aws-sdk-verifiedpermissions 1.23.0 → 1.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-verifiedpermissions/client.rb +83 -36
- data/lib/aws-sdk-verifiedpermissions/client_api.rb +138 -0
- data/lib/aws-sdk-verifiedpermissions/types.rb +828 -28
- data/lib/aws-sdk-verifiedpermissions.rb +1 -1
- data/sig/client.rbs +36 -0
- data/sig/types.rbs +173 -1
- metadata +2 -2
@@ -500,9 +500,8 @@ module Aws::VerifiedPermissions
|
|
500
500
|
# to an Amazon Cognito user pool used as an identity provider for
|
501
501
|
# Verified Permissions.
|
502
502
|
#
|
503
|
-
# This data type
|
504
|
-
#
|
505
|
-
# [CreateIdentitySource][2].
|
503
|
+
# This data type part of a [Configuration][1] structure that is used as
|
504
|
+
# a parameter to [CreateIdentitySource][2].
|
506
505
|
#
|
507
506
|
# Example:`"CognitoUserPoolConfiguration":\{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
|
508
507
|
# ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration":
|
@@ -670,13 +669,6 @@ module Aws::VerifiedPermissions
|
|
670
669
|
# Contains configuration information used when creating a new identity
|
671
670
|
# source.
|
672
671
|
#
|
673
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
674
|
-
# Cognito user pool configuration.
|
675
|
-
#
|
676
|
-
# Specifies a `userPoolArn`, a `groupConfiguration`, and a `ClientId`.
|
677
|
-
#
|
678
|
-
# </note>
|
679
|
-
#
|
680
672
|
# This data type is used as a request parameter for the
|
681
673
|
# [CreateIdentitySource][1] operation.
|
682
674
|
#
|
@@ -702,16 +694,28 @@ module Aws::VerifiedPermissions
|
|
702
694
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
703
695
|
# @return [Types::CognitoUserPoolConfiguration]
|
704
696
|
#
|
697
|
+
# @!attribute [rw] open_id_connect_configuration
|
698
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
699
|
+
# provider, or identity source, that Verified Permissions can use to
|
700
|
+
# generate entities from authenticated identities. It specifies the
|
701
|
+
# issuer URL, token type that you want to use, and policy store entity
|
702
|
+
# details.
|
703
|
+
#
|
704
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
705
|
+
# @return [Types::OpenIdConnectConfiguration]
|
706
|
+
#
|
705
707
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/Configuration AWS API Documentation
|
706
708
|
#
|
707
709
|
class Configuration < Struct.new(
|
708
710
|
:cognito_user_pool_configuration,
|
711
|
+
:open_id_connect_configuration,
|
709
712
|
:unknown)
|
710
713
|
SENSITIVE = []
|
711
714
|
include Aws::Structure
|
712
715
|
include Aws::Structure::Union
|
713
716
|
|
714
717
|
class CognitoUserPoolConfiguration < Configuration; end
|
718
|
+
class OpenIdConnectConfiguration < Configuration; end
|
715
719
|
class Unknown < Configuration; end
|
716
720
|
end
|
717
721
|
|
@@ -743,16 +747,28 @@ module Aws::VerifiedPermissions
|
|
743
747
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
744
748
|
# @return [Types::CognitoUserPoolConfigurationDetail]
|
745
749
|
#
|
750
|
+
# @!attribute [rw] open_id_connect_configuration
|
751
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
752
|
+
# provider, or identity source, that Verified Permissions can use to
|
753
|
+
# generate entities from authenticated identities. It specifies the
|
754
|
+
# issuer URL, token type that you want to use, and policy store entity
|
755
|
+
# details.
|
756
|
+
#
|
757
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
758
|
+
# @return [Types::OpenIdConnectConfigurationDetail]
|
759
|
+
#
|
746
760
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationDetail AWS API Documentation
|
747
761
|
#
|
748
762
|
class ConfigurationDetail < Struct.new(
|
749
763
|
:cognito_user_pool_configuration,
|
764
|
+
:open_id_connect_configuration,
|
750
765
|
:unknown)
|
751
766
|
SENSITIVE = []
|
752
767
|
include Aws::Structure
|
753
768
|
include Aws::Structure::Union
|
754
769
|
|
755
770
|
class CognitoUserPoolConfiguration < ConfigurationDetail; end
|
771
|
+
class OpenIdConnectConfiguration < ConfigurationDetail; end
|
756
772
|
class Unknown < ConfigurationDetail; end
|
757
773
|
end
|
758
774
|
|
@@ -784,16 +800,28 @@ module Aws::VerifiedPermissions
|
|
784
800
|
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
785
801
|
# @return [Types::CognitoUserPoolConfigurationItem]
|
786
802
|
#
|
803
|
+
# @!attribute [rw] open_id_connect_configuration
|
804
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
805
|
+
# provider, or identity source, that Verified Permissions can use to
|
806
|
+
# generate entities from authenticated identities. It specifies the
|
807
|
+
# issuer URL, token type that you want to use, and policy store entity
|
808
|
+
# details.
|
809
|
+
#
|
810
|
+
# Example:`"configuration":\{"openIdConnectConfiguration":\{"issuer":"https://auth.example.com","tokenSelection":\{"accessTokenOnly":\{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"\}\},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":\{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"\}\}\}`
|
811
|
+
# @return [Types::OpenIdConnectConfigurationItem]
|
812
|
+
#
|
787
813
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/ConfigurationItem AWS API Documentation
|
788
814
|
#
|
789
815
|
class ConfigurationItem < Struct.new(
|
790
816
|
:cognito_user_pool_configuration,
|
817
|
+
:open_id_connect_configuration,
|
791
818
|
:unknown)
|
792
819
|
SENSITIVE = []
|
793
820
|
include Aws::Structure
|
794
821
|
include Aws::Structure::Union
|
795
822
|
|
796
823
|
class CognitoUserPoolConfiguration < ConfigurationItem; end
|
824
|
+
class OpenIdConnectConfiguration < ConfigurationItem; end
|
797
825
|
class Unknown < ConfigurationItem; end
|
798
826
|
end
|
799
827
|
|
@@ -851,7 +879,7 @@ module Aws::VerifiedPermissions
|
|
851
879
|
class ContextDefinition < Struct.new(
|
852
880
|
:context_map,
|
853
881
|
:unknown)
|
854
|
-
SENSITIVE = []
|
882
|
+
SENSITIVE = [:context_map]
