Skip to main content
Skip table of contents

OAuth2

Definition

OAuth2 configuration allows to define some global parameters that will apply to all OAuth2/OpenID Connect federations of the tenant.

Configuration

You can access the OAuth2 configuration :

  • by clicking on "Access" → “OAuth2

  • by clicking on "System" → "Configurations" → "Access Service" and perform an import/export.

Properties

Property name

Type

Mandatory

Description

Values (default value in bold)

tokens

TokenConfiguration

Configuration of OAuth2/OIDC tokens

-

deviceFlow

DeviceFlow

Configuration of device flow

-

includeX5cInJwkUri

boolean

When enabled, the X509 certificate chain is included in the JWKS URL response.

true, false

scopes

Scope

Configuration of scopes

-

claims

Claim

Configuration of claims

-

Tokens properties

Property name

Type

Mandatory

Description

Values (default value in bold)

accessToken

AccessTokenConfiguration

NO

Configuration related to access token

-

refreshToken

RefreshTokenConfiguration

NO

Configuration related to refresh token

-

authorizationCode

AuthorizationCodeConfiguration

NO

Configuration related to authorization code

-

idToken

IdTokenConfiguration

NO

Configuration related to id token

-

assertionSignatureCertificateIds

List <String>

NO

List of certificates identifier used to sign JWT tokens (access token and id token)

-

accessToken properties

Property name

Type

Mandatory

Description

Values (default value in bold)

validity

String

NO

Defines the access token validity period.

1 hour

refreshToken properties

Property name

Type

Mandatory

Description

Values (default value in bold)

validity

String

NO

Defines refresh token validity period.

7 days

enabled

Boolean

YES

Allows to enable or disable the delivery of the refresh token with the access token.

true,false

authorizationCode properties

Property name

Type

Mandatory

Description

Values (default value in bold)

validity

String

NO

Defines authorization code validity period.

2 minutes

idToken properties

Property name

Type

Mandatory

Description

Values (default value in bold)

validity

String

NO

Defines ID Token validity period.

1 hour

assertionSignatureCertificateIds properties

Property name

Type

Mandatory

Description

Values (default value in bold)

assertionSignatureCertificateId

String

NO except when using JWT access token or id token.

Allows to determine the certificate id used to sign the JWT tokens.

-

Device Flow properties

Property name

Type

Mandatory

Description

Values (default value in bold)

codeAlphabetFormat

List<String>

NO

Defines the user code format.

-

codeLength

Number

NO

Defines the number of characters in the user code.

8
Min: 6
Max: 20

codeAlphabetFormat properties

Property name

Type

Mandatory

Description

Values (default value in bold)

excludedCharacters

String

NO

Characters to be excluded from the user code format.

-

includeDigits

Boolean

YES

Defines whether digits are used to generate the user code.

true, false

includeLowerCaseLetters

Boolean

YES

Defines whether lower case letters are used to generate the user code.

true, false

includeUpperCaseLetters

Boolean

YES

Defines whether upper case letters are used to generate the user code.

true, false

Scopes properties

Property name

Type

Mandatory

Description

Values (default value in bold)

name

String

NO

Configuration of the scope.

-

Claims properties

Property name

Type

Mandatory

Description

Values (default value in bold)

name

String

NO

Configuration of the claim.

-

Example

XML
<maiaamcp:OAuth2Configuration>
	<tokens>
		<accessToken>
			<validity>PT55M</validity>
        </accessToken>
		<refreshToken enabled="true">
			<validity>PT17H</validity>
		</refreshToken>
		<authorizationCode>
			<validity>PT55M</validity>
		</authorizationCode>
		<idToken>
			<validity>PT17H</validity>
		</idToken>
		<assertionSignatureCertificateIds>memority_saml_idp</assertionSignatureCertificateIds>
	</tokens>
	<deviceFlow>
        <codeLength>20</codeLength>
        <codeAlphabetFormat>
            <excludedCharacters>012ijq</excludedCharacters>
            <includeDigits>true</includeDigits>
            <includeLowerCaseLetters>true</includeLowerCaseLetters>
            <includeUpperCaseLetters>false</includeUpperCaseLetters>
        </codeAlphabetFormat>
    </deviceFlow>
    <includeX5cInJwkUri>true</includeX5cInJwkUri>
    <scopes>
        <name>scopeName</name>
    </scopes>
    <claims>
        <name>claimName</name>
    </claims>
</maiaamcp:OAuth2Configuration>

Read Next

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.