{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.ELBV2.Types.AuthenticateOidcActionConfig
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.ELBV2.Types.AuthenticateOidcActionConfig where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import Amazonka.ELBV2.Types.AuthenticateOidcActionConditionalBehaviorEnum
import qualified Amazonka.Prelude as Prelude

-- | Request parameters when using an identity provider (IdP) that is
-- compliant with OpenID Connect (OIDC) to authenticate users.
--
-- /See:/ 'newAuthenticateOidcActionConfig' smart constructor.
data AuthenticateOidcActionConfig = AuthenticateOidcActionConfig'
  { -- | The query parameters (up to 10) to include in the redirect request to
    -- the authorization endpoint.
    AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
authenticationRequestExtraParams :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),
    -- | The OAuth 2.0 client secret. This parameter is required if you are
    -- creating a rule. If you are modifying a rule, you can omit this
    -- parameter if you set @UseExistingClientSecret@ to true.
    AuthenticateOidcActionConfig -> Maybe Text
clientSecret :: Prelude.Maybe Prelude.Text,
    -- | The behavior if the user is not authenticated. The following are
    -- possible values:
    --
    -- -   deny - Return an HTTP 401 Unauthorized error.
    --
    -- -   allow - Allow the request to be forwarded to the target.
    --
    -- -   authenticate - Redirect the request to the IdP authorization
    --     endpoint. This is the default value.
    AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest :: Prelude.Maybe AuthenticateOidcActionConditionalBehaviorEnum,
    -- | The set of user claims to be requested from the IdP. The default is
    -- @openid@.
    --
    -- To verify which scope values your IdP supports and how to separate
    -- multiple values, see the documentation for your IdP.
    AuthenticateOidcActionConfig -> Maybe Text
scope :: Prelude.Maybe Prelude.Text,
    -- | The name of the cookie used to maintain session information. The default
    -- is AWSELBAuthSessionCookie.
    AuthenticateOidcActionConfig -> Maybe Text
sessionCookieName :: Prelude.Maybe Prelude.Text,
    -- | The maximum duration of the authentication session, in seconds. The
    -- default is 604800 seconds (7 days).
    AuthenticateOidcActionConfig -> Maybe Integer
sessionTimeout :: Prelude.Maybe Prelude.Integer,
    -- | Indicates whether to use the existing client secret when modifying a
    -- rule. If you are creating a rule, you can omit this parameter or set it
    -- to false.
    AuthenticateOidcActionConfig -> Maybe Bool
useExistingClientSecret :: Prelude.Maybe Prelude.Bool,
    -- | The OIDC issuer identifier of the IdP. This must be a full URL,
    -- including the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
issuer :: Prelude.Text,
    -- | The authorization endpoint of the IdP. This must be a full URL,
    -- including the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
authorizationEndpoint :: Prelude.Text,
    -- | The token endpoint of the IdP. This must be a full URL, including the
    -- HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
tokenEndpoint :: Prelude.Text,
    -- | The user info endpoint of the IdP. This must be a full URL, including
    -- the HTTPS protocol, the domain, and the path.
    AuthenticateOidcActionConfig -> Text
userInfoEndpoint :: Prelude.Text,
    -- | The OAuth 2.0 client identifier.
    AuthenticateOidcActionConfig -> Text
clientId :: Prelude.Text
  }
  deriving (AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
$c/= :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
== :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
$c== :: AuthenticateOidcActionConfig
-> AuthenticateOidcActionConfig -> Bool
Prelude.Eq, ReadPrec [AuthenticateOidcActionConfig]
ReadPrec AuthenticateOidcActionConfig
Int -> ReadS AuthenticateOidcActionConfig
ReadS [AuthenticateOidcActionConfig]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [AuthenticateOidcActionConfig]
$creadListPrec :: ReadPrec [AuthenticateOidcActionConfig]
readPrec :: ReadPrec AuthenticateOidcActionConfig
$creadPrec :: ReadPrec AuthenticateOidcActionConfig
readList :: ReadS [AuthenticateOidcActionConfig]
$creadList :: ReadS [AuthenticateOidcActionConfig]
readsPrec :: Int -> ReadS AuthenticateOidcActionConfig
$creadsPrec :: Int -> ReadS AuthenticateOidcActionConfig
Prelude.Read, Int -> AuthenticateOidcActionConfig -> ShowS
[AuthenticateOidcActionConfig] -> ShowS
AuthenticateOidcActionConfig -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [AuthenticateOidcActionConfig] -> ShowS
$cshowList :: [AuthenticateOidcActionConfig] -> ShowS
show :: AuthenticateOidcActionConfig -> String
$cshow :: AuthenticateOidcActionConfig -> String
showsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS
$cshowsPrec :: Int -> AuthenticateOidcActionConfig -> ShowS
Prelude.Show, forall x.
Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig
forall x.
AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x.
Rep AuthenticateOidcActionConfig x -> AuthenticateOidcActionConfig
$cfrom :: forall x.
AuthenticateOidcActionConfig -> Rep AuthenticateOidcActionConfig x
Prelude.Generic)

