Type alias OAuth2ProviderSkeleton

OAuth2ProviderSkeleton: AmConfigEntityInterface & {
    advancedOAuth2Config?: {
        allowClientCredentialsInTokenRequestQueryParameters?: boolean;
        allowedAudienceValues?: string[];
        authenticationAttributes?: string[];
        codeVerifierEnforced?: string;
        defaultScopes?: string[];
        displayNameAttribute?: string;
        expClaimRequiredInRequestObject?: boolean;
        grantTypes?: string[];
        hashSalt?: string;
        macaroonTokenFormat?: string;
        maxAgeOfRequestObjectNbfClaim?: number;
        maxDifferenceBetweenRequestObjectNbfAndExp?: number;
        moduleMessageEnabledInPasswordGrant?: boolean;
        nbfClaimRequiredInRequestObject?: boolean;
        parRequestUriLifetime?: number;
        passwordGrantAuthService?: string;
        persistentClaims?: string[];
        refreshTokenGracePeriod?: number;
        requestObjectProcessing?: string;
        requirePushedAuthorizationRequests?: boolean;
        responseTypeClasses?: string[];
        supportedScopes?: string[];
        supportedSubjectTypes?: string[];
        tlsCertificateBoundAccessTokensEnabled?: boolean;
        tlsCertificateRevocationCheckingEnabled?: boolean;
        tlsClientCertificateHeaderFormat?: string;
        tokenCompressionEnabled?: boolean;
        tokenEncryptionEnabled?: boolean;
        tokenExchangeClasses?: string[];
        tokenSigningAlgorithm?: string;
        tokenValidatorClasses?: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    advancedOIDCConfig: {
        alwaysAddClaimsToToken?: boolean;
        amrMappings?: any;
        authorisedIdmDelegationClients?: string[];
        authorisedOpenIdConnectSSOClients?: string[];
        claimsParameterSupported?: boolean;
        defaultACR?: string[];
        idTokenInfoClientAuthenticationEnabled?: boolean;
        includeAllKtyAlgCombinationsInJwksUri?: boolean;
        loaMapping?: any;
        storeOpsTokens?: boolean;
        supportedAuthorizationResponseEncryptionAlgorithms?: string[];
        supportedAuthorizationResponseEncryptionEnc?: string[];
        supportedAuthorizationResponseSigningAlgorithms?: string[];
        supportedRequestParameterEncryptionAlgorithms?: string[];
        supportedRequestParameterEncryptionEnc?: string[];
        supportedRequestParameterSigningAlgorithms?: string[];
        supportedTokenEndpointAuthenticationSigningAlgorithms?: string[];
        supportedTokenIntrospectionResponseEncryptionAlgorithms?: string[];
        supportedTokenIntrospectionResponseEncryptionEnc?: string[];
        supportedTokenIntrospectionResponseSigningAlgorithms?: string[];
        supportedUserInfoEncryptionAlgorithms?: string[];
        supportedUserInfoEncryptionEnc?: string[];
        supportedUserInfoSigningAlgorithms?: string[];
        useForceAuthnForMaxAge?: boolean;
        useForceAuthnForPromptLogin?: boolean;
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    cibaConfig?: {
        cibaAuthReqIdLifetime: number;
        cibaMinimumPollingInterval: number;
        supportedCibaSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    clientDynamicRegistrationConfig?: {
        allowDynamicRegistration: boolean;
        dynamicClientRegistrationScope: string;
        dynamicClientRegistrationSoftwareStatementRequired: boolean;
        generateRegistrationAccessTokens: boolean;
        requiredSoftwareStatementAttestedAttributes: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    consent?: {
        clientsCanSkipConsent: boolean;
        enableRemoteConsent: boolean;
        supportedRcsRequestEncryptionAlgorithms: string[];
        supportedRcsRequestEncryptionMethods: string[];
        supportedRcsRequestSigningAlgorithms: string[];
        supportedRcsResponseEncryptionAlgorithms: string[];
        supportedRcsResponseEncryptionMethods: string[];
        supportedRcsResponseSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    coreOAuth2Config?: {
        accessTokenLifetime: number;
        accessTokenMayActScript: "[Empty]" | string;
        codeLifetime: number;
        issueRefreshToken: boolean;
        issueRefreshTokenOnRefreshedToken: boolean;
        macaroonTokensEnabled: boolean;
        oidcMayActScript: "[Empty]" | string;
        refreshTokenLifetime: number;
        scopesPolicySet: string;
        statelessTokensEnabled: boolean;
        usePolicyEngineForScope: boolean;
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    coreOIDCConfig?: {
