-
Notifications
You must be signed in to change notification settings - Fork 17
/
AuthenticateCognitoActionProps.go
122 lines (119 loc) · 4.92 KB
/
AuthenticateCognitoActionProps.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package awselasticloadbalancingv2actions
import (
"github.com/aws/aws-cdk-go/awscdk/v2"
"github.com/aws/aws-cdk-go/awscdk/v2/awscognito"
"github.com/aws/aws-cdk-go/awscdk/v2/awselasticloadbalancingv2"
)
// Properties for AuthenticateCognitoAction.
//
// Example:
// import "github.com/aws/aws-cdk-go/awscdk"
//
// var vpc vpc
// var certificate certificate
//
//
// lb := elbv2.NewApplicationLoadBalancer(this, jsii.String("LB"), &ApplicationLoadBalancerProps{
// Vpc: Vpc,
// InternetFacing: jsii.Boolean(true),
// })
//
// userPool := awscdk.Aws_cognito.NewUserPool(this, jsii.String("UserPool"))
// userPoolClient := awscdk.Aws_cognito.NewUserPoolClient(this, jsii.String("Client"), &UserPoolClientProps{
// UserPool: UserPool,
//
// // Required minimal configuration for use with an ELB
// GenerateSecret: jsii.Boolean(true),
// AuthFlows: &AuthFlow{
// UserPassword: jsii.Boolean(true),
// },
// OAuth: &OAuthSettings{
// Flows: &OAuthFlows{
// AuthorizationCodeGrant: jsii.Boolean(true),
// },
// Scopes: []oAuthScope{
// awscdk.*Aws_cognito.*oAuthScope_EMAIL(),
// },
// CallbackUrls: []*string{
// fmt.Sprintf("https://%v/oauth2/idpresponse", lb.LoadBalancerDnsName),
// },
// },
// })
// cfnClient := userPoolClient.Node.defaultChild.(cfnUserPoolClient)
// cfnClient.AddPropertyOverride(jsii.String("RefreshTokenValidity"), jsii.Number(1))
// cfnClient.AddPropertyOverride(jsii.String("SupportedIdentityProviders"), []interface{}{
// jsii.String("COGNITO"),
// })
//
// userPoolDomain := awscdk.Aws_cognito.NewUserPoolDomain(this, jsii.String("Domain"), &UserPoolDomainProps{
// UserPool: UserPool,
// CognitoDomain: &CognitoDomainOptions{
// DomainPrefix: jsii.String("test-cdk-prefix"),
// },
// })
//
// lb.AddListener(jsii.String("Listener"), &BaseApplicationListenerProps{
// Port: jsii.Number(443),
// Certificates: []iListenerCertificate{
// certificate,
// },
// DefaultAction: actions.NewAuthenticateCognitoAction(&AuthenticateCognitoActionProps{
// UserPool: *UserPool,
// UserPoolClient: *UserPoolClient,
// UserPoolDomain: *UserPoolDomain,
// Next: elbv2.ListenerAction_FixedResponse(jsii.Number(200), &FixedResponseOptions{
// ContentType: jsii.String("text/plain"),
// MessageBody: jsii.String("Authenticated"),
// }),
// }),
// })
//
// awscdk.NewCfnOutput(this, jsii.String("DNS"), &CfnOutputProps{
// Value: lb.*LoadBalancerDnsName,
// })
//
type AuthenticateCognitoActionProps struct {
// What action to execute next.
//
// Multiple actions form a linked chain; the chain must always terminate in a
// (weighted)forward, fixedResponse or redirect action.
Next awselasticloadbalancingv2.ListenerAction `field:"required" json:"next" yaml:"next"`
// The Amazon Cognito user pool.
UserPool awscognito.IUserPool `field:"required" json:"userPool" yaml:"userPool"`
// The Amazon Cognito user pool client.
UserPoolClient awscognito.IUserPoolClient `field:"required" json:"userPoolClient" yaml:"userPoolClient"`
// The domain prefix or fully-qualified domain name of the Amazon Cognito user pool.
UserPoolDomain awscognito.IUserPoolDomain `field:"required" json:"userPoolDomain" yaml:"userPoolDomain"`
// Allow HTTPS outbound traffic to communicate with the IdP.
//
// Set this property to false if the IP address used for the IdP endpoint is identifiable
// and you want to control outbound traffic.
// Then allow HTTPS outbound traffic to the IdP's IP address using the listener's `connections` property.
// See: https://repost.aws/knowledge-center/elb-configure-authentication-alb
//
// Default: true.
//
AllowHttpsOutbound *bool `field:"optional" json:"allowHttpsOutbound" yaml:"allowHttpsOutbound"`
// The query parameters (up to 10) to include in the redirect request to the authorization endpoint.
// Default: - No extra parameters.
//
AuthenticationRequestExtraParams *map[string]*string `field:"optional" json:"authenticationRequestExtraParams" yaml:"authenticationRequestExtraParams"`
// The behavior if the user is not authenticated.
// Default: UnauthenticatedAction.AUTHENTICATE
//
OnUnauthenticatedRequest awselasticloadbalancingv2.UnauthenticatedAction `field:"optional" json:"onUnauthenticatedRequest" yaml:"onUnauthenticatedRequest"`
// The set of user claims to be requested from the IdP.
//
// To verify which scope values your IdP supports and how to separate multiple values, see the documentation for your IdP.
// Default: "openid".
//
Scope *string `field:"optional" json:"scope" yaml:"scope"`
// The name of the cookie used to maintain session information.
// Default: "AWSELBAuthSessionCookie".
//
SessionCookieName *string `field:"optional" json:"sessionCookieName" yaml:"sessionCookieName"`
// The maximum duration of the authentication session.
// Default: Duration.days(7)
//
SessionTimeout awscdk.Duration `field:"optional" json:"sessionTimeout" yaml:"sessionTimeout"`
}