Variable $OauthProfile`Const`

$OauthProfile: {
    properties: {
        accessLevelGroupsClaimName: {
            description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.";
            type: "string";
        };
        clientId: {
            description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        clientRedirectUri: {
            description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        clientRequiredType: {
            description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.";
            type: "string";
        };
        clientScope: {
            description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.";
            type: "string";
        };
        clientSecret: {
            description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        clientValidateTypeEnabled: {
            description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        defaultGlobalAccessLevel: {
            type: "Enum";
        };
        defaultMsgVpnAccessLevel: {
            type: "Enum";
        };
        displayName: {
            description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        enabled: {
            description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.";
            type: "boolean";
        };
        endpointAuthorization: {
            description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointDiscovery: {
            description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointDiscoveryRefreshInterval: {
            description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
            format: "int32";
            type: "number";
        };
        endpointIntrospection: {
            description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointIntrospectionTimeout: {
            description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
            format: "int32";
            type: "number";
        };
        endpointJwks: {
            description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointJwksRefreshInterval: {
            description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
            format: "int32";
            type: "number";
        };
        endpointToken: {
            description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointTokenTimeout: {
            description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
            format: "int32";
            type: "number";
        };
        endpointUserinfo: {
            description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        endpointUserinfoTimeout: {
            description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
            format: "int32";
            type: "number";
        };
        interactiveEnabled: {
            description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        interactivePromptForExpiredSession: {
            description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        interactivePromptForNewSession: {
            description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.";
            type: "string";
        };
        issuer: {
            description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        oauthProfileName: {
            description: "The name of the OAuth profile.";
            type: "string";
        };
        oauthRole: {
            type: "Enum";
        };
        resourceServerParseAccessTokenEnabled: {
            description: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        resourceServerRequiredAudience: {
            description: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        resourceServerRequiredIssuer: {
            description: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        resourceServerRequiredScope: {
            description: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
            type: "string";
        };
        resourceServerRequiredType: {
            description: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.";
            type: "string";
        };
        resourceServerValidateAudienceEnabled: {
            description: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        resourceServerValidateIssuerEnabled: {
            description: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        resourceServerValidateScopeEnabled: {
            description: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        resourceServerValidateTypeEnabled: {
            description: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        sempEnabled: {
            description: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
            type: "boolean";
        };
        usernameClaimName: {
            description: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.";
            type: "string";
        };
    };
} = ...

Type declaration

properties: {
    accessLevelGroupsClaimName: {
        description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.";
        type: "string";
    };
    clientId: {
        description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    clientRedirectUri: {
        description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    clientRequiredType: {
        description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.";
        type: "string";
    };
    clientScope: {
        description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.";
        type: "string";
    };
    clientSecret: {
        description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    clientValidateTypeEnabled: {
        description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    defaultGlobalAccessLevel: {
        type: "Enum";
    };
    defaultMsgVpnAccessLevel: {
        type: "Enum";
    };
    displayName: {
        description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    enabled: {
        description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.";
        type: "boolean";
    };
    endpointAuthorization: {
        description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointDiscovery: {
        description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointDiscoveryRefreshInterval: {
        description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
        format: "int32";
        type: "number";
    };
    endpointIntrospection: {
        description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointIntrospectionTimeout: {
        description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
        format: "int32";
        type: "number";
    };
    endpointJwks: {
        description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointJwksRefreshInterval: {
        description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
        format: "int32";
        type: "number";
    };
    endpointToken: {
        description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointTokenTimeout: {
        description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
        format: "int32";
        type: "number";
    };
    endpointUserinfo: {
        description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    endpointUserinfoTimeout: {
        description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
        format: "int32";
        type: "number";
    };
    interactiveEnabled: {
        description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    interactivePromptForExpiredSession: {
        description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    interactivePromptForNewSession: {
        description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.";
        type: "string";
    };
    issuer: {
        description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    oauthProfileName: {
        description: "The name of the OAuth profile.";
        type: "string";
    };
    oauthRole: {
        type: "Enum";
    };
    resourceServerParseAccessTokenEnabled: {
        description: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    resourceServerRequiredAudience: {
        description: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    resourceServerRequiredIssuer: {
        description: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    resourceServerRequiredScope: {
        description: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
        type: "string";
    };
    resourceServerRequiredType: {
        description: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.";
        type: "string";
    };
    resourceServerValidateAudienceEnabled: {
        description: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    resourceServerValidateIssuerEnabled: {
        description: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    resourceServerValidateScopeEnabled: {
        description: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    resourceServerValidateTypeEnabled: {
        description: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    sempEnabled: {
        description: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
        type: "boolean";
    };
    usernameClaimName: {
        description: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.";
        type: "string";
    };
}
- accessLevelGroupsClaimName: {
  description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.";
  type: "string";
  }
  - description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`."
  - type: "string"
- clientId: {
  description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- clientRedirectUri: {
  description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- clientRequiredType: {
  description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.";
  type: "string";
  }
  - description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`."
  - type: "string"
- clientScope: {
  description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.";
  type: "string";
  }
  - description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`."
  - type: "string"
- clientSecret: {
  description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- clientValidateTypeEnabled: {
  description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- defaultGlobalAccessLevel: {
  type: "Enum";
  }
  - type: "Enum"
- defaultMsgVpnAccessLevel: {
  type: "Enum";
  }
  - type: "Enum"
- displayName: {
  description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- enabled: {
  description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.";
  type: "boolean";
  }
  - description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`."
  - type: "boolean"
- endpointAuthorization: {
  description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointDiscovery: {
  description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointDiscoveryRefreshInterval: {
      description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
      format: "int32";
      type: "number";
  }
  - description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."
  - format: "int32"
  - type: "number"
- endpointIntrospection: {
  description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointIntrospectionTimeout: {
      description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
      format: "int32";
      type: "number";
  }
  - description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."
  - format: "int32"
  - type: "number"
- endpointJwks: {
  description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointJwksRefreshInterval: {
      description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
      format: "int32";
      type: "number";
  }
  - description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."
  - format: "int32"
  - type: "number"
- endpointToken: {
  description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointTokenTimeout: {
      description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
      format: "int32";
      type: "number";
  }
  - description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."
  - format: "int32"
  - type: "number"
- endpointUserinfo: {
  description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- endpointUserinfoTimeout: {
      description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
      format: "int32";
      type: "number";
  }
  - description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."
  - format: "int32"
  - type: "number"
- interactiveEnabled: {
  description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- interactivePromptForExpiredSession: {
  description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- interactivePromptForNewSession: {
  description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`.";
  type: "string";
  }
  - description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`."
  - type: "string"
- issuer: {
  description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- oauthProfileName: {
  description: "The name of the OAuth profile.";
  type: "string";
  }
  - description: "The name of the OAuth profile."
  - type: "string"
- oauthRole: {
  type: "Enum";
  }
  - type: "Enum"
- resourceServerParseAccessTokenEnabled: {
  description: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- resourceServerRequiredAudience: {
  description: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- resourceServerRequiredIssuer: {
  description: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- resourceServerRequiredScope: {
  description: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
  type: "string";
  }
  - description: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."
  - type: "string"
- resourceServerRequiredType: {
  description: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.";
  type: "string";
  }
  - description: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`."
  - type: "string"
- resourceServerValidateAudienceEnabled: {
  description: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- resourceServerValidateIssuerEnabled: {
  description: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- resourceServerValidateScopeEnabled: {
  description: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- resourceServerValidateTypeEnabled: {
  description: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- sempEnabled: {
  description: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
  type: "boolean";
  }
  - description: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."
  - type: "boolean"
- usernameClaimName: {
  description: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.";
  type: "string";
  }
  - description: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`."
  - type: "string"

Variable $OauthProfileConst

Type declaration

accessLevelGroupsClaimName: { description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`."; type: "string"; }

description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`."

type: "string"

clientId: { description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

clientRedirectUri: { description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

clientRequiredType: { description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`."; type: "string"; }

description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`."

type: "string"

clientScope: { description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`."; type: "string"; }

description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`."

type: "string"

clientSecret: { description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

clientValidateTypeEnabled: { description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."; type: "boolean"; }

description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."

type: "boolean"

defaultGlobalAccessLevel: { type: "Enum"; }

type: "Enum"

defaultMsgVpnAccessLevel: { type: "Enum"; }

type: "Enum"

displayName: { description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

enabled: { description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`."; type: "boolean"; }

description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`."

type: "boolean"

endpointAuthorization: { description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointDiscovery: { description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointDiscoveryRefreshInterval: { description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."; format: "int32"; type: "number"; }

description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."

format: "int32"

type: "number"

endpointIntrospection: { description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointIntrospectionTimeout: { description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."; format: "int32"; type: "number"; }

description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."