|
855
883
|
include Aws::Structure
|
856
884
|
include Aws::Structure::Union
|
857
885
|
|
@@ -897,13 +925,6 @@ module Aws::VerifiedPermissions
|
|
897
925
|
# @!attribute [rw] configuration
|
898
926
|
# Specifies the details required to communicate with the identity
|
899
927
|
# provider (IdP) associated with this identity source.
|
900
|
-
#
|
901
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
902
|
-
# Cognito user pool configuration.
|
903
|
-
#
|
904
|
-
# You must specify a `UserPoolArn`, and optionally, a `ClientId`.
|
905
|
-
#
|
906
|
-
# </note>
|
907
928
|
# @return [Types::Configuration]
|
908
929
|
#
|
909
930
|
# @!attribute [rw] principal_entity_type
|
@@ -1430,7 +1451,15 @@ module Aws::VerifiedPermissions
|
|
1430
1451
|
# @return [Hash<String,Types::AttributeValue>]
|
1431
1452
|
#
|
1432
1453
|
# @!attribute [rw] parents
|
1433
|
-
# The
|
1454
|
+
# The parent entities in the hierarchy that contains the entity. A
|
1455
|
+
# principal or resource entity can be defined with at most 99
|
1456
|
+
# *transitive parents* per authorization request.
|
1457
|
+
#
|
1458
|
+
# A transitive parent is an entity in the hierarchy of entities
|
1459
|
+
# including all direct parents, and parents of parents. For example, a
|
1460
|
+
# user can be a member of 91 groups if one of those groups is a member
|
1461
|
+
# of eight groups, for a total of 100: one entity, 91 entity parents,
|
1462
|
+
# and eight parents of parents.
|
1434
1463
|
# @return [Array<Types::EntityIdentifier>]
|
1435
1464
|
#
|
1436
1465
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/EntityItem AWS API Documentation
|
@@ -2437,6 +2466,582 @@ module Aws::VerifiedPermissions
|
|
2437
2466
|
include Aws::Structure
|
2438
2467
|
end
|
2439
2468
|
|
2469
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2470
|
+
# handling access token claims. Contains the claim that you want to
|
2471
|
+
# identify as the principal in an authorization request, and the values
|
2472
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2473
|
+
#
|
2474
|
+
# This data type is part of a [OpenIdConnectTokenSelection][1]
|
2475
|
+
# structure, which is a parameter of [CreateIdentitySource][2].
|
2476
|
+
#
|
2477
|
+
#
|
2478
|
+
#
|
2479
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html
|
2480
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2481
|
+
#
|
2482
|
+
# @!attribute [rw] principal_id_claim
|
2483
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2484
|
+
# example, `sub`.
|
2485
|
+
# @return [String]
|
2486
|
+
#
|
2487
|
+
# @!attribute [rw] audiences
|
2488
|
+
# The access token `aud` claim values that you want to accept in your
|
2489
|
+
# policy store. For example, `https://myapp.example.com,
|
2490
|
+
# https://myapp2.example.com`.
|
2491
|
+
# @return [Array<String>]
|
2492
|
+
#
|
2493
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfiguration AWS API Documentation
|
2494
|
+
#
|
2495
|
+
class OpenIdConnectAccessTokenConfiguration < Struct.new(
|
2496
|
+
:principal_id_claim,
|
2497
|
+
:audiences)
|
2498
|
+
SENSITIVE = [:principal_id_claim]
|
2499
|
+
include Aws::Structure
|
2500
|
+
end
|
2501
|
+
|
2502
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2503
|
+
# handling access token claims. Contains the claim that you want to
|
2504
|
+
# identify as the principal in an authorization request, and the values
|
2505
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2506
|
+
#
|
2507
|
+
# This data type is part of a [OpenIdConnectTokenSelectionDetail][1]
|
2508
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2509
|
+
#
|
2510
|
+
#
|
2511
|
+
#
|
2512
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html
|
2513
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2514
|
+
#
|
2515
|
+
# @!attribute [rw] principal_id_claim
|
2516
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2517
|
+
# example, `sub`.
|
2518
|
+
# @return [String]
|
2519
|
+
#
|
2520
|
+
# @!attribute [rw] audiences
|
2521
|
+
# The access token `aud` claim values that you want to accept in your
|
2522
|
+
# policy store. For example, `https://myapp.example.com,
|
2523
|
+
# https://myapp2.example.com`.
|
2524
|
+
# @return [Array<String>]
|
2525
|
+
#
|
2526
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfigurationDetail AWS API Documentation
|
2527
|
+
#
|
2528
|
+
class OpenIdConnectAccessTokenConfigurationDetail < Struct.new(
|
2529
|
+
:principal_id_claim,
|
2530
|
+
:audiences)
|
2531
|
+
SENSITIVE = [:principal_id_claim]