        jwtTokenLifetime: number;
        oidcDiscoveryEndpointEnabled: boolean;
        overrideableOIDCClaims: string[];
        supportedClaims: string[];
        supportedIDTokenEncryptionAlgorithms: string[];
        supportedIDTokenEncryptionMethods: string[];
        supportedIDTokenSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    deviceCodeConfig?: {
        deviceCodeLifetime: number;
        devicePollInterval: number;
        deviceUserCodeCharacterSet: string;
        deviceUserCodeLength: number;
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    pluginsConfig?: {
        accessTokenEnricherClass?: string;
        accessTokenModificationPluginType?: "JAVA" | "SCRIPTED";
        accessTokenModificationScript?: "[Empty]" | string;
        accessTokenModifierClass?: string;
        authorizeEndpointDataProviderClass?: string;
        authorizeEndpointDataProviderPluginType?: "JAVA" | "SCRIPTED";
        authorizeEndpointDataProviderScript?: "[Empty]" | string;
        evaluateScopeClass?: string;
        evaluateScopePluginType?: "JAVA" | "SCRIPTED";
        evaluateScopeScript?: "[Empty]" | string;
        oidcClaimsClass?: string;
        oidcClaimsPluginType?: string;
        oidcClaimsScript?: "[Empty]" | string;
        userCodeGeneratorClass?: string;
        validateScopeClass?: string;
        validateScopePluginType?: "JAVA" | "SCRIPTED";
        validateScopeScript?: "[Empty]" | string;
        [k: string]: string | number | boolean | string[] | object | undefined;
    };
    [k: string]: string | number | boolean | string[] | object | undefined;
}

Type declaration

  • [k: string]: string | number | boolean | string[] | object | undefined
  • Optional advancedOAuth2Config?: {
        allowClientCredentialsInTokenRequestQueryParameters?: boolean;
        allowedAudienceValues?: string[];
        authenticationAttributes?: string[];
        codeVerifierEnforced?: string;
        defaultScopes?: string[];
        displayNameAttribute?: string;
        expClaimRequiredInRequestObject?: boolean;
        grantTypes?: string[];
        hashSalt?: string;
        macaroonTokenFormat?: string;
        maxAgeOfRequestObjectNbfClaim?: number;
        maxDifferenceBetweenRequestObjectNbfAndExp?: number;
        moduleMessageEnabledInPasswordGrant?: boolean;
        nbfClaimRequiredInRequestObject?: boolean;
        parRequestUriLifetime?: number;
        passwordGrantAuthService?: string;
        persistentClaims?: string[];
        refreshTokenGracePeriod?: number;
        requestObjectProcessing?: string;
        requirePushedAuthorizationRequests?: boolean;
        responseTypeClasses?: string[];
        supportedScopes?: string[];
        supportedSubjectTypes?: string[];
        tlsCertificateBoundAccessTokensEnabled?: boolean;
        tlsCertificateRevocationCheckingEnabled?: boolean;
        tlsClientCertificateHeaderFormat?: string;
        tokenCompressionEnabled?: boolean;
        tokenEncryptionEnabled?: boolean;
        tokenExchangeClasses?: string[];
        tokenSigningAlgorithm?: string;
        tokenValidatorClasses?: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • Optional allowClientCredentialsInTokenRequestQueryParameters?: boolean
    • Optional allowedAudienceValues?: string[]
    • Optional authenticationAttributes?: string[]
    • Optional codeVerifierEnforced?: string
    • Optional defaultScopes?: string[]
    • Optional displayNameAttribute?: string
    • Optional expClaimRequiredInRequestObject?: boolean
    • Optional grantTypes?: string[]
    • Optional hashSalt?: string
    • Optional macaroonTokenFormat?: string
    • Optional maxAgeOfRequestObjectNbfClaim?: number
    • Optional maxDifferenceBetweenRequestObjectNbfAndExp?: number
    • Optional moduleMessageEnabledInPasswordGrant?: boolean
    • Optional nbfClaimRequiredInRequestObject?: boolean
    • Optional parRequestUriLifetime?: number
    • Optional passwordGrantAuthService?: string
    • Optional persistentClaims?: string[]
    • Optional refreshTokenGracePeriod?: number
    • Optional requestObjectProcessing?: string
    • Optional requirePushedAuthorizationRequests?: boolean
    • Optional responseTypeClasses?: string[]
    • Optional supportedScopes?: string[]
    • Optional supportedSubjectTypes?: string[]
    • Optional tlsCertificateBoundAccessTokensEnabled?: boolean
    • Optional tlsCertificateRevocationCheckingEnabled?: boolean
    • Optional tlsClientCertificateHeaderFormat?: string
