This page lists Client Configuration parameters used when SSO Server acts as OAuth 2.0 or OpenID Connect provider
Name | Description |
---|---|
OAuth 2.0 parameters | |
redirect_uris | List of allowed redirect_uri values for client |
token_endpoint_auth_method | Controls Client Authentication method for client |
grant_types | List of allowed grant types for client. If not specified then authorization_code, password and refresh_token are allowed |
response_types | List of allowed response types for client Only code is currently implemented |
client_name | Human readable name of client. |
logo_uri | Uri that references a logo for the client |
scope | List of allowed attribute scope values for client. If not specified then all scope values are allowed When also When |
aud | List of allowed client_id values to be used as scope values for authentication and token requests specifying which clients are allowed as audience for the access token. If not specified, then the |
jwks | Public keys of client as a JSON Web Key Set |
client_id | Unique client identifier Configuration response only |
client_secret | Client secret Configuration response only |
code_challenge_method | Default code_challenge_method for authorization request. When set as either "plain" or "S256", sending authorization requests without a code_challenge is not allowed. When set as "S256", use of "plain" code_challenge_method is not allowed. See RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients. |
OpenID Connect parameters | |
id_token_signed_response_alg id_token_encrypted_response_alg id_token_encrypted_response_enc | Controls ID Token signature and encryption algorithms |
userinfo_signed_response_alg userinfo_encrypted_response_alg userinfo_encrypted_response_enc | Controls UserInfo Response signature and encryption algorithms |
request_object_signing_alg request_object_encryption_alg request_object_encryption_enc | Controls Authorization Request signature and encryption algorithms |
token_endpoint_auth_signing_alg | Controls JWT Client Authentication signature algorithm |
require_signed_request_object | When set to "true", client is required to send authorization request as a signed JWT (JWS) request object. Unsigned JWT request objects and normal Normal authorization requests (where with the parameters are passed as URL parameters ) are rejected. When set to "false", also unsigned JWT request objects and normal authorization requests (where parameters are passed as URL parameters) are allowed. Default is "false" when omitted. Note that unsigned JWT request objects are rejected regardless of the value or absence of this parameter. |