Configuration
Contains configuration information used when creating a new identity source.
This data type is used as a request parameter for the CreateIdentitySource operation.
Contents
Note
In the following list, the required parameters are described first.
Important
This data type is a UNION, so only one of the following members can be specified when used or returned.
- cognitoUserPoolConfiguration
-
Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs.
Example:
"configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds": ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType": "MyCorp::Group"}}}Type: CognitoUserPoolConfiguration object
Required: No
- openIdConnectConfiguration
-
Contains configuration details of an OpenID Connect (OIDC) identity provider, or identity source, that Verified Permissions can use to generate entities from authenticated identities. It specifies the issuer URL, token type that you want to use, and policy store entity details.
Example:
"configuration":{"openIdConnectConfiguration":{"issuer":"https://auth.example.com","tokenSelection":{"accessTokenOnly":{"audiences":["https://myapp.example.com","https://myapp2.example.com"],"principalIdClaim":"sub"}},"entityIdPrefix":"MyOIDCProvider","groupConfiguration":{"groupClaim":"groups","groupEntityType":"MyCorp::UserGroup"}}}Type: OpenIdConnectConfiguration object
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: