class Aws::IAM::Types::CreateOpenIDConnectProviderRequest

@note When making an API call, you may pass CreateOpenIDConnectProviderRequest

data as a hash:

    {
      url: "OpenIDConnectProviderUrlType", # required
      client_id_list: ["clientIDType"],
      thumbprint_list: ["thumbprintType"], # required
      tags: [
        {
          key: "tagKeyType", # required
          value: "tagValueType", # required
        },
      ],
    }

@!attribute [rw] url

The URL of the identity provider. The URL must begin with `https://`
and should correspond to the `iss` claim in the provider's OpenID
Connect ID tokens. Per the OIDC standard, path components are
allowed but query parameters are not. Typically the URL consists of
only a hostname, like `https://server.example.org` or
`https://example.com`.

You cannot register the same provider multiple times in a single
account. If you try to submit a URL that has already been used for
an OpenID Connect provider in the account, you will get an error.
@return [String]

@!attribute [rw] client_id_list

A list of client IDs (also known as audiences). When a mobile or web
app registers with an OpenID Connect provider, they establish a
value that identifies the application. (This is the value that's
sent as the `client_id` parameter on OAuth requests.)

You can register multiple client IDs with the same provider. For
example, you might have multiple applications that use the same OIDC
provider. You cannot register more than 100 client IDs with a single
IAM OIDC provider.

There is no defined format for a client ID. The
`CreateOpenIDConnectProviderRequest` operation accepts client IDs up
to 255 characters long.
@return [Array<String>]

@!attribute [rw] thumbprint_list

A list of server certificate thumbprints for the OpenID Connect
(OIDC) identity provider's server certificates. Typically this list
includes only one entry. However, IAM lets you have up to five
thumbprints for an OIDC provider. This lets you maintain multiple
thumbprints if the identity provider is rotating certificates.

The server certificate thumbprint is the hex-encoded SHA-1 hash
value of the X.509 certificate used by the domain where the OpenID
Connect provider makes its keys available. It is always a
40-character string.

You must provide at least one thumbprint when creating an IAM OIDC
provider. For example, assume that the OIDC provider is
`server.example.com` and the provider stores its keys at
https://keys.server.example.com/openid-connect. In that case, the
thumbprint string would be the hex-encoded SHA-1 hash value of the
certificate used by https://keys.server.example.com.

For more information about obtaining the OIDC provider's
thumbprint, see [Obtaining the thumbprint for an OpenID Connect
provider][1] in the *IAM User Guide*.

[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/identity-providers-oidc-obtain-thumbprint.html
@return [Array<String>]

@!attribute [rw] tags

A list of tags that you want to attach to the new IAM OpenID Connect
(OIDC) provider. Each tag consists of a key name and an associated
value. For more information about tagging, see [Tagging IAM
resources][1] in the *IAM User Guide*.

<note markdown="1"> If any one of the tags is invalid or if you exceed the allowed
maximum number of tags, then the entire request fails and the
resource is not created.

 </note>

[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html
@return [Array<Types::Tag>]

@see docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08/CreateOpenIDConnectProviderRequest AWS API Documentation

Constants

SENSITIVE