|
2532
|
+
include Aws::Structure
|
2533
|
+
end
|
2534
|
+
|
2535
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2536
|
+
# handling access token claims. Contains the claim that you want to
|
2537
|
+
# identify as the principal in an authorization request, and the values
|
2538
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
2539
|
+
#
|
2540
|
+
# This data type is part of a [OpenIdConnectTokenSelectionItem][1]
|
2541
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
2542
|
+
#
|
2543
|
+
#
|
2544
|
+
#
|
2545
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html
|
2546
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2547
|
+
#
|
2548
|
+
# @!attribute [rw] principal_id_claim
|
2549
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2550
|
+
# example, `sub`.
|
2551
|
+
# @return [String]
|
2552
|
+
#
|
2553
|
+
# @!attribute [rw] audiences
|
2554
|
+
# The access token `aud` claim values that you want to accept in your
|
2555
|
+
# policy store. For example, `https://myapp.example.com,
|
2556
|
+
# https://myapp2.example.com`.
|
2557
|
+
# @return [Array<String>]
|
2558
|
+
#
|
2559
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectAccessTokenConfigurationItem AWS API Documentation
|
2560
|
+
#
|
2561
|
+
class OpenIdConnectAccessTokenConfigurationItem < Struct.new(
|
2562
|
+
:principal_id_claim,
|
2563
|
+
:audiences)
|
2564
|
+
SENSITIVE = [:principal_id_claim]
|
2565
|
+
include Aws::Structure
|
2566
|
+
end
|
2567
|
+
|
2568
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2569
|
+
# provider, or identity source, that Verified Permissions can use to
|
2570
|
+
# generate entities from authenticated identities. It specifies the
|
2571
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2572
|
+
# details.
|
2573
|
+
#
|
2574
|
+
# This data type is part of a [Configuration][1] structure, which is a
|
2575
|
+
# parameter to [CreateIdentitySource][2].
|
2576
|
+
#
|
2577
|
+
#
|
2578
|
+
#
|
2579
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_Configuration.html
|
2580
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2581
|
+
#
|
2582
|
+
# @!attribute [rw] issuer
|
2583
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2584
|
+
# OIDC discovery endpoint at the path
|
2585
|
+
# `.well-known/openid-configuration`.
|
2586
|
+
# @return [String]
|
2587
|
+
#
|
2588
|
+
# @!attribute [rw] entity_id_prefix
|
2589
|
+
# A descriptive string that you want to prefix to user entities from
|
2590
|
+
# your OIDC identity provider. For example, if you set an
|
2591
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2592
|
+
# in your policies in the format
|
2593
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2594
|
+
# @return [String]
|
2595
|
+
#
|
2596
|
+
# @!attribute [rw] group_configuration
|
2597
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2598
|
+
# group membership, and the entity type that you want to map it to.
|
2599
|
+
# For example, this object can map the contents of a `groups` claim to
|
2600
|
+
# `MyCorp::UserGroup`.
|
2601
|
+
# @return [Types::OpenIdConnectGroupConfiguration]
|
2602
|
+
#
|
2603
|
+
# @!attribute [rw] token_selection
|
2604
|
+
# The token type that you want to process from your OIDC identity
|
2605
|
+
# provider. Your policy store can process either identity (ID) or
|
2606
|
+
# access tokens from a given OIDC identity source.
|
2607
|
+
# @return [Types::OpenIdConnectTokenSelection]
|
2608
|
+
#
|
2609
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfiguration AWS API Documentation
|
2610
|
+
#
|
2611
|
+
class OpenIdConnectConfiguration < Struct.new(
|
2612
|
+
:issuer,
|
2613
|
+
:entity_id_prefix,
|
2614
|
+
:group_configuration,
|
2615
|
+
:token_selection)
|
2616
|
+
SENSITIVE = [:entity_id_prefix]
|
2617
|
+
include Aws::Structure
|
2618
|
+
end
|
2619
|
+
|
2620
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2621
|
+
# provider, or identity source, that Verified Permissions can use to
|
2622
|
+
# generate entities from authenticated identities. It specifies the
|
2623
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2624
|
+
# details.
|
2625
|
+
#
|
2626
|
+
# This data type is part of a [ConfigurationDetail][1] structure, which
|
2627
|
+
# is a parameter to [GetIdentitySource][2].
|
2628
|
+
#
|
2629
|
+
#
|
2630
|
+
#
|
2631
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
|
2632
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2633
|
+
#
|
2634
|
+
# @!attribute [rw] issuer
|
2635
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2636
|
+
# OIDC discovery endpoint at the path
|
2637
|
+
# `.well-known/openid-configuration`.
|
2638
|
+
# @return [String]
|
2639
|
+
#
|
2640
|
+
# @!attribute [rw] entity_id_prefix
|
2641
|
+
# A descriptive string that you want to prefix to user entities from
|
2642
|
+
# your OIDC identity provider. For example, if you set an
|
2643
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2644
|
+
# in your policies in the format
|
2645
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2646
|
+
# @return [String]
|
2647
|
+
#
|
2648
|
+
# @!attribute [rw] group_configuration
|
2649
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2650
|
+
# group membership, and the entity type that you want to map it to.
|
2651
|
+
# For example, this object can map the contents of a `groups` claim to
|
2652
|
+
# `MyCorp::UserGroup`.
|
2653
|
+
# @return [Types::OpenIdConnectGroupConfigurationDetail]
|
2654
|
+
#
|
2655
|
+
# @!attribute [rw] token_selection
|
2656
|
+
# The token type that you want to process from your OIDC identity
|
2657
|
+
# provider. Your policy store can process either identity (ID) or
|
2658
|
+
# access tokens from a given OIDC identity source.
|
2659
|
+
# @return [Types::OpenIdConnectTokenSelectionDetail]
|
2660
|
+
#
|
2661
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfigurationDetail AWS API Documentation
|
2662
|
+
#
|
2663
|
+
class OpenIdConnectConfigurationDetail < Struct.new(
|
2664
|
+
:issuer,
|
2665
|
+
:entity_id_prefix,
|
2666
|
+
:group_configuration,
|
2667
|
+
:token_selection)
|
2668
|
+
SENSITIVE = [:entity_id_prefix]