-- |
-- Create a value of 'AuthenticateOidcActionConfig' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'authenticationRequestExtraParams', 'authenticateOidcActionConfig_authenticationRequestExtraParams' - The query parameters (up to 10) to include in the redirect request to
-- the authorization endpoint.
--
-- 'clientSecret', 'authenticateOidcActionConfig_clientSecret' - The OAuth 2.0 client secret. This parameter is required if you are
-- creating a rule. If you are modifying a rule, you can omit this
-- parameter if you set @UseExistingClientSecret@ to true.
--
-- 'onUnauthenticatedRequest', 'authenticateOidcActionConfig_onUnauthenticatedRequest' - The behavior if the user is not authenticated. The following are
-- possible values:
--
-- -   deny - Return an HTTP 401 Unauthorized error.
--
-- -   allow - Allow the request to be forwarded to the target.
--
-- -   authenticate - Redirect the request to the IdP authorization
--     endpoint. This is the default value.
--
-- 'scope', 'authenticateOidcActionConfig_scope' - The set of user claims to be requested from the IdP. The default is
-- @openid@.
--
-- To verify which scope values your IdP supports and how to separate
-- multiple values, see the documentation for your IdP.
--
-- 'sessionCookieName', 'authenticateOidcActionConfig_sessionCookieName' - The name of the cookie used to maintain session information. The default
-- is AWSELBAuthSessionCookie.
--
-- 'sessionTimeout', 'authenticateOidcActionConfig_sessionTimeout' - The maximum duration of the authentication session, in seconds. The
-- default is 604800 seconds (7 days).
--
-- 'useExistingClientSecret', 'authenticateOidcActionConfig_useExistingClientSecret' - Indicates whether to use the existing client secret when modifying a
-- rule. If you are creating a rule, you can omit this parameter or set it
-- to false.
--
-- 'issuer', 'authenticateOidcActionConfig_issuer' - The OIDC issuer identifier of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
--
-- 'authorizationEndpoint', 'authenticateOidcActionConfig_authorizationEndpoint' - The authorization endpoint of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
--
-- 'tokenEndpoint', 'authenticateOidcActionConfig_tokenEndpoint' - The token endpoint of the IdP. This must be a full URL, including the
-- HTTPS protocol, the domain, and the path.
--
-- 'userInfoEndpoint', 'authenticateOidcActionConfig_userInfoEndpoint' - The user info endpoint of the IdP. This must be a full URL, including
-- the HTTPS protocol, the domain, and the path.
--
-- 'clientId', 'authenticateOidcActionConfig_clientId' - The OAuth 2.0 client identifier.
newAuthenticateOidcActionConfig ::
  -- | 'issuer'
  Prelude.Text ->
  -- | 'authorizationEndpoint'
  Prelude.Text ->
  -- | 'tokenEndpoint'
  Prelude.Text ->
  -- | 'userInfoEndpoint'
  Prelude.Text ->
  -- | 'clientId'
  Prelude.Text ->
  AuthenticateOidcActionConfig
newAuthenticateOidcActionConfig :: Text
-> Text -> Text -> Text -> Text -> AuthenticateOidcActionConfig
newAuthenticateOidcActionConfig
  Text
pIssuer_
  Text
pAuthorizationEndpoint_
  Text
pTokenEndpoint_
  Text
pUserInfoEndpoint_
  Text
pClientId_ =
    AuthenticateOidcActionConfig'
      { $sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: Maybe (HashMap Text Text)
authenticationRequestExtraParams =
          forall a. Maybe a
Prelude.Nothing,
        $sel:clientSecret:AuthenticateOidcActionConfig' :: Maybe Text
clientSecret = forall a. Maybe a
Prelude.Nothing,
        $sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest = forall a. Maybe a
Prelude.Nothing,
        $sel:scope:AuthenticateOidcActionConfig' :: Maybe Text
scope = forall a. Maybe a
Prelude.Nothing,
        $sel:sessionCookieName:AuthenticateOidcActionConfig' :: Maybe Text
sessionCookieName = forall a. Maybe a
Prelude.Nothing,
        $sel:sessionTimeout:AuthenticateOidcActionConfig' :: Maybe Integer
sessionTimeout = forall a. Maybe a
Prelude.Nothing,
        $sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: Maybe Bool
useExistingClientSecret = forall a. Maybe a
Prelude.Nothing,
        $sel:issuer:AuthenticateOidcActionConfig' :: Text
issuer = Text
pIssuer_,
        $sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: Text
authorizationEndpoint =
          Text
pAuthorizationEndpoint_,
        $sel:tokenEndpoint:AuthenticateOidcActionConfig' :: Text
tokenEndpoint = Text
pTokenEndpoint_,
        $sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: Text
userInfoEndpoint = Text
pUserInfoEndpoint_,
        $sel:clientId:AuthenticateOidcActionConfig' :: Text
clientId = Text
pClientId_
      }

-- | The query parameters (up to 10) to include in the redirect request to
-- the authorization endpoint.
authenticateOidcActionConfig_authenticationRequestExtraParams :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))
authenticateOidcActionConfig_authenticationRequestExtraParams :: Lens' AuthenticateOidcActionConfig (Maybe (HashMap Text Text))
authenticateOidcActionConfig_authenticationRequestExtraParams = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe (HashMap Text Text)
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
authenticationRequestExtraParams} -> Maybe (HashMap Text Text)
authenticationRequestExtraParams) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe (HashMap Text Text)
a -> AuthenticateOidcActionConfig
s {$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: Maybe (HashMap Text Text)
authenticationRequestExtraParams = Maybe (HashMap Text Text)
a} :: AuthenticateOidcActionConfig) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The OAuth 2.0 client secret. This parameter is required if you are
-- creating a rule. If you are modifying a rule, you can omit this
-- parameter if you set @UseExistingClientSecret@ to true.
authenticateOidcActionConfig_clientSecret :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_clientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Text)
authenticateOidcActionConfig_clientSecret = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
clientSecret :: Maybe Text
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
clientSecret} -> Maybe Text
clientSecret) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:clientSecret:AuthenticateOidcActionConfig' :: Maybe Text
clientSecret = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | The behavior if the user is not authenticated. The following are
-- possible values:
--
-- -   deny - Return an HTTP 401 Unauthorized error.
--
-- -   allow - Allow the request to be forwarded to the target.
--
-- -   authenticate - Redirect the request to the IdP authorization
--     endpoint. This is the default value.
authenticateOidcActionConfig_onUnauthenticatedRequest :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe AuthenticateOidcActionConditionalBehaviorEnum)
authenticateOidcActionConfig_onUnauthenticatedRequest :: Lens'
  AuthenticateOidcActionConfig
  (Maybe AuthenticateOidcActionConditionalBehaviorEnum)
authenticateOidcActionConfig_onUnauthenticatedRequest = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest} -> Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe AuthenticateOidcActionConditionalBehaviorEnum
a -> AuthenticateOidcActionConfig
s {$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest = Maybe AuthenticateOidcActionConditionalBehaviorEnum
a} :: AuthenticateOidcActionConfig)

-- | The set of user claims to be requested from the IdP. The default is
-- @openid@.
--
-- To verify which scope values your IdP supports and how to separate
-- multiple values, see the documentation for your IdP.
authenticateOidcActionConfig_scope :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_scope :: Lens' AuthenticateOidcActionConfig (Maybe Text)
authenticateOidcActionConfig_scope = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
scope :: Maybe Text
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
scope} -> Maybe Text
scope) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:scope:AuthenticateOidcActionConfig' :: Maybe Text
scope = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | The name of the cookie used to maintain session information. The default
-- is AWSELBAuthSessionCookie.
authenticateOidcActionConfig_sessionCookieName :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Text)
authenticateOidcActionConfig_sessionCookieName :: Lens' AuthenticateOidcActionConfig (Maybe Text)
authenticateOidcActionConfig_sessionCookieName = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Text
sessionCookieName :: Maybe Text
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
sessionCookieName} -> Maybe Text
sessionCookieName) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Text
a -> AuthenticateOidcActionConfig
s {$sel:sessionCookieName:AuthenticateOidcActionConfig' :: Maybe Text
sessionCookieName = Maybe Text
a} :: AuthenticateOidcActionConfig)

-- | The maximum duration of the authentication session, in seconds. The
-- default is 604800 seconds (7 days).
authenticateOidcActionConfig_sessionTimeout :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Integer)
authenticateOidcActionConfig_sessionTimeout :: Lens' AuthenticateOidcActionConfig (Maybe Integer)
authenticateOidcActionConfig_sessionTimeout = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Integer
sessionTimeout :: Maybe Integer
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
sessionTimeout} -> Maybe Integer
sessionTimeout) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Integer
a -> AuthenticateOidcActionConfig
s {$sel:sessionTimeout:AuthenticateOidcActionConfig' :: Maybe Integer
sessionTimeout = Maybe Integer
a} :: AuthenticateOidcActionConfig)

-- | Indicates whether to use the existing client secret when modifying a
-- rule. If you are creating a rule, you can omit this parameter or set it
-- to false.
authenticateOidcActionConfig_useExistingClientSecret :: Lens.Lens' AuthenticateOidcActionConfig (Prelude.Maybe Prelude.Bool)
authenticateOidcActionConfig_useExistingClientSecret :: Lens' AuthenticateOidcActionConfig (Maybe Bool)
authenticateOidcActionConfig_useExistingClientSecret = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Maybe Bool
useExistingClientSecret :: Maybe Bool
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
useExistingClientSecret} -> Maybe Bool
useExistingClientSecret) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Maybe Bool
a -> AuthenticateOidcActionConfig
s {$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: Maybe Bool
useExistingClientSecret = Maybe Bool
a} :: AuthenticateOidcActionConfig)

-- | The OIDC issuer identifier of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_issuer :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_issuer :: Lens' AuthenticateOidcActionConfig Text
authenticateOidcActionConfig_issuer = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
issuer :: Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
issuer} -> Text
issuer) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:issuer:AuthenticateOidcActionConfig' :: Text
issuer = Text
a} :: AuthenticateOidcActionConfig)

