{ "id":"/axapi/v3/aam/authentication/oauth", "type":"object", "node-type":"intermediate", "title":"oauth", "operation-not-allowed": ["PUT", "POST", "DELETE"], "partition-visibility":"shared", "auto-created-object":1, "description":"AAM Oauth 2.0 related configuration", "properties":{ "global":{ "type":"object", "$ref":"/axapi/v3/aam/authentication/oauth/global", "properties":{ "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object" }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'auth-req': auth-req; 'auth-succ': auth-succ; 'auth-fail': auth-fail; 'auth-error': auth-error; 'relay-req': relay-req; 'relay-succ': relay-succ; 'relay-fail': relay-fail; 'other-error': other-error; ", "enum":[ "all", "auth-req", "auth-succ", "auth-fail", "auth-error", "relay-req", "relay-succ", "relay-fail", "other-error" ] } } } ] } } }, "authorization-server-list":{ "type":"array", "minItems":1, "items":{ "type":"authorization-server" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authentication/oauth/authorization-server/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify authorization server object name", "optional":false }, "issuer":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify openid provider name for authorization", "optional":true }, "authorization-endpoint":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify URI for authorization", "optional":true }, "client-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'ignored': Clients' browser will send data according to server spec (default); 'post': Clients' browser will send data by POST; 'get': Clients' browser will send data by GET; ", "enum":[ "ignored", "post", "get" ], "optional":true }, "token-endpoint":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify URI for token exchange", "optional":true }, "server-method":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'post': AX will send data to server by POST (default); 'get': AX will send data to server by GET; ", "enum":[ "post", "get" ], "optional":true }, "verification-cert":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"verification-jwks", "description":"Specify certificate to verify ID token signature", "optional":true }, "verification-jwks":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "not":"verification-cert", "description":"Specify jwks file to verify ID token signature", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true }, "sampling-enable":{ "type":"array", "minItems":1, "items":{ "type":"object" }, "uniqueItems":true, "array":[ { "properties":{ "counters1":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'all': all; 'auth-req': auth-req; 'auth-succ': auth-succ; 'auth-fail': auth-fail; 'auth-error': auth-error; 'other-error': other-error; ", "enum":[ "all", "auth-req", "auth-succ", "auth-fail", "auth-error", "other-error" ] } } } ] } }, "required":[ "name" ] } ] }, "client-list":{ "type":"array", "minItems":1, "items":{ "type":"client" }, "uniqueItems":true, "$ref":"/axapi/v3/aam/authentication/oauth/client/{name}", "array":[ { "properties":{ "name":{ "type":"string", "format":"string", "minLength":1, "maxLength":63, "partition-visibility":"shared", "description":"Specify client object name", "optional":false }, "parameter-nonce-enable":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"Enable nonce parameter for authorization and token request", "optional":true }, "no-reply":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "description":"AX will not check the nonce value in response", "optional":true }, "token-lifetime":{ "type":"number", "format":"number", "minimum":1, "maximum":2592000, "partition-visibility":"shared", "not":"infinity", "optional":true }, "infinity":{ "type":"number", "format":"flag", "default":0, "partition-visibility":"shared", "not":"token-lifetime", "description":"Auth session never time out whatever value oauth servers' response", "optional":true }, "client-id":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify oauth client-id", "optional":true }, "client-secret":{ "type":"string", "format":"password", "minLength":1, "maxLength":127, "partition-visibility":"shared", "optional":true }, "encrypted":{ "type":"encrypted", "format":"encrypted", "partition-visibility":"shared", "description":"Do NOT use this option manually. (This is an A10 reserved keyword.) (The ENCRYPTED secret string)", "optional":true }, "type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'openid-connect': openid-connect; ", "enum":[ "openid-connect" ], "optional":true }, "grant-type":{ "type":"string", "format":"enum", "partition-visibility":"shared", "description":"'implicit': The authorization server will return access token directly.; 'authorization-code': The authorization server will respond with code which can be exchange for access token.; 'hybrid-code-id-token': The authorization server will respond with both code and id token.; 'hybrid-code-token': The authorization server will respond with both code and access token.; 'hybrid-all': The authorization server will respond with code, access token and id token; ", "enum":[ "implicit", "authorization-code", "hybrid-code-id-token", "hybrid-code-token", "hybrid-all" ], "optional":true }, "redirection-endpoint":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Oauth client redirection endpoint service URL.", "optional":true }, "session-init-ttl":{ "type":"number", "format":"number", "minimum":1, "maximum":60, "partition-visibility":"shared", "description":"TTL for Thunder to wait for first response from authorization server", "optional":true }, "scope":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Specify request scope parameters (e.g. profile email address phone)", "optional":true }, "uuid":{ "type":"string", "format":"string", "minLength":1, "maxLength":64, "partition-visibility":"shared", "modify-not-allowed":1, "description":"uuid of the object", "optional":true }, "user-tag":{ "type":"string", "format":"string-rlx", "minLength":1, "maxLength":127, "partition-visibility":"shared", "description":"Customized tag", "optional":true } }, "required":[ "name" ] } ] } } }