|
2669
|
+
include Aws::Structure
|
2670
|
+
end
|
2671
|
+
|
2672
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
2673
|
+
# provider, or identity source, that Verified Permissions can use to
|
2674
|
+
# generate entities from authenticated identities. It specifies the
|
2675
|
+
# issuer URL, token type that you want to use, and policy store entity
|
2676
|
+
# details.
|
2677
|
+
#
|
2678
|
+
# This data type is part of a [ConfigurationItem][1] structure, which is
|
2679
|
+
# a parameter to [ListIdentitySources][2].
|
2680
|
+
#
|
2681
|
+
#
|
2682
|
+
#
|
2683
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ConfigurationDetail.html
|
2684
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2685
|
+
#
|
2686
|
+
# @!attribute [rw] issuer
|
2687
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
2688
|
+
# OIDC discovery endpoint at the path
|
2689
|
+
# `.well-known/openid-configuration`.
|
2690
|
+
# @return [String]
|
2691
|
+
#
|
2692
|
+
# @!attribute [rw] entity_id_prefix
|
2693
|
+
# A descriptive string that you want to prefix to user entities from
|
2694
|
+
# your OIDC identity provider. For example, if you set an
|
2695
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
2696
|
+
# in your policies in the format
|
2697
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
2698
|
+
# @return [String]
|
2699
|
+
#
|
2700
|
+
# @!attribute [rw] group_configuration
|
2701
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2702
|
+
# group membership, and the entity type that you want to map it to.
|
2703
|
+
# For example, this object can map the contents of a `groups` claim to
|
2704
|
+
# `MyCorp::UserGroup`.
|
2705
|
+
# @return [Types::OpenIdConnectGroupConfigurationItem]
|
2706
|
+
#
|
2707
|
+
# @!attribute [rw] token_selection
|
2708
|
+
# The token type that you want to process from your OIDC identity
|
2709
|
+
# provider. Your policy store can process either identity (ID) or
|
2710
|
+
# access tokens from a given OIDC identity source.
|
2711
|
+
# @return [Types::OpenIdConnectTokenSelectionItem]
|
2712
|
+
#
|
2713
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectConfigurationItem AWS API Documentation
|
2714
|
+
#
|
2715
|
+
class OpenIdConnectConfigurationItem < Struct.new(
|
2716
|
+
:issuer,
|
2717
|
+
:entity_id_prefix,
|
2718
|
+
:group_configuration,
|
2719
|
+
:token_selection)
|
2720
|
+
SENSITIVE = [:entity_id_prefix]
|
2721
|
+
include Aws::Structure
|
2722
|
+
end
|
2723
|
+
|
2724
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2725
|
+
# group membership, and the entity type that you want to map it to. For
|
2726
|
+
# example, this object can map the contents of a `groups` claim to
|
2727
|
+
# `MyCorp::UserGroup`.
|
2728
|
+
#
|
2729
|
+
# This data type is part of a [OpenIdConnectConfiguration][1] structure,
|
2730
|
+
# which is a parameter of [CreateIdentitySource][2].
|
2731
|
+
#
|
2732
|
+
#
|
2733
|
+
#
|
2734
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html
|
2735
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2736
|
+
#
|
2737
|
+
# @!attribute [rw] group_claim
|
2738
|
+
# The token claim that you want Verified Permissions to interpret as
|
2739
|
+
# group membership. For example, `groups`.
|
2740
|
+
# @return [String]
|
2741
|
+
#
|
2742
|
+
# @!attribute [rw] group_entity_type
|
2743
|
+
# The policy store entity type that you want to map your users' group
|
2744
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2745
|
+
# an entity that can have a user entity type as a member.
|
2746
|
+
# @return [String]
|
2747
|
+
#
|
2748
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfiguration AWS API Documentation
|
2749
|
+
#
|
2750
|
+
class OpenIdConnectGroupConfiguration < Struct.new(
|
2751
|
+
:group_claim,
|
2752
|
+
:group_entity_type)
|
2753
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2754
|
+
include Aws::Structure
|
2755
|
+
end
|
2756
|
+
|
2757
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2758
|
+
# group membership, and the entity type that you want to map it to. For
|
2759
|
+
# example, this object can map the contents of a `groups` claim to
|
2760
|
+
# `MyCorp::UserGroup`.
|
2761
|
+
#
|
2762
|
+
# This data type is part of a [OpenIdConnectConfigurationDetail][1]
|
2763
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2764
|
+
#
|
2765
|
+
#
|
2766
|
+
#
|
2767
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html
|
2768
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2769
|
+
#
|
2770
|
+
# @!attribute [rw] group_claim
|
2771
|
+
# The token claim that you want Verified Permissions to interpret as
|
2772
|
+
# group membership. For example, `groups`.
|
2773
|
+
# @return [String]
|
2774
|
+
#
|
2775
|
+
# @!attribute [rw] group_entity_type
|
2776
|
+
# The policy store entity type that you want to map your users' group
|
2777
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2778
|
+
# an entity that can have a user entity type as a member.
|
2779
|
+
# @return [String]
|
2780
|
+
#
|
2781
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfigurationDetail AWS API Documentation
|
2782
|
+
#
|
2783
|
+
class OpenIdConnectGroupConfigurationDetail < Struct.new(
|
2784
|
+
:group_claim,
|
2785
|
+
:group_entity_type)
|
2786
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2787
|
+
include Aws::Structure
|
2788
|
+
end
|
2789
|
+
|
2790
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
2791
|
+
# group membership, and the entity type that you want to map it to. For
|
2792
|
+
# example, this object can map the contents of a `groups` claim to
|
2793
|
+
# `MyCorp::UserGroup`.
|
2794
|
+
#
|
2795
|
+
# This data type is part of a [OpenIdConnectConfigurationItem][1]
|
2796
|
+
# structure, which is a parameter of [ListIdentitySourcea][2].
|
2797
|
+
#
|
2798
|
+
#
|
2799
|
+
#
|
2800
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html
|
2801
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2802
|
+
#
|
2803
|
+
# @!attribute [rw] group_claim
|
2804
|
+
# The token claim that you want Verified Permissions to interpret as
|
2805
|
+
# group membership. For example, `groups`.
|
2806
|
+
# @return [String]
|
2807
|
+
#
|
2808
|
+
# @!attribute [rw] group_entity_type
|
2809
|
+
# The policy store entity type that you want to map your users' group
|
2810
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
2811
|
+
# an entity that can have a user entity type as a member.
|
2812
|
+
# @return [String]
|
2813
|
+
#
|
2814
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectGroupConfigurationItem AWS API Documentation
|
2815
|
+
#
|
2816
|
+
class OpenIdConnectGroupConfigurationItem < Struct.new(
|
2817
|
+
:group_claim,
|
2818
|
+
:group_entity_type)
