Page tree
Skip to end of metadata
Go to start of metadata

This page lists Client Configuration parameters used when SSO Server acts as OAuth 2.0 or OpenID Connect provider

NameDescription

OAuth 2.0 parameters

redirect_urisList of allowed redirect_uri values for client
token_endpoint_auth_methodControls Client Authentication method for client
grant_typesList of allowed grant types for client. If not specified then authorization_code, password and refresh_token are allowed
response_types

List of allowed response types for client

Only code is currently implemented

client_name

Human readable name of client. 

See Login user interface customization - SSO

logo_uri

Uri that references a logo for the client

See Login user interface customization - SSO

scope

List of allowed attribute scope values for client.

If not specified then all scope values are allowed

When also aud parameter is specified, then the values in scope parameter can only be used as attribute scopes in Authorization Policy rules.

When aud parameter is not specified, then the values in scope parameter are used as attribute scopes in Authorization Policy rules and specify which client_id values are allowed as audience for the access token.

aud

List of allowed client_id values to be used as scope values for authentication and token requests specifying which clients are allowed as audience for the access token.

If not specified, then the scope parameter is used instead.

jwks

Public keys of client as a JSON Web Key Set

client_id

Unique client identifier

Configuration response only

client_secret

Client secret

Configuration response only

code_challenge_method

Default code_challenge_method for authorization request.

When set as either "plain" or "S256", sending authorization requests without a code_challenge is not allowed.

When set as "S256", use of "plain" code_challenge_method is not allowed.

See RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.


OpenID Connect parameters

id_token_signed_response_alg

id_token_encrypted_response_alg

id_token_encrypted_response_enc

Controls ID Token signature and encryption algorithms

userinfo_signed_response_alg

userinfo_encrypted_response_alg

userinfo_encrypted_response_enc

Controls UserInfo Response signature and encryption algorithms

request_object_signing_alg

request_object_encryption_alg

request_object_encryption_enc

Controls Authorization Request signature and encryption algorithms
token_endpoint_auth_signing_algControls JWT Client Authentication signature algorithm

References

  • No labels