CustomJwtAuthorizer

class aws_cdk.aws_bedrockagentcore.CustomJwtAuthorizer(*, discovery_url, allowed_audience=None, allowed_clients=None, allowed_scopes=None, custom_claims=None)

Bases: object

Custom JWT authorizer configuration implementation.

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_bedrockagentcore as bedrockagentcore

# gateway_custom_claim: bedrockagentcore.GatewayCustomClaim

custom_jwt_authorizer = bedrockagentcore.CustomJwtAuthorizer(
    discovery_url="discoveryUrl",

    # the properties below are optional
    allowed_audience=["allowedAudience"],
    allowed_clients=["allowedClients"],
    allowed_scopes=["allowedScopes"],
    custom_claims=[gateway_custom_claim]
)

Parameters:

• discovery_url (str) – This URL is used to fetch OpenID Connect configuration or authorization server metadata for validating incoming tokens. Pattern: .+/.well-known/openid-configuration Required: Yes

• allowed_audience (Optional[Sequence[str]]) – Represents individual audience values that are validated in the incoming JWT token validation process. Default: - No audience validation

• allowed_clients (Optional[Sequence[str]]) – Represents individual client IDs that are validated in the incoming JWT token validation process. Default: - No client ID validation

• allowed_scopes (Optional[Sequence[str]]) – Represents individual scopes that are validated in the incoming JWT token validation process. Default: - No scope validation

• custom_claims (Optional[Sequence[GatewayCustomClaim]]) – Custom claims for additional JWT token validation. Allows you to validate additional fields in JWT tokens beyond the standard audience, client, and scope validations. Default: - No custom claim validation

Attributes

authorizer_type

The authorizer type.