Documentation

An object representing the configuration for an OpenID Connect (OIDC) identity provider.

See: newOidcIdentityProviderConfig smart constructor.

Create a value of OidcIdentityProviderConfig with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:clientId:OidcIdentityProviderConfig', oidcIdentityProviderConfig_clientId - This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

$sel:clusterName:OidcIdentityProviderConfig', oidcIdentityProviderConfig_clusterName - The cluster that the configuration is associated to.

$sel:groupsClaim:OidcIdentityProviderConfig', oidcIdentityProviderConfig_groupsClaim - The JSON web token (JWT) claim that the provider uses to return your groups.

$sel:groupsPrefix:OidcIdentityProviderConfig', oidcIdentityProviderConfig_groupsPrefix - The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

$sel:identityProviderConfigArn:OidcIdentityProviderConfig', oidcIdentityProviderConfig_identityProviderConfigArn - The ARN of the configuration.

$sel:identityProviderConfigName:OidcIdentityProviderConfig', oidcIdentityProviderConfig_identityProviderConfigName - The name of the configuration.

$sel:issuerUrl:OidcIdentityProviderConfig', oidcIdentityProviderConfig_issuerUrl - The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

$sel:requiredClaims:OidcIdentityProviderConfig', oidcIdentityProviderConfig_requiredClaims - The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

$sel:status:OidcIdentityProviderConfig', oidcIdentityProviderConfig_status - The status of the OIDC identity provider.

$sel:tags:OidcIdentityProviderConfig', oidcIdentityProviderConfig_tags - The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.

$sel:usernameClaim:OidcIdentityProviderConfig', oidcIdentityProviderConfig_usernameClaim - The JSON Web token (JWT) claim that is used as the username.

$sel:usernamePrefix:OidcIdentityProviderConfig', oidcIdentityProviderConfig_usernamePrefix - The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system:

This is also known as audience. The ID of the client application that makes authentication requests to the OIDC identity provider.

The cluster that the configuration is associated to.

The JSON web token (JWT) claim that the provider uses to return your groups.

The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the value oidc: creates group names like oidc:engineering and oidc:infra. The prefix can't contain system:

The ARN of the configuration.

The name of the configuration.

The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.

The key-value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value.

The status of the OIDC identity provider.

The metadata to apply to the provider configuration to assist with categorization and organization. Each tag consists of a key and an optional value. You define both.

The JSON Web token (JWT) claim that is used as the username.

The prefix that is prepended to username claims to prevent clashes with existing names. The prefix can't contain system: