Label

Required. The name for the API policy.

Generic OAuth2

GitHub OAuth 2.0 Policy

When this policy should be applied

An expression enabled field that determines the condition to be fulfilled for the API policy to execute.

For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST.

N/A

request.method == “POST”

Use OpenID Connect

Select to use an OpenID Connect (OIDC) vendor as the 3rd-party IdP.

Deselected

Selected

OpenID Discovery Document URL

Required. The OIDC discovery URL.

N/A

Login URL*

Required. The login URL for the client.

N/A

JWS Algorithm*

The algorithm used to generate the JSON Web Service token. You can find this in the Discovery Document URL to determine which algorithm is supported: id_token_signing_alg_values_supported

Select one of the following algorithm types:

• HS256

• HS384

• HS512

• RS256

• RS384

• RS512

RS256

Required Scopes

Required. The list of OAuth2 scopes required to get information about a user. See OAuth 2.0 Scopes for details.

Click to add scopes.

N/A

N/A

Scope

The name of the OAuth2 scope. 

N/A

user

token

session

Access Token URL

Required. The OAuth2 provider’s access token URL. The response from this token URL will be stored in $token and can be referenced in User Info URL below.

N/A

https://github.com/login/oauth/access_token

Client ID

Required. The ID of the application registered with the OAuth2 provider.

N/A

jdoe@beignet.com

Client Secret

Required. The client secret for the application registered with the OAuth2 provider.

N/A

chocolatE

Redirect URI

The URI of the Snaplex load-balancer appended with /api/1/rest/oauth2/callback

N/A

https://groundplex.example.com/api/1/rest/oauth2/callback

User Info URL #1-2

These sections describe the HTTP GET requests this API policy should make to get information about a user.

N/A

N/A

Trust all certificates

Trust all certificates for ( expired or self-assigned )certificates.

False/Not selected

N/A

Target Path

The location to store the result of the request in the working object as a JSON-Path.

N/A

$user

URL

The destination for the request.

N/A

https://idp.example.com/user

https://api.github.com/user

Query Parameters

The query parameters (name and value) to add into the URL.

N/A

N/A

Headers

The headers (name and value) to include in the request.

N/A

Authorization

Extract User Info

Required. Specifies how to extract information about the user from the working object.

N/A

N/A

User ID Expression

Required. An expression that returns a string to be used as the user ID.

N/A

$user.email

Roles Expression

Required. An expression that returns the list of roles this user is in.

N/A

$user.groups.map(group => group.name)

Session: Time-To-Live in Seconds

Required. The number of seconds for which the session is active. 

86400

90000

OAuth State: Time-To-Live in Seconds

Required. The number of seconds for which the Oauth state is active. 

300

1000

Status

Specifies whether the API policy is enabled or disabled. 

Enabled

Disabled