AWS::VerifiedPermissions::IdentitySource OpenIdConnectIdentityTokenConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::VerifiedPermissions::IdentitySource OpenIdConnectIdentityTokenConfiguration

The configuration of an OpenID Connect (OIDC) identity source for handling identity (ID) token claims. Contains the claim that you want to identify as the principal in an authorization request, and the values of the aud claim, or audiences, that you want to accept.

This data type is part of a OpenIdConnectTokenSelection structure, which is a parameter of CreateIdentitySource.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "ClientIds" : [ String, ... ],
  "PrincipalIdClaim" : String
}

YAML

  ClientIds: 
    - String
  PrincipalIdClaim: String

Properties

ClientIds

The ID token audience, or client ID, claim values that you want to accept in your policy store from an OIDC identity provider. For example, 1example23456789, 2example10111213.

Required: No

Type: Array of String

Minimum: 1 | 0

Maximum: 255 | 1000

Update requires: No interruption

PrincipalIdClaim

The claim that determines the principal in OIDC access tokens. For example, sub.

Required: No

Type: String

Minimum: 1

Update requires: No interruption