|
2819
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
2820
|
+
include Aws::Structure
|
2821
|
+
end
|
2822
|
+
|
2823
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2824
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2825
|
+
# to identify as the principal in an authorization request, and the
|
2826
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2827
|
+
#
|
2828
|
+
# This data type is part of a [OpenIdConnectTokenSelection][1]
|
2829
|
+
# structure, which is a parameter of [CreateIdentitySource][2].
|
2830
|
+
#
|
2831
|
+
#
|
2832
|
+
#
|
2833
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelection.html
|
2834
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2835
|
+
#
|
2836
|
+
# @!attribute [rw] principal_id_claim
|
2837
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2838
|
+
# example, `sub`.
|
2839
|
+
# @return [String]
|
2840
|
+
#
|
2841
|
+
# @!attribute [rw] client_ids
|
2842
|
+
# The ID token audience, or client ID, claim values that you want to
|
2843
|
+
# accept in your policy store from an OIDC identity provider. For
|
2844
|
+
# example, `1example23456789, 2example10111213`.
|
2845
|
+
# @return [Array<String>]
|
2846
|
+
#
|
2847
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfiguration AWS API Documentation
|
2848
|
+
#
|
2849
|
+
class OpenIdConnectIdentityTokenConfiguration < Struct.new(
|
2850
|
+
:principal_id_claim,
|
2851
|
+
:client_ids)
|
2852
|
+
SENSITIVE = [:principal_id_claim]
|
2853
|
+
include Aws::Structure
|
2854
|
+
end
|
2855
|
+
|
2856
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2857
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2858
|
+
# to identify as the principal in an authorization request, and the
|
2859
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2860
|
+
#
|
2861
|
+
# This data type is part of a [OpenIdConnectTokenSelectionDetail][1]
|
2862
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2863
|
+
#
|
2864
|
+
#
|
2865
|
+
#
|
2866
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionDetail.html
|
2867
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2868
|
+
#
|
2869
|
+
# @!attribute [rw] principal_id_claim
|
2870
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2871
|
+
# example, `sub`.
|
2872
|
+
# @return [String]
|
2873
|
+
#
|
2874
|
+
# @!attribute [rw] client_ids
|
2875
|
+
# The ID token audience, or client ID, claim values that you want to
|
2876
|
+
# accept in your policy store from an OIDC identity provider. For
|
2877
|
+
# example, `1example23456789, 2example10111213`.
|
2878
|
+
# @return [Array<String>]
|
2879
|
+
#
|
2880
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfigurationDetail AWS API Documentation
|
2881
|
+
#
|
2882
|
+
class OpenIdConnectIdentityTokenConfigurationDetail < Struct.new(
|
2883
|
+
:principal_id_claim,
|
2884
|
+
:client_ids)
|
2885
|
+
SENSITIVE = [:principal_id_claim]
|
2886
|
+
include Aws::Structure
|
2887
|
+
end
|
2888
|
+
|
2889
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
2890
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
2891
|
+
# to identify as the principal in an authorization request, and the
|
2892
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
2893
|
+
#
|
2894
|
+
# This data type is part of a [OpenIdConnectTokenSelectionItem][1]
|
2895
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
2896
|
+
#
|
2897
|
+
#
|
2898
|
+
#
|
2899
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectTokenSelectionItem.html
|
2900
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
2901
|
+
#
|
2902
|
+
# @!attribute [rw] principal_id_claim
|
2903
|
+
# The claim that determines the principal in OIDC access tokens. For
|
2904
|
+
# example, `sub`.
|
2905
|
+
# @return [String]
|
2906
|
+
#
|
2907
|
+
# @!attribute [rw] client_ids
|
2908
|
+
# The ID token audience, or client ID, claim values that you want to
|
2909
|
+
# accept in your policy store from an OIDC identity provider. For
|
2910
|
+
# example, `1example23456789, 2example10111213`.
|
2911
|
+
# @return [Array<String>]
|
2912
|
+
#
|
2913
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectIdentityTokenConfigurationItem AWS API Documentation
|
2914
|
+
#
|
2915
|
+
class OpenIdConnectIdentityTokenConfigurationItem < Struct.new(
|
2916
|
+
:principal_id_claim,
|
2917
|
+
:client_ids)
|
2918
|
+
SENSITIVE = [:principal_id_claim]
|
2919
|
+
include Aws::Structure
|
2920
|
+
end
|
2921
|
+
|
2922
|
+
# The token type that you want to process from your OIDC identity
|
2923
|
+
# provider. Your policy store can process either identity (ID) or access
|
2924
|
+
# tokens from a given OIDC identity source.
|
2925
|
+
#
|
2926
|
+
# This data type is part of a [OpenIdConnectConfiguration][1] structure,
|
2927
|
+
# which is a parameter of [CreateIdentitySource][2].
|
2928
|
+
#
|
2929
|
+
#
|
2930
|
+
#
|
2931
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfiguration.html
|
2932
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_CreateIdentitySource.html
|
2933
|
+
#
|
2934
|
+
# @note OpenIdConnectTokenSelection is a union - when making an API calls you must set exactly one of the members.
|
2935
|
+
#
|
2936
|
+
# @!attribute [rw] access_token_only
|
2937
|
+
# The OIDC configuration for processing access tokens. Contains
|
2938
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
2939
|
+
# the claim that you want to map to the principal, for example `sub`.
|
2940
|
+
# @return [Types::OpenIdConnectAccessTokenConfiguration]
|
2941
|
+
#
|
2942
|
+
# @!attribute [rw] identity_token_only
|
2943
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
2944
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
2945
|
+
# claim that you want to map to the principal, for example `sub`.
|
2946
|
+
# @return [Types::OpenIdConnectIdentityTokenConfiguration]
|
2947
|
+
#
|
2948
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelection AWS API Documentation
|
2949
|
+
#
|
2950
|
+
class OpenIdConnectTokenSelection < Struct.new(
|
2951
|
+
:access_token_only,
|
2952
|
+
:identity_token_only,
|
2953
|
+
:unknown)
|
2954
|
+
SENSITIVE = []
|
2955
|
+
include Aws::Structure
|
2956
|
+
include Aws::Structure::Union
|
2957
|
+
|
2958
|
+
class AccessTokenOnly < OpenIdConnectTokenSelection; end
|
2959
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelection; end
|
2960
|
+
class Unknown < OpenIdConnectTokenSelection; end
|
2961
|
+
end
|
2962
|
+
|
2963
|
+
# The token type that you want to process from your OIDC identity
|
2964
|
+
# provider. Your policy store can process either identity (ID) or access
|
2965
|
+
# tokens from a given OIDC identity source.
|
2966
|
+
#
|
2967
|
+
# This data type is part of a [OpenIdConnectConfigurationDetail][1]
|
2968
|
+
# structure, which is a parameter of [GetIdentitySource][2].
|
2969
|
+
#
|
2970
|
+
#
|
2971
|
+
#
|
2972
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationDetail.html
|
2973
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_GetIdentitySource.html
|
2974
|
+
#
|
2975
|
+
# @note OpenIdConnectTokenSelectionDetail is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of OpenIdConnectTokenSelectionDetail corresponding to the set member.
|
2976
|
+
#
|
2977
|
+
# @!attribute [rw] access_token_only
|
2978
|
+
# The OIDC configuration for processing access tokens. Contains
|
2979
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
2980
|
+
# the claim that you want to map to the principal, for example `sub`.
|
2981
|
+
# @return [Types::OpenIdConnectAccessTokenConfigurationDetail]
|
2982
|
+
#
|
2983
|
+
# @!attribute [rw] identity_token_only
|
2984
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
2985
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
2986
|
+
# claim that you want to map to the principal, for example `sub`.
|
2987
|
+
# @return [Types::OpenIdConnectIdentityTokenConfigurationDetail]
|
2988
|
+
#
|
2989
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelectionDetail AWS API Documentation
|
2990
|
+
#
|
2991
|
+
class OpenIdConnectTokenSelectionDetail < Struct.new(
|
2992
|
+
:access_token_only,
|
2993
|
+
:identity_token_only,
|
2994
|
+
:unknown)
|
2995
|
+
SENSITIVE = []
|
2996
|
+
include Aws::Structure
|
2997
|
+
include Aws::Structure::Union
|
2998
|
+
|
2999
|
+
class AccessTokenOnly < OpenIdConnectTokenSelectionDetail; end
|
3000
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelectionDetail; end
|
3001
|
+
class Unknown < OpenIdConnectTokenSelectionDetail; end
|
3002
|
+
end
|
3003
|
+
|
3004
|
+
# The token type that you want to process from your OIDC identity
|
3005
|
+
# provider. Your policy store can process either identity (ID) or access
|
3006
|
+
# tokens from a given OIDC identity source.
|
3007
|
+
#
|
3008
|
+
# This data type is part of a [OpenIdConnectConfigurationItem][1]
|
3009
|
+
# structure, which is a parameter of [ListIdentitySources][2].
|
3010
|
+
#
|
3011
|
+
#
|
3012
|
+
#
|
3013
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_OpenIdConnectConfigurationItem.html
|
3014
|
+
# [2]: http://amazonaws.com/verifiedpermissions/latest/apireference/API_ListIdentitySources.html
|
3015
|
+
#
|
3016
|
+
# @note OpenIdConnectTokenSelectionItem is a union - when returned from an API call exactly one value will be set and the returned type will be a subclass of OpenIdConnectTokenSelectionItem corresponding to the set member.
|
3017
|
+
#
|
3018
|
+
# @!attribute [rw] access_token_only
|
3019
|
+
# The OIDC configuration for processing access tokens. Contains
|
3020
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
3021
|
+
# the claim that you want to map to the principal, for example `sub`.
|
3022
|
+
# @return [Types::OpenIdConnectAccessTokenConfigurationItem]
|
3023
|
+
#
|
3024
|
+
# @!attribute [rw] identity_token_only
|
3025
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
3026
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
3027
|
+
# claim that you want to map to the principal, for example `sub`.
|
3028
|
+
# @return [Types::OpenIdConnectIdentityTokenConfigurationItem]
|
3029
|
+
#
|
3030
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/OpenIdConnectTokenSelectionItem AWS API Documentation
|
3031
|
+
#
|
3032
|
+
class OpenIdConnectTokenSelectionItem < Struct.new(
|
3033
|
+
:access_token_only,
|
3034
|
+
:identity_token_only,
|
3035
|
+
:unknown)
|
3036
|
+
SENSITIVE = []
