Type alias MsgVpnAuthenticationOauthProvider

MsgVpnAuthenticationOauthProvider: {
    audienceClaimName?: string;
    audienceClaimSource?: audienceClaimSource;
    audienceClaimValue?: string;
    audienceValidationEnabled?: boolean;
    authorizationGroupClaimName?: string;
    authorizationGroupClaimSource?: authorizationGroupClaimSource;
    authorizationGroupEnabled?: boolean;
    disconnectOnTokenExpirationEnabled?: boolean;
    enabled?: boolean;
    jwksRefreshInterval?: number;
    jwksUri?: string;
    msgVpnName?: string;
    oauthProviderName?: string;
    tokenIgnoreTimeLimitsEnabled?: boolean;
    tokenIntrospectionParameterName?: string;
    tokenIntrospectionPassword?: string;
    tokenIntrospectionTimeout?: number;
    tokenIntrospectionUri?: string;
    tokenIntrospectionUsername?: string;
    usernameClaimName?: string;
    usernameClaimSource?: usernameClaimSource;
    usernameValidateEnabled?: boolean;
}

Type declaration

  • Optional audienceClaimName?: string

    The audience claim name, indicating which part of the object to use for determining the audience. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "aud". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional audienceClaimSource?: audienceClaimSource

    The audience claim source, indicating where to search for the audience value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "id-token". The allowed values and their meaning are:

    "access-token" - The OAuth v2 access_token.
"id-token" - The OpenID Connect id_token.
"introspection" - The result of introspecting the OAuth v2 access_token.

    Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional audienceClaimValue?: string

    The required audience value for a token to be considered valid. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional audienceValidationEnabled?: boolean

    Enable or disable audience validation. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional authorizationGroupClaimName?: string

    The authorization group claim name, indicating which part of the object to use for determining the authorization group. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "scope". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional authorizationGroupClaimSource?: authorizationGroupClaimSource

    The authorization group claim source, indicating where to search for the authorization group name. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "id-token". The allowed values and their meaning are:

    "access-token" - The OAuth v2 access_token.
"id-token" - The OpenID Connect id_token.
"introspection" - The result of introspecting the OAuth v2 access_token.

    Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional authorizationGroupEnabled?: boolean

    Enable or disable OAuth based authorization. When enabled, the configured authorization type for OAuth clients is overridden. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional disconnectOnTokenExpirationEnabled?: boolean

    Enable or disable the disconnection of clients when their tokens expire. Changing this value does not affect existing clients, only new client connections. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is true. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional enabled?: boolean

    Enable or disable OAuth Provider client authentication. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional jwksRefreshInterval?: number

    The number of seconds between forced JWKS public key refreshing. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 86400. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional jwksUri?: string

    The URI where the OAuth provider publishes its JWKS public keys. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional msgVpnName?: string

    The name of the Message VPN. Deprecated since 2.25. Replaced by authenticationOauthProfiles.

  • Optional oauthProviderName?: string

    The name of the OAuth Provider. Deprecated since 2.25. Replaced by authenticationOauthProfiles.

  • Optional tokenIgnoreTimeLimitsEnabled?: boolean

    Enable or disable whether to ignore time limits and accept tokens that are not yet valid or are no longer valid. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional tokenIntrospectionParameterName?: string

    The parameter name used to identify the token during access token introspection. A standards compliant OAuth introspection server expects "token". Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "token". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional tokenIntrospectionPassword?: string

    The password to use when logging into the token introspection URI. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional tokenIntrospectionTimeout?: number

    The maximum time in seconds a token introspection is allowed to take. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is 1. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional tokenIntrospectionUri?: string

    The token introspection URI of the OAuth authentication server. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional tokenIntrospectionUsername?: string

    The username to use when logging into the token introspection URI. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional usernameClaimName?: string

    The username claim name, indicating which part of the object to use for determining the username. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "sub". Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional usernameClaimSource?: usernameClaimSource

    The username claim source, indicating where to search for the username value. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is "id-token". The allowed values and their meaning are:

    "access-token" - The OAuth v2 access_token.
"id-token" - The OpenID Connect id_token.
"introspection" - The result of introspecting the OAuth v2 access_token.

    Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

  • Optional usernameValidateEnabled?: boolean

    Enable or disable whether the API provided username will be validated against the username calculated from the token(s); the connection attempt is rejected if they differ. Changes to this attribute are synchronized to HA mates and replication sites via config-sync. The default value is false. Deprecated since 2.25. authenticationOauthProviders replaced by authenticationOauthProfiles.

Settings

Member Visibility

Theme