
+
# @return [Types::OpenIdConnectGroupConfigurationItem]
|
2706
|
+
#
|
2707
|
+
# @!attribute [rw] token_selection
|
2708
|
+
# The token type that you want to process from your OIDC identity
|
2709
|
+
# provider. Your policy store can process either identity (ID) or
|
2710
|
+
# access tokens from a given OIDC identity source.
|
2711
|
+
# @return [Types::OpenIdConnectTokenSelectionItem]
|
2712
|
+
#
|
2713
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfigurationItem AWS API Documentation
|
2714
|
+
#
|
2715
|
+
class OpenIdConnectConfigurationItem < Struct.new(
|
2716
|
+
:issuer,
|
2717
|
+
:entity_id_prefix,
|
2718
|
+
:group_configuration,
|
2719
|
+
:token_selection)
|
2720
|
+
SENSITIVE = [:entity_id_prefix]
|
2721
|
+
include Aws::Structure
|
2722
|
+
end
|
2723
|
+
|
2724
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2725
|
+
# group membership, and the entity type that you want to map it to. For
|
2726
|
+
# example, this object can map the contents of a `groups` claim to
|
2727
|
+
# `MyCorp::UserGroup`.
|
2728
|
+
#
|
2729
|
+
# This data type is part of a [OpenIdConnectConfiguration][1] structure,
|
2730
|
+
# which is a parameter of [CreateIdentitySource][2].
|
2731
|
+
#
|
2732
|
+
#
|
2733
|
+
#
|
2734
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html
|
2735
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2736
|
+
#
|
2737
|
+
# @!attribute [rw] group_claim
|
2738
|
+
# The token claim that you want Verified Permissions to interpret as
|
2739
|
+
# group membership. For example, `groups`.
|
2740
|
+
# @return [String]
|
2741
|
+
#
|
2742
|
+
# @!attribute [rw] group_entity_type
|
2743
|
+
# The policy store entity type that you want to map your users' group
|
2744
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2745
|
+
# an entity that can have a user entity type as a member.
|
2746
|
+
# @return [String]
|
2747
|
+
#
|
2748
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfiguration AWS API Documentation
|
2749
|
+
#
|
2750
|
+
class OpenIdConnectGroupConfiguration < Struct.new(
|
2751
|
+
:group_claim,
|
2752
|
+
:group_entity_type)
|
2753
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2754
|
+
include Aws::Structure
|
2755
|
+
end
|
2756
|
+
|
2757
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2758
|
+
# group membership, and the entity type that you want to map it to. For
|
2759
|
+
# example, this object can map the contents of a `groups` claim to
|
2760
|
+
# `MyCorp::UserGroup`.
|
2761
|
+
#
|
2762
|
+
# This data type is part of a [OpenIdConnectConfigurationDetail][1]
|
2763
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2764
|
+
#
|
2765
|
+
#
|
2766
|
+
#
|
2767
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html
|
2768
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2769
|
+
#
|
2770
|
+
# @!attribute [rw] group_claim
|
2771
|
+
# The token claim that you want Verified Permissions to interpret as
|
2772
|
+
# group membership. For example, `groups`.
|
2773
|
+
# @return [String]
|
2774
|
+
#
|
2775
|
+
# @!attribute [rw] group_entity_type
|
2776
|
+
# The policy store entity type that you want to map your users' group
|
2777
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2778
|
+
# an entity that can have a user entity type as a member.
|
2779
|
+
# @return [String]
|
2780
|
+
#
|
2781
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfigurationDetail AWS API Documentation
|
2782
|
+
#
|
2783
|
+
class OpenIdConnectGroupConfigurationDetail < Struct.new(
|
2784
|
+
:group_claim,
|
2785
|
+
:group_entity_type)