-- | The authorization endpoint of the IdP. This must be a full URL,
-- including the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_authorizationEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_authorizationEndpoint :: Lens' AuthenticateOidcActionConfig Text
authenticateOidcActionConfig_authorizationEndpoint = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
authorizationEndpoint :: Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
authorizationEndpoint} -> Text
authorizationEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: Text
authorizationEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The token endpoint of the IdP. This must be a full URL, including the
-- HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_tokenEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_tokenEndpoint :: Lens' AuthenticateOidcActionConfig Text
authenticateOidcActionConfig_tokenEndpoint = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
tokenEndpoint :: Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
tokenEndpoint} -> Text
tokenEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: Text
tokenEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The user info endpoint of the IdP. This must be a full URL, including
-- the HTTPS protocol, the domain, and the path.
authenticateOidcActionConfig_userInfoEndpoint :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_userInfoEndpoint :: Lens' AuthenticateOidcActionConfig Text
authenticateOidcActionConfig_userInfoEndpoint = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
userInfoEndpoint :: Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
userInfoEndpoint} -> Text
userInfoEndpoint) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: Text
userInfoEndpoint = Text
a} :: AuthenticateOidcActionConfig)

-- | The OAuth 2.0 client identifier.
authenticateOidcActionConfig_clientId :: Lens.Lens' AuthenticateOidcActionConfig Prelude.Text
authenticateOidcActionConfig_clientId :: Lens' AuthenticateOidcActionConfig Text
authenticateOidcActionConfig_clientId = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\AuthenticateOidcActionConfig' {Text
clientId :: Text
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
clientId} -> Text
clientId) (\s :: AuthenticateOidcActionConfig
s@AuthenticateOidcActionConfig' {} Text
a -> AuthenticateOidcActionConfig
s {$sel:clientId:AuthenticateOidcActionConfig' :: Text
clientId = Text
a} :: AuthenticateOidcActionConfig)

instance Data.FromXML AuthenticateOidcActionConfig where
  parseXML :: [Node] -> Either String AuthenticateOidcActionConfig
parseXML [Node]
x =
    Maybe (HashMap Text Text)
-> Maybe Text
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
-> Maybe Text
-> Maybe Text
-> Maybe Integer
-> Maybe Bool
-> Text
-> Text
-> Text
-> Text
-> Text
-> AuthenticateOidcActionConfig
AuthenticateOidcActionConfig'
      forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> ( [Node]
x
                      forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"AuthenticationRequestExtraParams"
                      forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a
Core..!@ forall a. Monoid a => a
Prelude.mempty
                      forall (m :: * -> *) a b. Monad m => m a -> (a -> m b) -> m b
Prelude.>>= forall (f :: * -> *) a b.
Applicative f =>
([a] -> f b) -> [a] -> f (Maybe b)
Core.may (forall k v.
(Eq k, Hashable k, FromText k, FromXML v) =>
Text -> Text -> Text -> [Node] -> Either String (HashMap k v)
Data.parseXMLMap Text
"entry" Text
"key" Text
"value")
                  )
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"ClientSecret")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"OnUnauthenticatedRequest")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"Scope")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"SessionCookieName")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"SessionTimeout")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String (Maybe a)
Data..@? Text
"UseExistingClientSecret")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"Issuer")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"AuthorizationEndpoint")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"TokenEndpoint")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"UserInfoEndpoint")
      forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> ([Node]
x forall a. FromXML a => [Node] -> Text -> Either String a
Data..@ Text
"ClientId")

instance
  Prelude.Hashable
    AuthenticateOidcActionConfig
  where
  hashWithSalt :: Int -> AuthenticateOidcActionConfig -> Int
hashWithSalt Int
_salt AuthenticateOidcActionConfig' {Maybe Bool
Maybe Integer
Maybe Text
Maybe (HashMap Text Text)
Maybe AuthenticateOidcActionConditionalBehaviorEnum
Text
clientId :: Text
userInfoEndpoint :: Text
tokenEndpoint :: Text
authorizationEndpoint :: Text
issuer :: Text
useExistingClientSecret :: Maybe Bool
sessionTimeout :: Maybe Integer
sessionCookieName :: Maybe Text
scope :: Maybe Text
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
clientSecret :: Maybe Text
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (HashMap Text Text)
authenticationRequestExtraParams
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
clientSecret
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
scope
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Text
sessionCookieName
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Integer
sessionTimeout
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe Bool
useExistingClientSecret
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
issuer
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
authorizationEndpoint
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
tokenEndpoint
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
userInfoEndpoint
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Text
clientId

