sessionCookie

The name of the cookie to set in user agents.

sessionTimeout

The timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider.

secureCookie

The secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy.

delegateDomain

The domain against which to check incoming bearer tokens. If not set, incoming bearer tokens will not be accepted by the OAuth HttpLoginService.

domain.<domain>.label

The mandatory human-readable label for the configured domain with identifier <domain>.

domain.<domain>.authorizationLocation

The OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

domain.<domain>.tokenLocation

The OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

domain.<domain>.userLocation

The optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

domain.<domain>.configurationLocation

The well-known OpenID Connect configuration location.

domain.<domain>.faviconLocation

The optional favicon location for domains, which do not have a /favicon.ico resource on the root of their authorization web host.

domain.<domain>.clientId

The client ID of our application as registered at the OAuth Provider.

domain.<domain>.clientPassword

The password for the client ID of our application as registered at the OAuth Provider.

domain.<domain>.scope

The mandatory scope to pass to the authorization endpoint.

domain.<domain>.prompt

The optional prompt value to pass to the authorization endpoint.

domain.<domain>.responseType

The optional response type to pass to the authorization endpoint.

domain.<domain>.options

Comma-separated list of options from the set

• lenientAccessTokenCheck - Used to by pass at_hash checks in issued ID tokens, need e.g. for microsoft providers.

• propagateLocale - Used to propagate the locale of the login iframe to the OAuth provider as the locale URL parameter.

domain.GITHUB.authorizationLocation

http://github.com/login/oauth/authorize

domain.GITHUB.userLocation

https://api.github.com/user

domain.GITHUB.label

github.com

domain.GITHUB.clientId

Cleint ID a registered under 'Authorized OAuth Apps' https://github.com/settings/applications

domain.GITHUB.clientPassword

Password of the above mentioned client ID.

domain.GITHUB.tokenLocation

https://github.com/login/oauth/access_token

domain.GITHUB.scope

user

domain.GOOGLE.clientId

Client ID as registered under https://console.developers.google.com/apis/credentials

domain.GOOGLE.clientPassword

Password of the above mentioned client ID.

domain.GOOGLE.configurationLocation

https://accounts.google.com/.well-known/openid-configuration

domain.GOOGLE.label

google.com

domain.GOOGLE.scope

openid profile email

domain.GOOGLE.accessType

offline

domain.GOOGLE.prompt

consent

domain.MICROSOFT.clientId

https://apps.dev.microsoft.com/#/appList

domain.MICROSOFT.clientPassword

Password of the above mentioned client ID.

domain.MICROSOFT.configurationLocation

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

domain.MICROSOFT.label

microsoft.com

domain.MICROSOFT.scope

openid profile User.Read offline_access

domain.MICROSOFT.responseType

token id_token

domain.MICROSOFT.options

lenientAccessTokenCheck

domain.MICROSOFT.prompt

consent

domain.MICROSOFT.faviconLocation

https://www.microsoft.com/favicon.ico