-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathqwc-oidc-auth.json
80 lines (80 loc) · 2.34 KB
/
qwc-oidc-auth.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://github.com/qwc-services/qwc-oidc-auth/raw/main/schemas/qwc-oidc-auth.json",
"title": "QWC OIDC authentication service",
"type": "object",
"properties": {
"$schema": {
"title": "JSON Schema",
"description": "Reference to JSON schema of this config",
"type": "string",
"format": "uri",
"default": "https://github.com/qwc-services/qwc-oidc-auth/raw/main/schemas/qwc-oidc-auth.json"
},
"service": {
"title": "Service name",
"type": "string",
"const": "oidc-auth"
},
"config": {
"title": "Config options",
"type": "object",
"properties": {
"issuer_url": {
"description": "OpenID Connect Issuer URL",
"type": "string",
"format": "uri"
},
"client_id": {
"description": "Client ID",
"type": "string"
},
"client_secret": {
"description": "Client secret",
"type": "string"
},
"openid_scopes": {
"description": "Scopes",
"type": "string",
"default": "openid email profile"
},
"redirect_uri": {
"description": "Custom redirect URI after calling authorization endpoint",
"type": "string"
},
"username": {
"description": "Attribute for user name",
"type": "string"
},
"groupinfo": {
"description": "Attribute name of group memberships",
"type": "string"
},
"authorized_api_token": {
"description": "List of api token authorized to use tokenlogin endpoint",
"type": "array",
"items": {
"type": "object",
"properties": {
"keys_url": {
"description": "Public keys URL to decode token",
"type": "string"
},
"claims_options":{
"description": "Token validation parameters following authlib specs : https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation",
"type": "object"
}
}
}
}
},
"required": [
"issuer_url", "client_id", "client_secret"
]
}
},
"required": [
"service",
"config"
]
}