|
3037
|
+
include Aws::Structure
|
3038
|
+
include Aws::Structure::Union
|
3039
|
+
|
3040
|
+
class AccessTokenOnly < OpenIdConnectTokenSelectionItem; end
|
3041
|
+
class IdentityTokenOnly < OpenIdConnectTokenSelectionItem; end
|
3042
|
+
class Unknown < OpenIdConnectTokenSelectionItem; end
|
3043
|
+
end
|
3044
|
+
|
2440
3045
|
# A structure that contains the details for a Cedar policy definition.
|
2441
3046
|
# It includes the policy type, a description, and a policy body. This is
|
2442
3047
|
# a top level data type used to create a policy.
|
@@ -3162,15 +3767,8 @@ module Aws::VerifiedPermissions
|
|
3162
3767
|
include Aws::Structure
|
3163
3768
|
end
|
3164
3769
|
|
3165
|
-
# Contains an
|
3166
|
-
#
|
3167
|
-
#
|
3168
|
-
# <note markdown="1"> At this time, the only valid member of this structure is a Amazon
|
3169
|
-
# Cognito user pool configuration.
|
3170
|
-
#
|
3171
|
-
# You must specify a `userPoolArn`, and optionally, a `ClientId`.
|
3172
|
-
#
|
3173
|
-
# </note>
|
3770
|
+
# Contains an update to replace the configuration in an existing
|
3771
|
+
# identity source.
|
3174
3772
|
#
|
3175
3773
|
# @note UpdateConfiguration is a union - when making an API calls you must set exactly one of the members.
|
3176
3774
|
#
|
@@ -3178,16 +3776,26 @@ module Aws::VerifiedPermissions
|
|
3178
3776
|
# Contains configuration details of a Amazon Cognito user pool.
|
3179
3777
|
# @return [Types::UpdateCognitoUserPoolConfiguration]
|
3180
3778
|
#
|
3779
|
+
# @!attribute [rw] open_id_connect_configuration
|
3780
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
3781
|
+
# provider, or identity source, that Verified Permissions can use to
|
3782
|
+
# generate entities from authenticated identities. It specifies the
|
3783
|
+
# issuer URL, token type that you want to use, and policy store entity
|
3784
|
+
# details.
|
3785
|
+
# @return [Types::UpdateOpenIdConnectConfiguration]
|
3786
|
+
#
|
3181
3787
|
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateConfiguration AWS API Documentation
|
3182
3788
|
#
|
3183
3789
|
class UpdateConfiguration < Struct.new(
|
3184
3790
|
:cognito_user_pool_configuration,
|
3791
|
+
:open_id_connect_configuration,
|
3185
3792
|
:unknown)
|
3186
3793
|
SENSITIVE = []
|
3187
3794
|
include Aws::Structure
|
3188
3795
|
include Aws::Structure::Union
|
3189
3796
|
|
3190
3797
|
class CognitoUserPoolConfiguration < UpdateConfiguration; end
|
3798
|
+
class OpenIdConnectConfiguration < UpdateConfiguration; end
|
3191
3799
|
class Unknown < UpdateConfiguration; end
|
3192
3800
|
end
|
3193
3801
|
|
@@ -3258,6 +3866,198 @@ module Aws::VerifiedPermissions
|
|
3258
3866
|
include Aws::Structure
|
3259
3867
|
end
|
3260
3868
|
|
3869
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
3870
|
+
# handling access token claims. Contains the claim that you want to
|
3871
|
+
# identify as the principal in an authorization request, and the values
|
3872
|
+
# of the `aud` claim, or audiences, that you want to accept.
|
3873
|
+
#
|
3874
|
+
# This data type is part of a [UpdateOpenIdConnectTokenSelection][1]
|
3875
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3876
|
+
#
|
3877
|
+
#
|
3878
|
+
#
|
3879
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html
|
3880
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3881
|
+
#
|
3882
|
+
# @!attribute [rw] principal_id_claim
|
3883
|
+
# The claim that determines the principal in OIDC access tokens. For
|
3884
|
+
# example, `sub`.
|
3885
|
+
# @return [String]
|
3886
|
+
#
|
3887
|
+
# @!attribute [rw] audiences
|
3888
|
+
# The access token `aud` claim values that you want to accept in your
|
3889
|
+
# policy store. For example, `https://myapp.example.com,
|
3890
|
+
# https://myapp2.example.com`.
|
3891
|
+
# @return [Array<String>]
|
3892
|
+
#
|
3893
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectAccessTokenConfiguration AWS API Documentation
|
3894
|
+
#
|
3895
|
+
class UpdateOpenIdConnectAccessTokenConfiguration < Struct.new(
|
3896
|
+
:principal_id_claim,
|
3897
|
+
:audiences)
|
3898
|
+
SENSITIVE = [:principal_id_claim]
|
3899
|
+
include Aws::Structure
|
3900
|
+
end
|
3901
|
+
|
3902
|
+
# Contains configuration details of an OpenID Connect (OIDC) identity
|
3903
|
+
# provider, or identity source, that Verified Permissions can use to
|
3904
|
+
# generate entities from authenticated identities. It specifies the
|
3905
|
+
# issuer URL, token type that you want to use, and policy store entity
|
3906
|
+
# details.
|
3907
|
+
#
|
3908
|
+
# This data type is part of a [UpdateConfiguration][1] structure, which
|
3909
|
+
# is a parameter to [UpdateIdentitySource][2].
|
3910
|
+
#
|
3911
|
+
#
|
3912
|
+
#
|
3913
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateConfiguration.html
|
3914
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3915
|
+
#
|
3916
|
+
# @!attribute [rw] issuer
|
3917
|
+
# The issuer URL of an OIDC identity provider. This URL must have an
|
3918
|
+
# OIDC discovery endpoint at the path
|
3919
|
+
# `.well-known/openid-configuration`.
|
3920
|
+
# @return [String]
|
3921
|
+
#
|
3922
|
+
# @!attribute [rw] entity_id_prefix
|
3923
|
+
# A descriptive string that you want to prefix to user entities from
|
3924
|
+
# your OIDC identity provider. For example, if you set an
|
3925
|
+
# `entityIdPrefix` of `MyOIDCProvider`, you can reference principals
|
3926
|
+
# in your policies in the format
|
3927
|
+
# `MyCorp::User::MyOIDCProvider|Carlos`.
|
3928
|
+
# @return [String]
|
3929
|
+
#
|
3930
|
+
# @!attribute [rw] group_configuration
|
3931
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
3932
|
+
# group membership, and the entity type that you want to map it to.
|
3933
|
+
# For example, this object can map the contents of a `groups` claim to
|
3934
|
+
# `MyCorp::UserGroup`.
|
3935
|
+
# @return [Types::UpdateOpenIdConnectGroupConfiguration]
|
3936
|
+
#
|
3937
|
+
# @!attribute [rw] token_selection
|
3938
|
+
# The token type that you want to process from your OIDC identity
|
3939
|
+
# provider. Your policy store can process either identity (ID) or
|
3940
|
+
# access tokens from a given OIDC identity source.
|
3941
|
+
# @return [Types::UpdateOpenIdConnectTokenSelection]
|
3942
|
+
#
|
3943
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectConfiguration AWS API Documentation
|
3944
|
+
#
|
3945
|
+
class UpdateOpenIdConnectConfiguration < Struct.new(
|
3946
|
+
:issuer,
|
3947
|
+
:entity_id_prefix,
|
3948
|
+
:group_configuration,
|
3949
|
+
:token_selection)
|
3950
|
+
SENSITIVE = [:entity_id_prefix]
