Versions Compared

Old Version 4

changes.mady.by.user Wolfgang Glas

Saved on

compared with

New Version 5

changes.mady.by.user Wolfgang Glas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PropertyDescription
sessionCookieThe name of the cookie to set in user agents.
sessionTimeoutThe timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider.
secureCookieThe secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy.
delegateDomainThe domain against which to check incoming bearer tokens. If not set, incoming bearer tokens will not be accepted by the OAuth HttpLoginService.
domain.<domain>.labelThe mandatory human-readable label for the configured domain with identifier <domain>.
domain.<domain>.authorizationLocationThe OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
domain.<domain>.tokenLocationThe OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
domain.<domain>.userLocationThe optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation
domain.<domain>.configurationLocationThe well-known OpenID Connect configuration location.
domain.<domain>.faviconLocationThe optional favicon location for domain, which doe not have a /favicon.ico resource on the root of their authorization web host.
domain.<domain>.clientIdThe client ID of our application as registered at the OAuth Provider.
domain.<domain>.clientPasswordThe password for the client ID of our application as registered at the OAuth Provider.
domain.<domain>.scopeThe mandatory scope to pass to the authorization endpoint.
domain.<domain>.promptThe optional prompt value to pass to the authorization endpoint.
domain.<domain>.responseTypeThe optional response type to pass to the authorization endpoint.
domain.<domain>.options

Comma-separated list of options from the set

  • lenientAccessTokenCheck - Used to by pass at_hash checks in issued ID tokens, need e.g. for microsoft providers.
  • propagateLocale - Used to propagate the locale of the login iframe to the OAuth provider as the locale URL parameter.

...

Property

Value

domain.GOOGLE.clientId

Client ID as registered under https://console.developers.google.com/apis/credentials


domain.GOOGLE.clientPassword

Password of the above mentioned client ID.

domain.GOOGLE.configurationLocation

https://accounts.google.com/.well-known/openid-configuration

domain.GOOGLE.label

google.com

domain.GOOGLE.scope

openid profile email

domain.GOOGLE.accessType

offline

domain.GOOGLE.prompt

consent

microsoftonline.com

Microsoft implements OpenID connect, but leaves out the at_hash claim in ID tokens.

Property

Value

domain.MICROSOFT.clientId

https://apps.dev.microsoft.com/#/appList


domain.MICROSOFT.clientPassword

Password of the above mentioned client ID.

domain.MICROSOFT.configurationLocation

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

domain.MICROSOFT.label

microsoft.com

domain.MICROSOFT.scope

openid profile User.Read offline_access

domain.MICROSOFT.responseType

token id_token

domain.MICROSOFT.options

lenientAccessTokenCheck

domain.MICROSOFT.prompt

consent

domain.MICROSOFT.faviconLocation

https://www.microsoft.com/favicon.ico

Further Readings

OpenID 1.0 Specification: http://openid.net/specs/openid-connect-core-1_0.html

...