|
2786
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2787
|
+
include Aws::Structure
|
2788
|
+
end
|
2789
|
+
|
2790
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2791
|
+
# group membership, and the entity type that you want to map it to. For
|
2792
|
+
# example, this object can map the contents of a `groups` claim to
|
2793
|
+
# `MyCorp::UserGroup`.
|
2794
|
+
#
|
2795
|
+
# This data type is part of a [OpenIdConnectConfigurationItem][1]
|
2796
|
+
# structure, which is a parameter of [ListIdentitySourcea][2].
|
2797
|
+
#
|
2798
|
+
#
|
2799
|
+
#
|
2800
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html
|
2801
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2802
|
+
#
|
2803
|
+
# @!attribute [rw] group_claim
|
2804
|
+
# The token claim that you want Verified Permissions to interpret as
|
2805
|
+
# group membership. For example, `groups`.
|
2806
|
+
# @return [String]
|
2807
|
+
#
|
2808
|
+
# @!attribute [rw] group_entity_type
|
2809
|
+
# The policy store entity type that you want to map your users' group
|
2810
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2811
|
+
# an entity that can have a user entity type as a member.
|
2812
|
+
# @return [String]
|
2813
|
+
#
|
2814
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfigurationItem AWS API Documentation
|
2815
|
+
#
|
2816
|
+
class OpenIdConnectGroupConfigurationItem < Struct.new(
|
2817
|
+
:group_claim,
|
2818
|
+
:group_entity_type)
|
2819
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2820
|
+
include Aws::Structure
|
2821
|
+
end
|
2822
|
+
|
2823
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2824
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2825
|
+
# to identify as the principal in an authorization request, and the
|
2826
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2827
|
+
#
|
2828
|
+
# This data type is part of a [OpenIdConnectTokenSelection][1]
|
2829
|
+
# structure, which is a parameter of [CreateIdentitySource][2].
|
2830
|
+
#
|
2831
|
+
#
|
2832
|
+
#
|
2833
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html
|
2834
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2835
|
+
#
|
2836
|
+
# @!attribute [rw] principal_id_claim
|
2837
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2838
|
+
# example, `sub`.
|
2839
|
+
# @return [String]
|
2840
|
+
#
|
2841
|
+
# @!attribute [rw] client_ids
|
2842
|
+
# The ID token audience, or client ID, claim values that you want to
|
2843
|
+
# accept in your policy store from an OIDC identity provider. For
|
2844
|
+
# example, `1example23456789, 2example10111213`.
|
2845
|
+
# @return [Array<String>]
|
2846
|
+
#
|
2847
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfiguration AWS API Documentation
|
2848
|
+
#
|
2849
|
+
class OpenIdConnectIdentityTokenConfiguration < Struct.new(
|
2850
|
+
:principal_id_claim,
|
2851
|
+
:client_ids)
|
2852
|
+
SENSITIVE = [:principal_id_claim]
|
2853
|
+
include Aws::Structure
|
2854
|
+
end
|
2855
|
+
|
2856
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2857
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2858
|
+
# to identify as the principal in an authorization request, and the
|
2859
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2860
|
+
#
|
2861
|
+
# This data type is part of a [OpenIdConnectTokenSelectionDetail][1]
|
2862
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2863
|
+
#
|
2864
|
+
#
|
2865
|
+
#
|
2866
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html
|
2867
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2868
|
+
#
|
2869
|
+
# @!attribute [rw] principal_id_claim
|
2870
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2871
|
+
# example, `sub`.
|
2872
|
+
# @return [String]
|
2873
|
+
#
|
2874
|
+
# @!attribute [rw] client_ids
|
2875
|
+
# The ID token audience, or client ID, claim values that you want to
|
2876
|
+
# accept in your policy store from an OIDC identity provider. For
|
2877
|
+
# example, `1example23456789, 2example10111213`.
|
2878
|
+
# @return [Array<String>]
|
2879
|
+
#
|
2880
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfigurationDetail AWS API Documentation
|
2881
|
+
#
|
2882
|
+
class OpenIdConnectIdentityTokenConfigurationDetail < Struct.new(
|
2883
|
+
:principal_id_claim,
|
2884
|
+
:client_ids)
|
2885
|
+
SENSITIVE = [:principal_id_claim]
|
2886
|
+
include Aws::Structure
|
2887
|
+
end
|
2888
|
+
|
2889
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2890
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2891
|
+
# to identify as the principal in an authorization request, and the
|
2892
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2893
|
+
#
|
2894
|
+
# This data type is part of a [OpenIdConnectTokenSelectionItem][1]
|
2895
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
2896
|
+
#
|
2897
|
+
#
|
2898
|
+
#
|
2899
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html
|
2900
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2901
|
+
#
|
2902
|
+
# @!attribute [rw] principal_id_claim
|
2903
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2904
|
+
# example, `sub`.
|
2905
|
+
# @return [String]
|
2906
|
+
#
|
2907
|
+
# @!attribute [rw] client_ids
|
2908
|
+
# The ID token audience, or client ID, claim values that you want to
|
2909
|
+
# accept in your policy store from an OIDC identity provider. For
|
2910
|
+
# example, `1example23456789, 2example10111213`.
|
2911
|
+
# @return [Array<String>]
|
2912
|
+
#
|
2913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfigurationItem AWS API Documentation
|
2914
|
+
#
|
2915
|
+
class OpenIdConnectIdentityTokenConfigurationItem < Struct.new(
|
2916
|
+
:principal_id_claim,
|
2917
|
+
:client_ids)
|
2918
|
+
SENSITIVE = [:principal_id_claim]
|
2919
|
+
include Aws::Structure
|
2920
|
+
end
|
2921
|
+
|
2922
|
+
# The token type that you want to process from your OIDC identity
|
2923
|
+
# provider. Your policy store can process either identity (ID) or access
|
2924
|
+
# tokens from a given OIDC identity source.
|
2925
|
+
#
|
2926
|
+
# This data type is part of a [OpenIdConnectConfiguration][1] structure,
|
2927
|
+
# which is a parameter of [CreateIdentitySource][2].
|
2928
|
+
#
|
2929
|
+
#
|
2930
|
+
#
|
2931
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html
|
2932
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2933
|
+
#
|
2934
|
+
# @note OpenIdConnectTokenSelection is a union - when making an API calls you must set exactly one of the members.
|
2935
|
+
#
|
2936
|
+
# @!attribute [rw] access_token_only
|
2937
|
+
# The OIDC configuration for processing access tokens. Contains
|
2938
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
2939
|
+
# the claim that you want to map to the principal, for example `sub`.
|
2940
|
+
# @return [Types::OpenIdConnectAccessTokenConfiguration]
|
2941
|
+
#
|
2942
|
+
# @!attribute [rw] identity_token_only
|
2943
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
2944
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
2945
|
+
# claim that you want to map to the principal, for example `sub`.
|
2946
|
+
# @return [Types::OpenIdConnectIdentityTokenConfiguration]
|
2947
|
+
#
|
2948
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelection AWS API Documentation
|
2949
|
+
#
|
2950
|
+
class OpenIdConnectTokenSelection < Struct.new(
|
2951
|
+
:access_token_only,
|
2952
|
+
:identity_token_only,
|
2953
|
+
:unknown)
|
2954
|
+
SENSITIVE = []
|
2955
|
+
include Aws::Structure
|
2956
|
+
include Aws::Structure::Union
|
2957
|
+
|
2958
|
+
class AccessTokenOnly < OpenIdConnectTokenSelection; end
|
2959
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelection; end
|
2960
|
+
class Unknown < OpenIdConnectTokenSelection; end
|
2961
|
+
end
|
2962
|
+
|
2963
|
+
# The token type that you want to process from your OIDC identity
|
2964
|
+
# provider. Your policy store can process either identity (ID) or access
|
2965
|
+
# tokens from a given OIDC identity source.
|
2966
|
+
#
|
2967
|
+
# This data type is part of a [OpenIdConnectConfigurationDetail][1]
|
2968
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2969
|
+
#
|
2970
|
+
#
|
2971
|
+
#
|
2972
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html
|
2973
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2974
|
+
#
|
2975
|
+
# @note OpenIdConnectTokenSelectionDetail is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of OpenIdConnectTokenSelectionDetail corresponding to the set member.
