OAuth2
Definition
OAuth2 configuration allows to define some global parameters that will apply to all OAuth2/OpenID Connect federations of the tenant.
Configuration
You can access the OAuth2 configuration :
by clicking on "Access" → “OAuth2”
by clicking on "System" → "Configurations" → "Access Service" and perform an import/export.
Properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
tokens |
| Configuration of OAuth2/OIDC tokens | - | |
deviceFlow |
| Configuration of device flow | - | |
includeX5cInJwkUri |
| When enabled, the X509 certificate chain is included in the JWKS URL response. | true, false | |
scopes |
| Configuration of scopes | - | |
claims |
| Configuration of claims | - |
Tokens properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
accessToken |
| NO | Configuration related to access token | - |
refreshToken |
| NO | Configuration related to refresh token | - |
authorizationCode |
| NO | Configuration related to authorization code | - |
idToken |
| NO | Configuration related to id token | - |
assertionSignatureCertificateIds |
| NO | List of certificates identifier used to sign JWT tokens (access token and id token) | - |
accessToken properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
validity |
| NO | Defines the access token validity period. | 1 hour |
refreshToken properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
validity |
| NO | Defines refresh token validity period. | 7 days |
enabled |
| YES | Allows to enable or disable the delivery of the refresh token with the access token. | true,false |
authorizationCode properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
validity |
| NO | Defines authorization code validity period. | 2 minutes |
idToken properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
validity |
| NO | Defines ID Token validity period. | 1 hour |
assertionSignatureCertificateIds properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
assertionSignatureCertificateId |
| NO except when using JWT access token or id token. | Allows to determine the certificate id used to sign the JWT tokens. | - |
Device Flow properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
codeAlphabetFormat |
| NO | Defines the user code format. | - |
codeLength |
| NO | Defines the number of characters in the user code. | 8 |
codeAlphabetFormat properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
excludedCharacters |
| NO | Characters to be excluded from the user code format. | - |
includeDigits |
| YES | Defines whether digits are used to generate the user code. | true, false |
includeLowerCaseLetters |
| YES | Defines whether lower case letters are used to generate the user code. | true, false |
includeUpperCaseLetters |
| YES | Defines whether upper case letters are used to generate the user code. | true, false |
Scopes properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
name |
| NO | Configuration of the scope. | - |
Claims properties
Property name | Type | Mandatory | Description | Values (default value in bold) |
|---|---|---|---|---|
name |
| NO | Configuration of the claim. | - |
Example
<maiaamcp:OAuth2Configuration>
<tokens>
<accessToken>
<validity>PT55M</validity>
</accessToken>
<refreshToken enabled="true">
<validity>PT17H</validity>
</refreshToken>
<authorizationCode>
<validity>PT55M</validity>
</authorizationCode>
<idToken>
<validity>PT17H</validity>
</idToken>
<assertionSignatureCertificateIds>memority_saml_idp</assertionSignatureCertificateIds>
</tokens>
<deviceFlow>
<codeLength>20</codeLength>
<codeAlphabetFormat>
<excludedCharacters>012ijq</excludedCharacters>
<includeDigits>true</includeDigits>
<includeLowerCaseLetters>true</includeLowerCaseLetters>
<includeUpperCaseLetters>false</includeUpperCaseLetters>
</codeAlphabetFormat>
</deviceFlow>
<includeX5cInJwkUri>true</includeX5cInJwkUri>
<scopes>
<name>scopeName</name>
</scopes>
<claims>
<name>claimName</name>
</claims>
</maiaamcp:OAuth2Configuration>