Relying Party

app_tag

JsonArray containing strings used for filtering and similar operations.

N/A

client_id

Unique identifier for the client (Relying Party).

N/A

client_secret

Secret shared with the OP, used for token endpoint authentication.

N/A

redirect_uri

List of allowed redirect URIs to which the OP may send authorization responses. Must match exactly what the client requests.

N/A

post_logout_redirect_uris

List of URIs the user may be redirected to after logout (front-channel logout).

N/A

pipe_id

Pipe reference. Pipe is run directly after user authentication. Use to transform or enrich token content.

N/A

id_token_headers

Optional JOSE header parameters to include in issued ID Tokens.

N/A

id_token_claims

JSON map of custom claims to include in the ID Token payload.

N/A

access_token_headers

Optional JOSE headers for JWT access tokens (if enabled).

N/A

access_token_claims

Custom claims added to the JWT access token payload.

N/A

userinfo_claims

Claims to be fetched from the userinfo endpoint when access token is of opaque type. If NOT configured, access_token_claims will be used.

N/A

refresh_token_persist_pipe_id

Pipe to send the refresh token to. It is up to the administrator to decide what the pipe will do.

N/A

refresh_token_resolve_pipe_id

Pipe to load/resolve a refresh token. The pipe should also create and persist a new refresh token.

N/A

userinfo_pipe_id

Used to generate userinfo data when incoming access tokens is of JWT type.

N/A

client_credentials_pipe_id

Pipe to issue an access token when using the client_credentials grant. The client_credentials grant lets a client authenticate itself and obtain an access token to call APIs on its own behalf, without any end-user involved. Machine to machine.

N/A

redirect_on_error

When authentication fails, send a redirect back to RP.

false