    • Optional tokenCompressionEnabled?: boolean
    • Optional tokenEncryptionEnabled?: boolean
    • Optional tokenExchangeClasses?: string[]
    • Optional tokenSigningAlgorithm?: string
    • Optional tokenValidatorClasses?: string[]
  • advancedOIDCConfig: {
        alwaysAddClaimsToToken?: boolean;
        amrMappings?: any;
        authorisedIdmDelegationClients?: string[];
        authorisedOpenIdConnectSSOClients?: string[];
        claimsParameterSupported?: boolean;
        defaultACR?: string[];
        idTokenInfoClientAuthenticationEnabled?: boolean;
        includeAllKtyAlgCombinationsInJwksUri?: boolean;
        loaMapping?: any;
        storeOpsTokens?: boolean;
        supportedAuthorizationResponseEncryptionAlgorithms?: string[];
        supportedAuthorizationResponseEncryptionEnc?: string[];
        supportedAuthorizationResponseSigningAlgorithms?: string[];
        supportedRequestParameterEncryptionAlgorithms?: string[];
        supportedRequestParameterEncryptionEnc?: string[];
        supportedRequestParameterSigningAlgorithms?: string[];
        supportedTokenEndpointAuthenticationSigningAlgorithms?: string[];
        supportedTokenIntrospectionResponseEncryptionAlgorithms?: string[];
        supportedTokenIntrospectionResponseEncryptionEnc?: string[];
        supportedTokenIntrospectionResponseSigningAlgorithms?: string[];
        supportedUserInfoEncryptionAlgorithms?: string[];
        supportedUserInfoEncryptionEnc?: string[];
        supportedUserInfoSigningAlgorithms?: string[];
        useForceAuthnForMaxAge?: boolean;
        useForceAuthnForPromptLogin?: boolean;
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • Optional alwaysAddClaimsToToken?: boolean
    • Optional amrMappings?: any
    • Optional authorisedIdmDelegationClients?: string[]
    • Optional authorisedOpenIdConnectSSOClients?: string[]
    • Optional claimsParameterSupported?: boolean
    • Optional defaultACR?: string[]
    • Optional idTokenInfoClientAuthenticationEnabled?: boolean
    • Optional includeAllKtyAlgCombinationsInJwksUri?: boolean
    • Optional loaMapping?: any
    • Optional storeOpsTokens?: boolean
    • Optional supportedAuthorizationResponseEncryptionAlgorithms?: string[]
    • Optional supportedAuthorizationResponseEncryptionEnc?: string[]
    • Optional supportedAuthorizationResponseSigningAlgorithms?: string[]
    • Optional supportedRequestParameterEncryptionAlgorithms?: string[]
    • Optional supportedRequestParameterEncryptionEnc?: string[]
    • Optional supportedRequestParameterSigningAlgorithms?: string[]
    • Optional supportedTokenEndpointAuthenticationSigningAlgorithms?: string[]
    • Optional supportedTokenIntrospectionResponseEncryptionAlgorithms?: string[]
    • Optional supportedTokenIntrospectionResponseEncryptionEnc?: string[]
    • Optional supportedTokenIntrospectionResponseSigningAlgorithms?: string[]
    • Optional supportedUserInfoEncryptionAlgorithms?: string[]
    • Optional supportedUserInfoEncryptionEnc?: string[]
    • Optional supportedUserInfoSigningAlgorithms?: string[]
    • Optional useForceAuthnForMaxAge?: boolean
    • Optional useForceAuthnForPromptLogin?: boolean
  • Optional cibaConfig?: {
        cibaAuthReqIdLifetime: number;
        cibaMinimumPollingInterval: number;
        supportedCibaSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • cibaAuthReqIdLifetime: number
    • cibaMinimumPollingInterval: number
    • supportedCibaSigningAlgorithms: string[]
  • Optional clientDynamicRegistrationConfig?: {
        allowDynamicRegistration: boolean;
        dynamicClientRegistrationScope: string;
        dynamicClientRegistrationSoftwareStatementRequired: boolean;
        generateRegistrationAccessTokens: boolean;
        requiredSoftwareStatementAttestedAttributes: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • allowDynamicRegistration: boolean
    • dynamicClientRegistrationScope: string
    • dynamicClientRegistrationSoftwareStatementRequired: boolean
    • generateRegistrationAccessTokens: boolean
    • requiredSoftwareStatementAttestedAttributes: string[]
  • Optional consent?: {
        clientsCanSkipConsent: boolean;
        enableRemoteConsent: boolean;
        supportedRcsRequestEncryptionAlgorithms: string[];
        supportedRcsRequestEncryptionMethods: string[];
        supportedRcsRequestSigningAlgorithms: string[];
        supportedRcsResponseEncryptionAlgorithms: string[];
        supportedRcsResponseEncryptionMethods: string[];
        supportedRcsResponseSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • clientsCanSkipConsent: boolean
    • enableRemoteConsent: boolean
    • supportedRcsRequestEncryptionAlgorithms: string[]
    • supportedRcsRequestEncryptionMethods: string[]
    • supportedRcsRequestSigningAlgorithms: string[]
    • supportedRcsResponseEncryptionAlgorithms: string[]
    • supportedRcsResponseEncryptionMethods: string[]
    • supportedRcsResponseSigningAlgorithms: string[]
  • Optional coreOAuth2Config?: {
        accessTokenLifetime: number;
        accessTokenMayActScript: "[Empty]" | string;
        codeLifetime: number;
        issueRefreshToken: boolean;
        issueRefreshTokenOnRefreshedToken: boolean;
        macaroonTokensEnabled: boolean;
        oidcMayActScript: "[Empty]" | string;
        refreshTokenLifetime: number;
        scopesPolicySet: string;
        statelessTokensEnabled: boolean;
        usePolicyEngineForScope: boolean;
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • accessTokenLifetime: number
    • accessTokenMayActScript: "[Empty]" | string
    • codeLifetime: number
    • issueRefreshToken: boolean
    • issueRefreshTokenOnRefreshedToken: boolean
    • macaroonTokensEnabled: boolean
    • oidcMayActScript: "[Empty]" | string
    • refreshTokenLifetime: number
    • scopesPolicySet: string
    • statelessTokensEnabled: boolean
    • usePolicyEngineForScope: boolean
  • Optional coreOIDCConfig?: {
        jwtTokenLifetime: number;
        oidcDiscoveryEndpointEnabled: boolean;
        overrideableOIDCClaims: string[];
        supportedClaims: string[];
        supportedIDTokenEncryptionAlgorithms: string[];
        supportedIDTokenEncryptionMethods: string[];
        supportedIDTokenSigningAlgorithms: string[];
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • jwtTokenLifetime: number
    • oidcDiscoveryEndpointEnabled: boolean
    • overrideableOIDCClaims: string[]
    • supportedClaims: string[]
    • supportedIDTokenEncryptionAlgorithms: string[]
    • supportedIDTokenEncryptionMethods: string[]
    • supportedIDTokenSigningAlgorithms: string[]
  • Optional deviceCodeConfig?: {
        deviceCodeLifetime: number;
        devicePollInterval: number;
        deviceUserCodeCharacterSet: string;
        deviceUserCodeLength: number;
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • deviceCodeLifetime: number
    • devicePollInterval: number
    • deviceUserCodeCharacterSet: string
    • deviceUserCodeLength: number
  • Optional pluginsConfig?: {
        accessTokenEnricherClass?: string;
        accessTokenModificationPluginType?: "JAVA" | "SCRIPTED";
        accessTokenModificationScript?: "[Empty]" | string;
        accessTokenModifierClass?: string;
        authorizeEndpointDataProviderClass?: string;
        authorizeEndpointDataProviderPluginType?: "JAVA" | "SCRIPTED";
        authorizeEndpointDataProviderScript?: "[Empty]" | string;
        evaluateScopeClass?: string;
        evaluateScopePluginType?: "JAVA" | "SCRIPTED";
        evaluateScopeScript?: "[Empty]" | string;
        oidcClaimsClass?: string;
        oidcClaimsPluginType?: string;
        oidcClaimsScript?: "[Empty]" | string;
        userCodeGeneratorClass?: string;
        validateScopeClass?: string;
        validateScopePluginType?: "JAVA" | "SCRIPTED";
        validateScopeScript?: "[Empty]" | string;
        [k: string]: string | number | boolean | string[] | object | undefined;
    }
    • [k: string]: string | number | boolean | string[] | object | undefined
    • Optional accessTokenEnricherClass?: string
    • Optional accessTokenModificationPluginType?: "JAVA" | "SCRIPTED"
    • Optional accessTokenModificationScript?: "[Empty]" | string
    • Optional accessTokenModifierClass?: string
    • Optional authorizeEndpointDataProviderClass?: string
    • Optional authorizeEndpointDataProviderPluginType?: "JAVA" | "SCRIPTED"
    • Optional authorizeEndpointDataProviderScript?: "[Empty]" | string
    • Optional evaluateScopeClass?: string
    • Optional evaluateScopePluginType?: "JAVA" | "SCRIPTED"
    • Optional evaluateScopeScript?: "[Empty]" | string
    • Optional oidcClaimsClass?: string
    • Optional oidcClaimsPluginType?: string
    • Optional oidcClaimsScript?: "[Empty]" | string
    • Optional userCodeGeneratorClass?: string
    • Optional validateScopeClass?: string
    • Optional validateScopePluginType?: "JAVA" | "SCRIPTED"
    • Optional validateScopeScript?: "[Empty]" | string

Settings

Member Visibility

Theme