...
Property | Description |
---|---|
sessionCookie | The name of the cookie to set in user agents. |
sessionTimeout | The timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider. |
secureCookie | The secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy. |
delegateDomain | The domain against which to check incoming bearer tokens. If not set, incoming bearer tokens will not be accepted by the OAuth HttpLoginService. |
domain.<domain>.label | The mandatory human-readable label for the configured domain with identifier <domain>. |
domain.<domain>.authorizationLocation | The OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation |
domain.<domain>.tokenLocation | The OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation |
domain.<domain>.userLocation | The optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation |
domain.<domain>.configurationLocation | The well-known OpenID Connect configuration location. |
domain.<domain>.faviconLocation | The optional favicon location for domain, which doe not have a /favicon.ico resource on the root of their authorization web host. |
domain.<domain>.clientId | The client ID of our application as registered at the OAuth Provider. |
domain.<domain>.clientPassword | The password for the client ID of our application as registered at the OAuth Provider. |
domain.<domain>.scope | The mandatory scope to pass to the authorization endpoint. |
domain.<domain>.prompt | The optional prompt value to pass to the authorization endpoint. |
domain.<domain>.responseType | The optional response type to pass to the authorization endpoint. |
domain.<domain>.options | Comma-separated list of options from the set
|
...
Property | Value |
---|---|
domain.GOOGLE.clientId | Client ID as registered under https://console.developers.google.com/apis/credentials |
domain.GOOGLE.clientPassword | Password of the above mentioned client ID. |
domain.GOOGLE.configurationLocation | https://accounts.google.com/.well-known/openid-configuration |
domain.GOOGLE.label | google.com |
domain.GOOGLE.scope | openid profile email |
domain.GOOGLE.accessType | offline |
domain.GOOGLE.prompt | consent |
microsoftonline.com
Microsoft implements OpenID connect, but leaves out the at_hash
claim in ID tokens.
Property | Value |
---|---|
domain.MICROSOFT.clientId | https://apps.dev.microsoft.com/#/appList |
domain.MICROSOFT.clientPassword | Password of the above mentioned client ID. |
domain.MICROSOFT.configurationLocation | https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration |
domain.MICROSOFT.label | microsoft.com |
domain.MICROSOFT.scope | openid profile User.Read offline_access |
domain.MICROSOFT.responseType | token id_token |
domain.MICROSOFT.options | lenientAccessTokenCheck |
domain.MICROSOFT.prompt | consent |
domain.MICROSOFT.faviconLocation | https://www.microsoft.com/favicon.ico |
Further Readings
OpenID 1.0 Specification: http://openid.net/specs/openid-connect-core-1_0.html
...