instance Prelude.NFData AuthenticateOidcActionConfig where
  rnf :: AuthenticateOidcActionConfig -> ()
rnf AuthenticateOidcActionConfig' {Maybe Bool
Maybe Integer
Maybe Text
Maybe (HashMap Text Text)
Maybe AuthenticateOidcActionConditionalBehaviorEnum
Text
clientId :: Text
userInfoEndpoint :: Text
tokenEndpoint :: Text
authorizationEndpoint :: Text
issuer :: Text
useExistingClientSecret :: Maybe Bool
sessionTimeout :: Maybe Integer
sessionCookieName :: Maybe Text
scope :: Maybe Text
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
clientSecret :: Maybe Text
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe (HashMap Text Text)
authenticationRequestExtraParams
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
clientSecret
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
scope
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Text
sessionCookieName
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Integer
sessionTimeout
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe Bool
useExistingClientSecret
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
issuer
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
authorizationEndpoint
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
tokenEndpoint
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
userInfoEndpoint
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Text
clientId

instance Data.ToQuery AuthenticateOidcActionConfig where
  toQuery :: AuthenticateOidcActionConfig -> QueryString
toQuery AuthenticateOidcActionConfig' {Maybe Bool
Maybe Integer
Maybe Text
Maybe (HashMap Text Text)
Maybe AuthenticateOidcActionConditionalBehaviorEnum
Text
clientId :: Text
userInfoEndpoint :: Text
tokenEndpoint :: Text
authorizationEndpoint :: Text
issuer :: Text
useExistingClientSecret :: Maybe Bool
sessionTimeout :: Maybe Integer
sessionCookieName :: Maybe Text
scope :: Maybe Text
onUnauthenticatedRequest :: Maybe AuthenticateOidcActionConditionalBehaviorEnum
clientSecret :: Maybe Text
authenticationRequestExtraParams :: Maybe (HashMap Text Text)
$sel:clientId:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:userInfoEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:tokenEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:authorizationEndpoint:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:issuer:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Text
$sel:useExistingClientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Bool
$sel:sessionTimeout:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Integer
$sel:sessionCookieName:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:scope:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:onUnauthenticatedRequest:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig
-> Maybe AuthenticateOidcActionConditionalBehaviorEnum
$sel:clientSecret:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe Text
$sel:authenticationRequestExtraParams:AuthenticateOidcActionConfig' :: AuthenticateOidcActionConfig -> Maybe (HashMap Text Text)
..} =
    forall a. Monoid a => [a] -> a
Prelude.mconcat
      [ ByteString
"AuthenticationRequestExtraParams"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: forall a. ToQuery a => a -> QueryString
Data.toQuery
            ( forall k v.
(ToQuery k, ToQuery v) =>
ByteString
-> ByteString -> ByteString -> HashMap k v -> QueryString
Data.toQueryMap ByteString
"entry" ByteString
"key" ByteString
"value"
                forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (HashMap Text Text)
authenticationRequestExtraParams
            ),
        ByteString
"ClientSecret" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Text
clientSecret,
        ByteString
"OnUnauthenticatedRequest"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe AuthenticateOidcActionConditionalBehaviorEnum
onUnauthenticatedRequest,
        ByteString
"Scope" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Text
scope,
        ByteString
"SessionCookieName" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Text
sessionCookieName,
        ByteString
"SessionTimeout" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Integer
sessionTimeout,
        ByteString
"UseExistingClientSecret"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Maybe Bool
useExistingClientSecret,
        ByteString
"Issuer" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
issuer,
        ByteString
"AuthorizationEndpoint"
          forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
authorizationEndpoint,
        ByteString
"TokenEndpoint" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
tokenEndpoint,
        ByteString
"UserInfoEndpoint" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
userInfoEndpoint,
        ByteString
"ClientId" forall a. ToQuery a => ByteString -> a -> QueryString
Data.=: Text
clientId
      ]