Configuration data for OAuth authentication.
OAuth is only intended to be configured for the user interface when accessed directly, which is not the intended standard production deployment (where it is expected that the host will seamlessly provide a suitable JWT).
OAuth can be useful in design mode where there is no host platform but JWTs are required for testing conditions.
Each of the AuthEndpoints configured is presented as an option to the user when they attempt to login via the UI. Login may be optional (controlled by ) - if login is optional the user must explicitly choose to login.
The login mechanism is purely concerned with the generation of the JWT - the validation is still goverened by the JwtValidationConfig .
The following properties are mandatory:
-
name
-
issuer
Authentication will follow the standard OAuth 2.0 authorization code grant, with or without PKCE and nonce.
Name |
Type |
Details |
The URL to use to get a icon to display in the list of authentication endpoints in the login UI. This is optional - if not provided no icon will be displayed. |
||
The issuer that JWTs created by this login will use. The issuer provided must still be valid according to the JwtValidationConfig , this is just used to identify the issuer because the user is given a choice of login providers and the issuer cannot be extracted from the JWT. |
||
The OAuth authorization endpoint. |
||
The OAuth token endpoint. |
||
uk.co.spudsoft.query.main.ClientCredentials |
The client credentials to use when communicating with the OAuth endpoint. |
|
The scope(s) to specify in the OAuth request. |
||
boolean |
True if the OAuth request will use PKCE. |
|
boolean |
True if the OAuth request will include (and validate) a nonce value. |
|
The date at which this endpoint should be refreshed via OpenID Connect Discovery . This is not intended to be used for configuration, it is an internal value for implementation use. |