The redirect uri value must have been be registered with SSO management. The authorization server redirects the web browse to this address after authenticating the end-user. See Client registration and activation - SSO.
An opaque value used by the client to maintain state between the request and callback
An opaque value used to associate a client session with an ID Token, and to mitigate replay attacks
The value from login_hint is put into the username field on the login form
Choose authentication methods that may satisfy the request
Choose the locale used in the login form
Specifies the allowable elapsed time in seconds since the last time the user was authenticated. If the elapsed time is greater than this value, the user is re-authenticated.
Possible values: none, login, consent, select_acccount. Value none means that the user is not shown a login page at all, which means that user won't be attempted to authenticate unless they already have an existing authentication. Values login, consent and select_account all mean that user is always shown a login page, despite having an existing authentication or not.
Choose the UI template used in the login form. The template must contain the value of display parameter in the template setting oidc.display. For this setting, please refer to Ubisecure SSO Login UI Customization.
A challenge derived from the code verifier to be verified against when processing the subsequent token request. Required if a value is set for the key "code_challenge_method" or "token_endpoint_auth_method" is set to "none" in the Client Metadata. Otherwise optional.
A method that was used to derive code challenge. Allowed values are "plain" and "S256". If not set, then the default value is the value of the key "code_challenge_method" in the Client Metadata if present, or "plain". Furthermore, if the value "S256" is set for "code_challenge_method" in the Client Metadata, the use of "plain" code_challenge_method in the authorization request is not allowed.
A cryptographically random string that is used to match the code_challenge sent in the authorization request to the token request. Required, if code_challenge was sent. Disallowed, if code_challenge was not sent.