org.clazzes.login.oauth

The timeout for cookie-based sessions in minutes. Sessions inactive for this time interval will be purged including all access/refresh/ID tokens requested from an OAuth/OpenID Provider.

24

)))

25

|(% style="width: 23.6864%;" %)(((

26

secureCookie

27

)))|(% style="width: 76.3136%;" %)(((

28

The secure flag of the issued cookie. Set this value to true, if your are located behind an SSL-terminated ReverseProxy.

29

)))

30

|(% style="width: 23.6864%;" %)(((

31

domain.<domain>.label

32

)))|(% style="width: 76.3136%;" %)(((

33

The mandatory human-readable label for the configured domain with identifier <domain>.

34

)))

35

|(% style="width: 23.6864%;" %)(((

36

domain.<domain>.authorizationLocation

37

)))|(% style="width: 76.3136%;" %)(((

38

The OAuth2 authorization endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

39

)))

40

|(% style="width: 23.6864%;" %)(((

41

domain.<domain>.tokenLocation

42

)))|(% style="width: 76.3136%;" %)(((

43

The OAuth2 token endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

44

)))

45

|(% style="width: 23.6864%;" %)(((

46

domain.<domain>.userLocation

47

)))|(% style="width: 76.3136%;" %)(((

48

The optional OAuth2 userinfo endpoint URL. This value does not need to be set for full-featured OpenID Providers, where this value is fetched from the specified configurationLocation

49

)))

50

|(% style="width: 23.6864%;" %)(((

51

domain.<domain>.configurationLocation

52

)))|(% style="width: 76.3136%;" %)(((

53

The well-known OpenID Connect configuration location.

54

)))

55

|(% style="width: 23.6864%;" %)(((

56

domain.<domain>.faviconLocation

57

)))|(% style="width: 76.3136%;" %)(((

58

The optional favicon location for domain, which doe not have a /favicon.ico resource on the root of their authorization web host.

59

)))

60

|(% style="width: 23.6864%;" %)(((

61

domain.<domain>.clientId

62

)))|(% style="width: 76.3136%;" %)(((

63

The client ID of our application as registered at the OAuth Provider.

64

)))

65

|(% style="width: 23.6864%;" %)(((

66

domain.<domain>.clientPassword

67

)))|(% style="width: 76.3136%;" %)(((

68

The password for the client ID of our application as registered at the OAuth Provider.

69

)))

70

|(% style="width: 23.6864%;" %)(((

71

domain.<domain>.scope

72

)))|(% style="width: 76.3136%;" %)(((

73

The mandatory scope to pass to the authorization endpoint.

74

)))

75

|(% style="width: 23.6864%;" %)(((

76

domain.<domain>.prompt

77

)))|(% style="width: 76.3136%;" %)(((

78

The optional prompt value to pass to the authorization endpoint.

79

)))

80

|(% style="width: 23.6864%;" %)(((

81

domain.<domain>.responseType

82

)))|(% style="width: 76.3136%;" %)(((

83

The optional response type to pass to the authorization endpoint.

84

)))

85

|(% style="width: 23.6864%;" %)(((

86

domain.<domain>.options

87

)))|(% style="width: 76.3136%;" %)(((

88

Comma-separated list of options from the set

89

90

* {{code language="none"}}lenientAccessTokenCheck{{/code}} - Used to by pass at_hash checks in issued ID tokens, need e.g. for microsoft providers.

91

* {{code language="none"}}propagateLocale{{/code}} - Used to propagate the locale of the login iframe to the OAuth provider as the {{code language="none"}}locale{{/code}} URL parameter.

92

)))

93

94

= {{id name="org.clazzes.login.oauth-Examples"/}}Examples =

95

96

== {{id name="org.clazzes.login.oauth-github.com"/}}github.com ==

97

98

Github implements OAuth2 and is not a full-features OpenID Connect provider.

|=(((

Property

)))|=(((

Value

)))

|(((

domain.GITHUB.authorizationLocation

107

)))|(((

108

(% class="nolink" %)http:~/~/github.com/login/oauth/authorize

109

)))

110

|(((

111

domain.GITHUB.userLocation

112

)))|(((

113

(% class="nolink" %)https:~/~/api.github.com/user

)))

|(((

domain.GITHUB.label

)))|(((

github.com

)))

|(((

domain.GITHUB.clientId

122

)))|(((

123

Cleint ID a registered under 'Authorized OAuth Apps' [[https:~~/~~/github.com/settings/applications>>url:https://github.com/settings/applications||shape="rect"]]\\

