This page lists Client Configuration parameters used when SSO Server acts as OAuth 2.0 or OpenID Connect provider

Name	Description
	OAuth 2.0 parameters
redirect_uris	List of allowed redirect_uri values for client
token_endpoint_auth_method	Controls Client Authentication method for client When set as "none", sending authorization requests without a code_challenge is not allowed.
grant_types	List of allowed grant types for client. If not specified then authorization_code, password and refresh_token are allowed
response_types	List of allowed response types for client Only code is currently implemented
client_name	Human readable name of client. See Login user interface customization - SSO
logo_uri	Uri that references a logo for the client See Login user interface customization - SSO
scope	List of allowed attribute scope values for client. If not specified then all scope values are allowed When also `aud` parameter is specified, then the values in `scope` parameter can only be used as attribute scopes in Authorization Policy rules. When `aud` parameter is not specified, then the values in `scope` parameter are used as attribute scopes in Authorization Policy rules and specify which client_id values are allowed as audience for the access token.
aud	List of allowed client_id values to be used as scope values for authentication and token requests specifying which clients are allowed as audience for the access token. If not specified, then the `scope` parameter is used instead.
jwks	Public keys of client as a JSON Web Key Set
client_id	Unique client identifier Configuration response only
client_secret	Client secret Configuration response only
code_challenge_method	Default code_challenge_method for authorization request. When set as either "plain" or "S256", sending authorization requests without a code_challenge is not allowed. When set as "S256", use of "plain" code_challenge_method is not allowed. See RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.
	OpenID Connect parameters
id_token_signed_response_alg id_token_encrypted_response_alg id_token_encrypted_response_enc	Controls ID Token signature and encryption algorithms
userinfo_signed_response_alg userinfo_encrypted_response_alg userinfo_encrypted_response_enc	Controls UserInfo Response signature and encryption algorithms
request_object_signing_alg request_object_encryption_alg request_object_encryption_enc	Controls Authorization Request signature and encryption algorithms
token_endpoint_auth_signing_alg	Controls JWT Client Authentication signature algorithm
require_signed_request_object	Boolean to declare whether the client is required to send signed authorization requests. When set to `true`, client is required to send authorization requests as signed JWT (JWS) request objects. Normal authorization requests with the parameters passed as URL parameters are rejected. When set to `false`, also normal authorization requests are allowed. Default is `false`. Note that to enable this the value must be the boolean value `true`. String value `"true"` is not supported. Note that unsigned JWT request objects are not supported by Ubisecure SSO, so they are rejected regardless of the value or absence of this parameter.

Identity Server 2024.1

Client configuration reference - SSO

OAuth 2.0 parameters

OpenID Connect parameters

References