IdentityProvider

The IdentityProvider resource lets you manage AWS WorkSpacesWeb IdentityProviders for user authentication in your applications.

Minimal Example

Create a basic IdentityProvider with required properties and a common optional property.

import AWS from "alchemy/aws/control";

const identityProvider = await AWS.WorkSpacesWeb.IdentityProvider("myIdentityProvider", {
  IdentityProviderDetails: {
    issuer: "https://my-issuer.com",
    authorizationEndpoint: "https://my-issuer.com/oauth2/authorize",
    tokenEndpoint: "https://my-issuer.com/oauth2/token",
    userInfoEndpoint: "https://my-issuer.com/oauth2/userinfo"
  },
  IdentityProviderName: "MyIdentityProvider",
  IdentityProviderType: "OIDC",
  PortalArn: "arn:aws:workspaces-web:us-east-1:123456789012:portal/myPortal"
});

Advanced Configuration

Configure an IdentityProvider with tags for better resource management.

const advancedIdentityProvider = await AWS.WorkSpacesWeb.IdentityProvider("advancedIdentityProvider", {
  IdentityProviderDetails: {
    issuer: "https://advanced-issuer.com",
    authorizationEndpoint: "https://advanced-issuer.com/oauth2/authorize",
    tokenEndpoint: "https://advanced-issuer.com/oauth2/token",
    userInfoEndpoint: "https://advanced-issuer.com/oauth2/userinfo"
  },
  IdentityProviderName: "AdvancedIdentityProvider",
  IdentityProviderType: "OIDC",
  PortalArn: "arn:aws:workspaces-web:us-east-1:123456789012:portal/myAdvancedPortal",
  Tags: [
    { Key: "Environment", Value: "Production" },
    { Key: "Team", Value: "Development" }
  ]
});

Setting Up a SAML Identity Provider

Here’s how to set up an IdentityProvider using SAML for authentication.

const samlIdentityProvider = await AWS.WorkSpacesWeb.IdentityProvider("samlIdentityProvider", {
  IdentityProviderDetails: {
    issuer: "https://my-saml-issuer.com",
    authorizationEndpoint: "https://my-saml-issuer.com/saml/authorize",
    tokenEndpoint: "https://my-saml-issuer.com/saml/token",
    userInfoEndpoint: "https://my-saml-issuer.com/saml/userinfo"
  },
  IdentityProviderName: "SAMLIdentityProvider",
  IdentityProviderType: "SAML",
  PortalArn: "arn:aws:workspaces-web:us-east-1:123456789012:portal/mySamlPortal"
});

Customizing Provider Details

This example demonstrates how to customize the details for an IdentityProvider, including additional claims.

const customIdentityProvider = await AWS.WorkSpacesWeb.IdentityProvider("customIdentityProvider", {
  IdentityProviderDetails: {
    issuer: "https://custom-issuer.com",
    authorizationEndpoint: "https://custom-issuer.com/oauth2/authorize",
    tokenEndpoint: "https://custom-issuer.com/oauth2/token",
    userInfoEndpoint: "https://custom-issuer.com/oauth2/userinfo",
    additionalClaims: {
      email: true,
      name: true
    }
  },
  IdentityProviderName: "CustomIdentityProvider",
  IdentityProviderType: "OIDC",
  Tags: [
    { Key: "UseCase", Value: "CustomAuthentication" }
  ]
});