|
2976
|
+
#
|
2977
|
+
# @!attribute [rw] access_token_only
|
2978
|
+
# The OIDC configuration for processing access tokens. Contains
|
2979
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
2980
|
+
# the claim that you want to map to the principal, for example `sub`.
|
2981
|
+
# @return [Types::OpenIdConnectAccessTokenConfigurationDetail]
|
2982
|
+
#
|
2983
|
+
# @!attribute [rw] identity_token_only
|
2984
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
2985
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
2986
|
+
# claim that you want to map to the principal, for example `sub`.
|
2987
|
+
# @return [Types::OpenIdConnectIdentityTokenConfigurationDetail]
|
2988
|
+
#
|
2989
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelectionDetail AWS API Documentation
|
2990
|
+
#
|
2991
|
+
class OpenIdConnectTokenSelectionDetail < Struct.new(
|
2992
|
+
:access_token_only,
|
2993
|
+
:identity_token_only,
|
2994
|
+
:unknown)
|
2995
|
+
SENSITIVE = []
|
2996
|
+
include Aws::Structure
|
2997
|
+
include Aws::Structure::Union
|
2998
|
+
|
2999
|
+
class AccessTokenOnly < OpenIdConnectTokenSelectionDetail; end
|
3000
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelectionDetail; end
|
3001
|
+
class Unknown < OpenIdConnectTokenSelectionDetail; end
|
3002
|
+
end
|
3003
|
+
|
3004
|
+
# The token type that you want to process from your OIDC identity
|
3005
|
+
# provider. Your policy store can process either identity (ID) or access
|
3006
|
+
# tokens from a given OIDC identity source.
|
3007
|
+
#
|
3008
|
+
# This data type is part of a [OpenIdConnectConfigurationItem][1]
|
3009
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
3010
|
+
#
|
3011
|
+
#
|
3012
|
+
#
|
3013
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html
|
3014
|
+
# [2]: http://amazonaws.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
3015
|
+
#
|
3016
|
+
# @note OpenIdConnectTokenSelectionItem is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of OpenIdConnectTokenSelectionItem corresponding to the set member.
|
3017
|
+
#
|
3018
|
+
# @!attribute [rw] access_token_only
|
3019
|
+
# The OIDC configuration for processing access tokens. Contains
|
3020
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
3021
|
+
# the claim that you want to map to the principal, for example `sub`.
|
3022
|
+
# @return [Types::OpenIdConnectAccessTokenConfigurationItem]
|
3023
|
+
#
|
3024
|
+
# @!attribute [rw] identity_token_only
|
3025
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
3026
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
3027
|
+
# claim that you want to map to the principal, for example `sub`.
|
3028
|
+
# @return [Types::OpenIdConnectIdentityTokenConfigurationItem]
|
3029
|
+
#
|
3030
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelectionItem AWS API Documentation
|
3031
|
+
#
|
3032
|
+
class OpenIdConnectTokenSelectionItem < Struct.new(
|
3033
|
+
:access_token_only,
|
3034
|
+
:identity_token_only,
|
3035
|
+
:unknown)
|
3036
|
+
SENSITIVE = []
|
3037
|
+
include Aws::Structure
|
3038
|
+
include Aws::Structure::Union
|
3039
|
+
|
3040
|
+
class AccessTokenOnly < OpenIdConnectTokenSelectionItem; end
|
3041
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelectionItem; end
|
3042
|
+
class Unknown < OpenIdConnectTokenSelectionItem; end
|
3043
|
+
end
|
3044
|
+
|
2440
3045
|
# A structure that contains the details for a Cedar policy definition.
|
2441
3046
|
# It includes the policy type, a description, and a policy body. This is
|
2442
3047
|
# a top level data type used to create a policy.
|
@@ -3162,15 +3767,8 @@ module Aws::VerifiedPermissions
|
|
3162
3767
|
include Aws::Structure
|
3163
3768
|
end
|
3164
3769
|
|
3165
|
-
# Contains an
|
3166
|
-
#
|
3167
|
-
#
|
3168
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
3169
|
-
# Cognito user pool configuration.
|
3170
|
-
#
|
3171
|
-
# You must specify a `userPoolArn`, and optionally, a `ClientId`.
|
3172
|
-
#
|
3173
|
-
# </note>
|
3770
|
+
# Contains an update to replace the configuration in an existing
|
3771
|
+
# identity source.
|
3174
3772
|
#
|
3175
3773
|
# @note UpdateConfiguration is a union - when making an API calls you must set exactly one of the members.
|
3176
3774
|
#
|
@@ -3178,16 +3776,26 @@ module Aws::VerifiedPermissions
|
|
3178
3776
|
# Contains configuration details of a Amazon Cognito user pool.
|
3179
3777
|
# @return [Types::UpdateCognitoUserPoolConfiguration]
|
3180
3778
|
#
|
3779
|
+
# @!attribute [rw] open_id_connect_configuration
|
3780
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
3781
|
+
# provider, or identity source, that Verified Permissions can use to
|
3782
|
+
# generate entities from authenticated identities. It specifies the
|
3783
|
+
# issuer URL, token type that you want to use, and policy store entity
|
3784
|
+
# details.
|
3785
|
+
# @return [Types::UpdateOpenIdConnectConfiguration]
|
3786
|
+
#
|
3181
3787
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateConfiguration AWS API Documentation
|
3182
3788
|
#
|
3183
3789
|
class UpdateConfiguration < Struct.new(
|
3184
3790
|
:cognito_user_pool_configuration,
|
3791
|
+
:open_id_connect_configuration,
|
3185
3792
|
:unknown)
|
3186
3793
|
SENSITIVE = []
|
3187
3794
|
include Aws::Structure
|
3188
3795
|
include Aws::Structure::Union
|
3189
3796
|
|
3190
3797
|
class CognitoUserPoolConfiguration < UpdateConfiguration; end
|
3798
|
+
class OpenIdConnectConfiguration < UpdateConfiguration; end
|
3191
3799
|
class Unknown < UpdateConfiguration; end
|
3192
3800
|
end
|
3193
3801
|
|
@@ -3258,6 +3866,198 @@ module Aws::VerifiedPermissions
|
|
3258
3866
|
include Aws::Structure
|
3259
3867
|
end
|
3260
3868
|
|
3869
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
3870
|
+
# handling access token claims. Contains the claim that you want to
|
3871
|
+
# identify as the principal in an authorization request, and the values
|
3872
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
3873
|
+
#
|
3874
|
+
# This data type is part of a [UpdateOpenIdConnectTokenSelection][1]
|
3875
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3876
|
+
#
|
3877
|
+
#
|
3878
|
+
#
|
3879
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html
|
3880
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3881
|
+
#
|
3882
|
+
# @!attribute [rw] principal_id_claim
|
3883
|
+
# The claim that determines the principal in OIDC access tokens. For
|
3884
|
+
# example, `sub`.
|
3885
|
+
# @return [String]
|
3886
|
+
#
|
3887
|
+
# @!attribute [rw] audiences
|
3888
|
+
# The access token `aud` claim values that you want to accept in your
|
3889
|
+
# policy store. For example, `https://myapp.example.com,
|
3890
|
+
# https://myapp2.example.com`.
|
3891
|
+
# @return [Array<String>]
|
3892
|
+
#
|
3893
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectAccessTokenConfiguration AWS API Documentation
|
3894
|
+
#
|
3895
|
+
class UpdateOpenIdConnectAccessTokenConfiguration < Struct.new(
|
3896
|
+
:principal_id_claim,
|
3897
|
+
:audiences)
|
3898
|
+
SENSITIVE = [:principal_id_claim]
|
3899
|
+
include Aws::Structure
|
3900
|
+
end
|
3901
|
+
|
3902
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
3903
|
+
# provider, or identity source, that Verified Permissions can use to
|
3904
|
+
# generate entities from authenticated identities. It specifies the
|
3905
|
+
# issuer URL, token type that you want to use, and policy store entity
|
3906
|
+
# details.
|
3907
|
+
#
|
3908
|
+
# This data type is part of a [UpdateConfiguration][1] structure, which
|
3909
|
+
# is a parameter to [UpdateIdentitySource][2].
|
3910
|
+
#
|
3911
|
+
#
|
3912
|
+
#
|
3913
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html
|
3914
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3915
|
+
#
|
3916
|
+
# @!attribute [rw] issuer
|
3917
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
3918
|
+
# OIDC discovery endpoint at the path
|
3919
|
+
# `.well-known/openid-configuration`.
|
3920
|
+
# @return [String]
|
3921
|
+
#
|
3922
|
+
# @!attribute [rw] entity_id_prefix
|
3923
|
+
# A descriptive string that you want to prefix to user entities from
|
3924
|
+
# your OIDC identity provider. For example, if you set an
|
3925
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
3926
|
+
# in your policies in the format
|
3927
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
3928
|
+
# @return [String]
|
3929
|
+
#
|
3930
|
+
# @!attribute [rw] group_configuration
|
3931
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
3932
|
+
# group membership, and the entity type that you want to map it to.
|
3933
|
+
# For example, this object can map the contents of a `groups` claim to
|
3934
|
+
# `MyCorp::UserGroup`.
|
3935
|
+
# @return [Types::UpdateOpenIdConnectGroupConfiguration]
|
3936
|
+
#
|
3937
|
+
# @!attribute [rw] token_selection
|
3938
|
+
# The token type that you want to process from your OIDC identity
|
3939
|
+
# provider. Your policy store can process either identity (ID) or
|
3940
|
+
# access tokens from a given OIDC identity source.
|
3941
|
+
# @return [Types::UpdateOpenIdConnectTokenSelection]
|
3942
|
+
#
|
3943
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectConfiguration AWS API Documentation
|
3944
|
+
#
|
3945
|
+
class UpdateOpenIdConnectConfiguration < Struct.new(
|
3946
|
+
:issuer,
|
3947
|
+
:entity_id_prefix,
|
3948
|
+
:group_configuration,
|
3949
|
+
:token_selection)
|
3950
|
+
SENSITIVE = [:entity_id_prefix]
|
3951
|
+
include Aws::Structure
|
3952
|
+
end
|
3953
|
+
|
3954
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
3955
|
+
# group membership, and the entity type that you want to map it to. For
|
3956
|
+
# example, this object can map the contents of a `groups` claim to
|
3957
|
+
# `MyCorp::UserGroup`.
|
3958
|
+
#
|
3959
|
+
# This data type is part of a [UpdateOpenIdConnectConfiguration][1]
|
3960
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3961
|
+
#
|
3962
|
+
#
|
3963
|
+
#
|
3964
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html
|
3965
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3966
|
+
#
|
3967
|
+
# @!attribute [rw] group_claim
|
3968
|
+
# The token claim that you want Verified Permissions to interpret as
|
3969
|
+
# group membership. For example, `groups`.
|
3970
|
+
# @return [String]
|
3971
|
+
#
|
3972
|
+
# @!attribute [rw] group_entity_type
|
3973
|
+
# The policy store entity type that you want to map your users' group
|
3974
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
3975
|
+
# an entity that can have a user entity type as a member.
|
3976
|
+
# @return [String]
|
3977
|
+
#
|
3978
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectGroupConfiguration AWS API Documentation
|
3979
|
+
#
|
3980
|
+
class UpdateOpenIdConnectGroupConfiguration < Struct.new(
|
3981
|
+
:group_claim,
|
3982
|
+
:group_entity_type)
|
3983
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
3984
|
+
include Aws::Structure
|
3985
|
+
end
|
3986
|
+
|
3987
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
3988
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
3989
|
+
# to identify as the principal in an authorization request, and the
|
3990
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
3991
|
+
#
|
3992
|
+
# This data type is part of a [UpdateOpenIdConnectTokenSelection][1]
|
3993
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3994
|
+
#
|
3995
|
+
#
|
3996
|
+
#
|
3997
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html
|
3998
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3999
|
+
#
|
4000
|
+
# @!attribute [rw] principal_id_claim
|
4001
|
+
# The claim that determines the principal in OIDC access tokens. For
|
4002
|
+
# example, `sub`.
|
4003
|
+
# @return [String]
|
4004
|
+
#
|
4005
|
+
# @!attribute [rw] client_ids
|
4006
|
+
# The ID token audience, or client ID, claim values that you want to
|
4007
|
+
# accept in your policy store from an OIDC identity provider. For
|
4008
|
+
# example, `1example23456789, 2example10111213`.
|
4009
|
+
# @return [Array<String>]
|
4010
|
+
#
|
4011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectIdentityTokenConfiguration AWS API Documentation
|
4012
|
+
#
|
4013
|
+
class UpdateOpenIdConnectIdentityTokenConfiguration < Struct.new(
|
4014
|
+
:principal_id_claim,
|
4015
|
+
:client_ids)
|
4016
|
+
SENSITIVE = [:principal_id_claim]
|
4017
|
+
include Aws::Structure
|
4018
|
+
end
|
4019
|
+
|
4020
|
+
# The token type that you want to process from your OIDC identity
|
4021
|
+
# provider. Your policy store can process either identity (ID) or access
|
4022
|
+
# tokens from a given OIDC identity source.
|
4023
|
+
#
|
4024
|
+
# This data type is part of a [UpdateOpenIdConnectConfiguration][1]
|
4025
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
4026
|
+
#
|
4027
|
+
#
|
4028
|
+
#
|
4029
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html
|
4030
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
4031
|
+
#
|
4032
|
+
# @note UpdateOpenIdConnectTokenSelection is a union - when making an API calls you must set exactly one of the members.
|
4033
|
+
#
|
4034
|
+
# @!attribute [rw] access_token_only
|
4035
|
+
# The OIDC configuration for processing access tokens. Contains
|
4036
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
4037
|
+
# the claim that you want to map to the principal, for example `sub`.
|
4038
|
+
# @return [Types::UpdateOpenIdConnectAccessTokenConfiguration]
|
4039
|
+
#
|
4040
|
+
# @!attribute [rw] identity_token_only
|
4041
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
4042
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
4043
|
+
# claim that you want to map to the principal, for example `sub`.
|
4044
|
+
# @return [Types::UpdateOpenIdConnectIdentityTokenConfiguration]
|
4045
|
+
#
|
4046
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectTokenSelection AWS API Documentation
|
4047
|
+
#
|
4048
|
+
class UpdateOpenIdConnectTokenSelection < Struct.new(
|
4049
|
+
:access_token_only,
|
4050
|
+
:identity_token_only,
|
4051
|
+
:unknown)
|
4052
|
+
SENSITIVE = []
|
4053
|
+
include Aws::Structure
|
4054
|
+
include Aws::Structure::Union
|
4055
|
+
|
4056
|
+
class AccessTokenOnly < UpdateOpenIdConnectTokenSelection; end
|
4057
|
+
class IdentityTokenOnly < UpdateOpenIdConnectTokenSelection; end
|
4058
|
+
class Unknown < UpdateOpenIdConnectTokenSelection; end
|
4059
|
+
end
|
4060
|
+
|
3261
4061
|
# Contains information about updates to be applied to a policy.
|
3262
4062
|
#
|
3263
4063
|
# This data type is used as a request parameter in the [UpdatePolicy][1]
|