124

)))

125

|(((

126

domain.GITHUB.clientPassword

127

)))|(((

128

Password of the above mentioned client ID.\\

129

)))

130

|(((

131

domain.GITHUB.tokenLocation

132

)))|(((

133

(% class="nolink" %)https:~/~/github.com/login/oauth/access_token

)))

|(((

domain.GITHUB.scope

)))|(((

user

)))

\\

== {{id name="org.clazzes.login.oauth-google.com"/}}google.com ==

144

145

Google implements a clean OpenID Connect provider with no hazzles.

|=(((

Property

)))|=(((

Value

)))

|(((

domain.GOOGLE.clientId

154

)))|(((

155

Client ID as registered under [[https:~~/~~/console.developers.google.com/apis/credentials>>url:https://console.developers.google.com/apis/credentials||shape="rect"]]\\

156

)))

157

|(((

158

domain.GOOGLE.clientPassword

)))|(((

\\

)))

|(((

domain.GOOGLE.configurationLocation

164

)))|(((

165

(% class="nolink" %)https:~/~/accounts.google.com/.well-known/openid-configuration

)))

|(((

domain.GOOGLE.label

)))|(((

google.com

)))

|(((

domain.GOOGLE.scope

)))|(((

openid profile email

)))

|(((

domain.GOOGLE.accessType

)))|(((

offline

)))

|(((

domain.GOOGLE.prompt

)))|(((

consent

)))

\\

= {{id name="org.clazzes.login.oauth-FurtherReadings"/}}Further Readings =

191

192

OpenID 1.0 Specification: [[http:~~/~~/openid.net/specs/openid-connect-core-1_0.html>>url:http://openid.net/specs/openid-connect-core-1_0.html||shape="rect"]]

193

194

Microsoft's implementation notes: [[https:~~/~~/docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens>>url:https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-tokens||shape="rect"]]

195

196

Microsoft Online OpenID configuration: [[https:~~/~~/login.microsoftonline.com/common/.well-known/openid-configuration>>url:https://login.microsoftonline.com/common/.well-known/openid-configuration||shape="rect"]]

197

198

Google's OpenID Connect implementation notes: [[https:~~/~~/developers.google.com/identity/protocols/OpenIDConnect>>url:https://developers.google.com/identity/protocols/OpenIDConnect||shape="rect"]]

199

200

Google Accounts OpenID configuration: [[https:~~/~~/accounts.google.com/.well-known/openid-configuration>>url:https://accounts.google.com/.well-known/openid-configuration||shape="rect"]]

201

202

github OAuth Guide: [[https:~~/~~/developer.github.com/v3/oauth>>url:https://developer.github.com/v3/oauth||shape="rect"]]

203

204

IANA registry of JSON Web Token Claims: [[https:~~/~~/www.iana.org/assignments/jwt/jwt.xhtml>>url:https://www.iana.org/assignments/jwt/jwt.xhtml||shape="rect"]]

205

206

= {{id name="org.clazzes.login.oauth-RFCs"/}}RFCs =

207

208

RFC 7515, (% style="color: rgb(0,0,0);" %)JSON Web Signature (JWS), [[https:~~/~~/tools.ietf.org/html/rfc7515>>url:https://tools.ietf.org/html/rfc7515||shape="rect"]]

209

210

RFC 7516, (% style="color: rgb(0,0,0);" %)JSON Web Encryption (JWE), [[https:~~/~~/tools.ietf.org/html/rfc7516>>url:https://tools.ietf.org/html/rfc7516||shape="rect"]]

211

212

RFC 7517, (% style="color: rgb(0,0,0);" %)JSON Web Key (JWK), [[https:~~/~~/tools.ietf.org/html/rfc7517>>url:https://tools.ietf.org/html/rfc7517||shape="rect"]]

213

214

RFC 7518, JSON Web Algorithms (JWA), [[https:~~/~~/tools.ietf.org/html/rfc7518>>url:https://tools.ietf.org/html/rfc7518||shape="rect"]]

215

216

RFC 7519, JSON Web Token (JWT), [[https:~~/~~/tools.ietf.org/html/rfc7519>>url:https://tools.ietf.org/html/rfc7519||shape="rect"]]

Wiki source code of org.clazzes.login.oauth

Applications

Need help?