CustomJwtConfiguration

class aws_cdk.aws_bedrock_agentcore_alpha.CustomJwtConfiguration(*, discovery_url, allowed_audience=None, allowed_clients=None, allowed_scopes=None, custom_claims=None)

Bases: object

(experimental) Custom JWT authorizer configuration.

Parameters:

  • discovery_url (str) – (experimental) This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens. Pattern: .+/.well-known/openid-configuration Required: Yes

  • allowed_audience (Optional[Sequence[str]]) – (experimental) Represents individual audience values that are validated in the incoming JWT token validation process. Default: - No audience validation

  • allowed_clients (Optional[Sequence[str]]) – (experimental) Represents individual client IDs that are validated in the incoming JWT token validation process. Default: - No client ID validation

  • allowed_scopes (Optional[Sequence[str]]) – (experimental) Represents individual scopes that are validated in the incoming JWT token validation process. Default: - No scope validation

  • custom_claims (Optional[Sequence[GatewayCustomClaim]]) – (experimental) Custom claims for additional JWT token validation. Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations. Default: - No custom claim validation

Stability:

experimental

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_bedrock_agentcore_alpha as bedrock_agentcore_alpha

# gateway_custom_claim: bedrock_agentcore_alpha.GatewayCustomClaim

custom_jwt_configuration = bedrock_agentcore_alpha.CustomJwtConfiguration(
    discovery_url="discoveryUrl",

    # the properties below are optional
    allowed_audience=["allowedAudience"],
    allowed_clients=["allowedClients"],
    allowed_scopes=["allowedScopes"],
    custom_claims=[gateway_custom_claim]
)

Attributes

allowed_audience

(experimental) Represents individual audience values that are validated in the incoming JWT token validation process.

Default:

  • No audience validation

Stability:

experimental

allowed_clients

(experimental) Represents individual client IDs that are validated in the incoming JWT token validation process.

Default:

  • No client ID validation

Stability:

experimental

allowed_scopes

(experimental) Represents individual scopes that are validated in the incoming JWT token validation process.

Default:

  • No scope validation

Stability:

experimental

custom_claims

(experimental) Custom claims for additional JWT token validation.

Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations.

Default:

  • No custom claim validation

Stability:

experimental

discovery_url

(experimental) This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens.

Pattern: .+/.well-known/openid-configuration Required: Yes

Stability:

experimental