format: "int32"

type: "number"

endpointJwks: { description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointJwksRefreshInterval: { description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."; format: "int32"; type: "number"; }

description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`."

format: "int32"

type: "number"

endpointToken: { description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointTokenTimeout: { description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."; format: "int32"; type: "number"; }

description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."

format: "int32"

type: "number"

endpointUserinfo: { description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

endpointUserinfoTimeout: { description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."; format: "int32"; type: "number"; }

description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`."

format: "int32"

type: "number"

interactiveEnabled: { description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."; type: "boolean"; }

description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`."

type: "boolean"

interactivePromptForExpiredSession: { description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."

type: "string"

description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session is new or the user has explicitly logged out. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"select_account\"`."

type: "string"

issuer: { description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`."; type: "string"; }

Variable $OauthProfile`Const`

accessLevelGroupsClaimName: {
description: "The name of the groups claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"groups\"`.";
type: "string";
}

clientId: {
description: "The OAuth client id. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

clientRedirectUri: {
description: "The OAuth redirect URI. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

clientRequiredType: {
description: "The required value for the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"JWT\"`.";
type: "string";
}

clientScope: {
description: "The OAuth scope. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"openid email\"`.";
type: "string";
}

clientSecret: {
description: "The OAuth client secret. This attribute is absent from a GET and not updated when absent in a PUT, subject to the exceptions in note 4. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

clientValidateTypeEnabled: {
description: "Enable or disable verification of the TYP field in the ID token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

defaultGlobalAccessLevel: {
type: "Enum";
}

defaultMsgVpnAccessLevel: {
type: "Enum";
}

displayName: {
description: "The user friendly name for the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

enabled: {
description: "Enable or disable the OAuth profile. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `false`.";
type: "boolean";
}

endpointAuthorization: {
description: "The OAuth authorization endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointDiscovery: {
description: "The OpenID Connect discovery endpoint or OAuth Authorization Server Metadata endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointDiscoveryRefreshInterval: {
description: "The number of seconds between discovery endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
format: "int32";
type: "number";
}

endpointIntrospection: {
description: "The OAuth introspection endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointIntrospectionTimeout: {
description: "The maximum time in seconds a token introspection request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
format: "int32";
type: "number";
}

endpointJwks: {
description: "The OAuth JWKS endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointJwksRefreshInterval: {
description: "The number of seconds between JWKS endpoint requests. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `86400`.";
format: "int32";
type: "number";
}

endpointToken: {
description: "The OAuth token endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointTokenTimeout: {
description: "The maximum time in seconds a token request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
format: "int32";
type: "number";
}

endpointUserinfo: {
description: "The OpenID Connect Userinfo endpoint. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

endpointUserinfoTimeout: {
description: "The maximum time in seconds a userinfo request is allowed to take. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `1`.";
format: "int32";
type: "number";
}

interactiveEnabled: {
description: "Enable or disable interactive logins via this OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

interactivePromptForExpiredSession: {
description: "The value of the prompt parameter provided to the OAuth authorization server for login requests where the session has expired. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

issuer: {
description: "The Issuer Identifier for the OAuth provider. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

oauthProfileName: {
description: "The name of the OAuth profile.";
type: "string";
}

oauthRole: {
type: "Enum";
}

resourceServerParseAccessTokenEnabled: {
description: "Enable or disable parsing of the access token as a JWT. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

resourceServerRequiredAudience: {
description: "The required audience value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

resourceServerRequiredIssuer: {
description: "The required issuer value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

resourceServerRequiredScope: {
description: "A space-separated list of scopes that must be present in the scope claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"\"`.";
type: "string";
}

resourceServerRequiredType: {
description: "The required TYP value. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"at+jwt\"`.";
type: "string";
}

resourceServerValidateAudienceEnabled: {
description: "Enable or disable verification of the audience claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

resourceServerValidateIssuerEnabled: {
description: "Enable or disable verification of the issuer claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

resourceServerValidateScopeEnabled: {
description: "Enable or disable verification of the scope claim in the access token or introspection response. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

resourceServerValidateTypeEnabled: {
description: "Enable or disable verification of the TYP field in the access token header. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

sempEnabled: {
description: "Enable or disable authentication of SEMP requests with OAuth tokens. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `true`.";
type: "boolean";
}

usernameClaimName: {
description: "The name of the username claim. Changes to this attribute are synchronized to HA mates via config-sync. The default value is `\"sub\"`.";
type: "string";
}