Type alias OauthProfile

OauthProfile: {
    accessLevelGroupsClaimName?: string;
    clientId?: string;
    clientRedirectUri?: string;
    clientRequiredType?: string;
    clientScope?: string;
    clientSecret?: string;
    clientValidateTypeEnabled?: boolean;
    defaultGlobalAccessLevel?: defaultGlobalAccessLevel;
    defaultMsgVpnAccessLevel?: defaultMsgVpnAccessLevel;
    displayName?: string;
    enabled?: boolean;
    endpointAuthorization?: string;
    endpointDiscovery?: string;
    endpointDiscoveryRefreshInterval?: number;
    endpointIntrospection?: string;
    endpointIntrospectionTimeout?: number;
    endpointJwks?: string;
    endpointJwksRefreshInterval?: number;
    endpointToken?: string;
    endpointTokenTimeout?: number;
    endpointUserinfo?: string;
    endpointUserinfoTimeout?: number;
    interactiveEnabled?: boolean;
    interactivePromptForExpiredSession?: string;
    interactivePromptForNewSession?: string;
    issuer?: string;
    oauthProfileName?: string;
    oauthRole?: OauthProfile.oauthRole;
    resourceServerParseAccessTokenEnabled?: boolean;
    resourceServerRequiredAudience?: string;
    resourceServerRequiredIssuer?: string;
    resourceServerRequiredScope?: string;
    resourceServerRequiredType?: string;
    resourceServerValidateAudienceEnabled?: boolean;
    resourceServerValidateIssuerEnabled?: boolean;
    resourceServerValidateScopeEnabled?: boolean;
    resourceServerValidateTypeEnabled?: boolean;
    sempEnabled?: boolean;
    usernameClaimName?: string;
}

Type declaration

  • Optional accessLevelGroupsClaimName?: string

    The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "groups".

  • Optional clientId?: string

    The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional clientRedirectUri?: string

    The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional clientRequiredType?: string

    The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "JWT".

  • Optional clientScope?: string

    The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "openid email".

  • Optional clientSecret?: string

    The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional clientValidateTypeEnabled?: boolean

    Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional defaultGlobalAccessLevel?: defaultGlobalAccessLevel

    The default global access level for this OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "none". The allowed values and their meaning are:

    "none" - User has no access to global data.
"read-only" - User has read-only access to global data.
"read-write" - User has read-write access to most global data.
"admin" - User has read-write access to all global data.
  • Optional defaultMsgVpnAccessLevel?: defaultMsgVpnAccessLevel

    The default message VPN access level for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "none". The allowed values and their meaning are:

    "none" - User has no access to a Message VPN.
"read-only" - User has read-only access to a Message VPN.
"read-write" - User has read-write access to most Message VPN settings.
  • Optional displayName?: string

    The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional enabled?: boolean

    Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is false.

  • Optional endpointAuthorization?: string

    The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointDiscovery?: string

    The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointDiscoveryRefreshInterval?: number

    The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is 86400.

  • Optional endpointIntrospection?: string

    The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointIntrospectionTimeout?: number

    The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is 1.

  • Optional endpointJwks?: string

    The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointJwksRefreshInterval?: number

    The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is 86400.

  • Optional endpointToken?: string

    The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointTokenTimeout?: number

    The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is 1.

  • Optional endpointUserinfo?: string

    The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional endpointUserinfoTimeout?: number

    The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is 1.

  • Optional interactiveEnabled?: boolean

    Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional interactivePromptForExpiredSession?: string

    The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional interactivePromptForNewSession?: string

    The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "select_account".

  • Optional issuer?: string

    The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional oauthProfileName?: string

    The name of the OAuth profile.

  • Optional oauthRole?: OauthProfile.oauthRole

    The OAuth role of the broker. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "client". The allowed values and their meaning are:

    "client" - The broker is in the OAuth client role.
"resource-server" - The broker is in the OAuth resource server role.
  • Optional resourceServerParseAccessTokenEnabled?: boolean

    Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional resourceServerRequiredAudience?: string

    The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional resourceServerRequiredIssuer?: string

    The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional resourceServerRequiredScope?: string

    A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "".

  • Optional resourceServerRequiredType?: string

    The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "at+jwt".

  • Optional resourceServerValidateAudienceEnabled?: boolean

    Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional resourceServerValidateIssuerEnabled?: boolean

    Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional resourceServerValidateScopeEnabled?: boolean

    Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional resourceServerValidateTypeEnabled?: boolean

    Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional sempEnabled?: boolean

    Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is true.

  • Optional usernameClaimName?: string

    The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is "sub".

Settings

Member Visibility

Theme