|
3951
|
+
include Aws::Structure
|
3952
|
+
end
|
3953
|
+
|
3954
|
+
# The claim in OIDC identity provider tokens that indicates a user's
|
3955
|
+
# group membership, and the entity type that you want to map it to. For
|
3956
|
+
# example, this object can map the contents of a `groups` claim to
|
3957
|
+
# `MyCorp::UserGroup`.
|
3958
|
+
#
|
3959
|
+
# This data type is part of a [UpdateOpenIdConnectConfiguration][1]
|
3960
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3961
|
+
#
|
3962
|
+
#
|
3963
|
+
#
|
3964
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html
|
3965
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3966
|
+
#
|
3967
|
+
# @!attribute [rw] group_claim
|
3968
|
+
# The token claim that you want Verified Permissions to interpret as
|
3969
|
+
# group membership. For example, `groups`.
|
3970
|
+
# @return [String]
|
3971
|
+
#
|
3972
|
+
# @!attribute [rw] group_entity_type
|
3973
|
+
# The policy store entity type that you want to map your users' group
|
3974
|
+
# claim to. For example, `MyCorp::UserGroup`. A group entity type is
|
3975
|
+
# an entity that can have a user entity type as a member.
|
3976
|
+
# @return [String]
|
3977
|
+
#
|
3978
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectGroupConfiguration AWS API Documentation
|
3979
|
+
#
|
3980
|
+
class UpdateOpenIdConnectGroupConfiguration < Struct.new(
|
3981
|
+
:group_claim,
|
3982
|
+
:group_entity_type)
|
3983
|
+
SENSITIVE = [:group_claim, :group_entity_type]
|
3984
|
+
include Aws::Structure
|
3985
|
+
end
|
3986
|
+
|
3987
|
+
# The configuration of an OpenID Connect (OIDC) identity source for
|
3988
|
+
# handling identity (ID) token claims. Contains the claim that you want
|
3989
|
+
# to identify as the principal in an authorization request, and the
|
3990
|
+
# values of the `aud` claim, or audiences, that you want to accept.
|
3991
|
+
#
|
3992
|
+
# This data type is part of a [UpdateOpenIdConnectTokenSelection][1]
|
3993
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
3994
|
+
#
|
3995
|
+
#
|
3996
|
+
#
|
3997
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectTokenSelection.html
|
3998
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
3999
|
+
#
|
4000
|
+
# @!attribute [rw] principal_id_claim
|
4001
|
+
# The claim that determines the principal in OIDC access tokens. For
|
4002
|
+
# example, `sub`.
|
4003
|
+
# @return [String]
|
4004
|
+
#
|
4005
|
+
# @!attribute [rw] client_ids
|
4006
|
+
# The ID token audience, or client ID, claim values that you want to
|
4007
|
+
# accept in your policy store from an OIDC identity provider. For
|
4008
|
+
# example, `1example23456789, 2example10111213`.
|
4009
|
+
# @return [Array<String>]
|
4010
|
+
#
|
4011
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectIdentityTokenConfiguration AWS API Documentation
|
4012
|
+
#
|
4013
|
+
class UpdateOpenIdConnectIdentityTokenConfiguration < Struct.new(
|
4014
|
+
:principal_id_claim,
|
4015
|
+
:client_ids)
|
4016
|
+
SENSITIVE = [:principal_id_claim]
|
4017
|
+
include Aws::Structure
|
4018
|
+
end
|
4019
|
+
|
4020
|
+
# The token type that you want to process from your OIDC identity
|
4021
|
+
# provider. Your policy store can process either identity (ID) or access
|
4022
|
+
# tokens from a given OIDC identity source.
|
4023
|
+
#
|
4024
|
+
# This data type is part of a [UpdateOpenIdConnectConfiguration][1]
|
4025
|
+
# structure, which is a parameter to [UpdateIdentitySource][2].
|
4026
|
+
#
|
4027
|
+
#
|
4028
|
+
#
|
4029
|
+
# [1]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateOpenIdConnectConfiguration.html
|
4030
|
+
# [2]: https://docs.aws.amazon.com/verifiedpermissions/latest/apireference/API_UpdateIdentitySource.html
|
4031
|
+
#
|
4032
|
+
# @note UpdateOpenIdConnectTokenSelection is a union - when making an API calls you must set exactly one of the members.
|
4033
|
+
#
|
4034
|
+
# @!attribute [rw] access_token_only
|
4035
|
+
# The OIDC configuration for processing access tokens. Contains
|
4036
|
+
# allowed audience claims, for example `https://auth.example.com`, and
|
4037
|
+
# the claim that you want to map to the principal, for example `sub`.
|
4038
|
+
# @return [Types::UpdateOpenIdConnectAccessTokenConfiguration]
|
4039
|
+
#
|
4040
|
+
# @!attribute [rw] identity_token_only
|
4041
|
+
# The OIDC configuration for processing identity (ID) tokens. Contains
|
4042
|
+
# allowed client ID claims, for example `1example23456789`, and the
|
4043
|
+
# claim that you want to map to the principal, for example `sub`.
|
4044
|
+
# @return [Types::UpdateOpenIdConnectIdentityTokenConfiguration]
|
4045
|
+
#
|
4046
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/verifiedpermissions-2021-12-01/UpdateOpenIdConnectTokenSelection AWS API Documentation
|
4047
|
+
#
|
4048
|
+
class UpdateOpenIdConnectTokenSelection < Struct.new(
|
4049
|
+
:access_token_only,
|
4050
|
+
:identity_token_only,
|
4051
|
+
:unknown)
|
4052
|
+
SENSITIVE = []
|
4053
|
+
include Aws::Structure
|
4054
|
+
include Aws::Structure::Union
|
4055
|
+
|
4056
|
+
class AccessTokenOnly < UpdateOpenIdConnectTokenSelection; end
|
4057
|
+
class IdentityTokenOnly < UpdateOpenIdConnectTokenSelection; end
|
4058
|
+
class Unknown < UpdateOpenIdConnectTokenSelection; end
|
4059
|
+
end
|
4060
|
+
|
3261
4061
|
# Contains information about updates to be applied to a policy.
|
3262
4062
|
#
|
3263
4063
|
# This data type is used as a request parameter in the [UpdatePolicy][1]
|