Type alias MsgVpnAuthenticationOauthProfile

Type declaration

• Optional authorizationGroupsClaimName?: string

  The name of the groups claim. If non-empty, the specified claim will be used to determine groups for authorization. If empty, the authorizationType attribute of the Message VPN will be used to determine authorization. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "groups".

• Optional clientId?: string

  The OAuth client id. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional clientRequiredType?: string

  The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "JWT".

• Optional clientSecret?: string

  The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional clientValidateTypeEnabled?: boolean

  Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional disconnectOnTokenExpirationEnabled?: boolean

  Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional enabled?: boolean

  Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false.

• Optional endpointDiscovery?: string

  The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional endpointDiscoveryRefreshInterval?: number

  The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 86400.

• Optional endpointIntrospection?: string

  The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional endpointIntrospectionTimeout?: number

  The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 1.

• Optional endpointJwks?: string

  The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional endpointJwksRefreshInterval?: number

  The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 86400.

• Optional endpointUserinfo?: string

  The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional endpointUserinfoTimeout?: number

  The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 1.

• Optional issuer?: string

  The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional mqttUsernameValidateEnabled?: boolean

  Enable or disable whether the API provided MQTT client username will be validated against the username calculated from the token(s). When enabled, connection attempts by MQTT clients are rejected if they differ. Note that this value only applies to MQTT clients; SMF client usernames will not be validated. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false.

• Optional msgVpnName?: string

  The name of the Message VPN.

• Optional oauthProfileName?: string

  The name of the OAuth profile.

• Optional oauthRole?: MsgVpnAuthenticationOauthProfile.oauthRole

  The OAuth role of the broker. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "client". The allowed values and their meaning are:

  "client" - The broker is in the OAuth client role.
  "resource-server" - The broker is in the OAuth resource server role.
  

• Optional resourceServerParseAccessTokenEnabled?: boolean

  Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional resourceServerRequiredAudience?: string

  The required audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional resourceServerRequiredIssuer?: string

  The required issuer value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional resourceServerRequiredScope?: string

  A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "".

• Optional resourceServerRequiredType?: string

  The required TYP value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "at+jwt".

• Optional resourceServerValidateAudienceEnabled?: boolean

  Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional resourceServerValidateIssuerEnabled?: boolean

  Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional resourceServerValidateScopeEnabled?: boolean

  Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional resourceServerValidateTypeEnabled?: boolean

  Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true.

• Optional usernameClaimName?: string

  The name of the username claim. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "sub".