Class OidcIdentityProviderConfigRequest
- All Implemented Interfaces:
Serializable
,SdkPojo
,ToCopyableBuilder<OidcIdentityProviderConfigRequest.Builder,
OidcIdentityProviderConfigRequest>
An object representing an OpenID Connect (OIDC) configuration. Before associating an OIDC identity provider to your cluster, review the considerations in Authenticating users for your cluster from an OIDC identity provider in the Amazon EKS User Guide.
- See Also:
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionbuilder()
final String
clientId()
This is also known as audience.final boolean
final boolean
equalsBySdkFields
(Object obj) Indicates whether some other object is "equal to" this one by SDK fields.final <T> Optional
<T> getValueForField
(String fieldName, Class<T> clazz) final String
The JWT claim that the provider uses to return your groups.final String
The prefix that is prepended to group claims to prevent clashes with existing names (such assystem:
groups).final int
hashCode()
final boolean
For responses, this returns true if the service returned a value for the RequiredClaims property.final String
The name of the OIDC provider configuration.final String
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens.The key value pairs that describe required claims in the identity token.static Class
<? extends OidcIdentityProviderConfigRequest.Builder> Take this object and create a builder that contains all of the current property values of this object.final String
toString()
Returns a string representation of this object.final String
The JSON Web Token (JWT) claim to use as the username.final String
The prefix that is prepended to username claims to prevent clashes with existing names.Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder
copy
-
Method Details
-
identityProviderConfigName
The name of the OIDC provider configuration.
- Returns:
- The name of the OIDC provider configuration.
-
issuerUrl
The URL of the OIDC identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with
https://
and should correspond to theiss
claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, likehttps://server.example.org
orhttps://example.com
. This URL should point to the level below.well-known/openid-configuration
and must be publicly accessible over the internet.- Returns:
- The URL of the OIDC identity provider that allows the API server to discover public signing keys for
verifying tokens. The URL must begin with
https://
and should correspond to theiss
claim in the provider's OIDC ID tokens. Based on the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, likehttps://server.example.org
orhttps://example.com
. This URL should point to the level below.well-known/openid-configuration
and must be publicly accessible over the internet.
-
clientId
This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.
- Returns:
- This is also known as audience. The ID for the client application that makes authentication requests to the OIDC identity provider.
-
usernameClaim
The JSON Web Token (JWT) claim to use as the username. The default is
sub
, which is expected to be a unique identifier of the end user. You can choose other claims, such asemail
orname
, depending on the OIDC identity provider. Claims other thanemail
are prefixed with the issuer URL to prevent naming clashes with other plug-ins.- Returns:
- The JSON Web Token (JWT) claim to use as the username. The default is
sub
, which is expected to be a unique identifier of the end user. You can choose other claims, such asemail
orname
, depending on the OIDC identity provider. Claims other thanemail
are prefixed with the issuer URL to prevent naming clashes with other plug-ins.
-
usernamePrefix
The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and
username
is a value other thanemail
, the prefix defaults toissuerurl#
. You can use the value-
to disable all prefixing.- Returns:
- The prefix that is prepended to username claims to prevent clashes with existing names. If you do not
provide this field, and
username
is a value other thanemail
, the prefix defaults toissuerurl#
. You can use the value-
to disable all prefixing.
-
groupsClaim
The JWT claim that the provider uses to return your groups.
- Returns:
- The JWT claim that the provider uses to return your groups.
-
groupsPrefix
The prefix that is prepended to group claims to prevent clashes with existing names (such as
system:
groups). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
.- Returns:
- The prefix that is prepended to group claims to prevent clashes with existing names (such as
system:
groups). For example, the valueoidc:
will create group names likeoidc:engineering
andoidc:infra
.
-
hasRequiredClaims
public final boolean hasRequiredClaims()For responses, this returns true if the service returned a value for the RequiredClaims property. This DOES NOT check that the value is non-empty (for which, you should check theisEmpty()
method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified. -
requiredClaims
The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.
Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.
This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the
hasRequiredClaims()
method.- Returns:
- The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas in the Amazon EKS User Guide.
-
toBuilder
Description copied from interface:ToCopyableBuilder
Take this object and create a builder that contains all of the current property values of this object.- Specified by:
toBuilder
in interfaceToCopyableBuilder<OidcIdentityProviderConfigRequest.Builder,
OidcIdentityProviderConfigRequest> - Returns:
- a builder for type T
-
builder
-
serializableBuilderClass
-
hashCode
public final int hashCode() -
equals
-
equalsBySdkFields
Description copied from interface:SdkPojo
Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in anSdkPojo
class, and is generated based on a service model.If an
SdkPojo
class does not have any inherited fields,equalsBySdkFields
andequals
are essentially the same.- Specified by:
equalsBySdkFields
in interfaceSdkPojo
- Parameters:
obj
- the object to be compared with- Returns:
- true if the other object equals to this object by sdk fields, false otherwise.
-
toString
Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value. -
getValueForField
-
sdkFields
-