...
Parameter Name | Description | Default Value | Example | ||
---|---|---|---|---|---|
Label | Required. The name for the API policy. | Generic OAuth2 | GitHub OAuth 2.0 Policy | ||
When this policy should be applied | An expression enabled field that determines the condition to be fulfilled for the API policy to execute. For example, if the value in this field is request.method == "POST", the API policy is executed only if the request method is a POST. | N/A | request.method == “POST” | ||
Use OpenID Connect | Select to use an OpenID Connect (OIDC) vendor as the 3rd-party IdP. | Deselected | Selected | ||
OpenID Discovery Document URL | Required. The OIDC discovery URL. | N/A | |||
Login URL* | Required. The login URL for the client. | N/A | |||
JWS Algorithm* | The algorithm used to generate the JSON Web Service token. You can find this in the Discovery Document URL to determine which algorithm is supported: Select one of the following algorithm types:
| RS256 | |||
Required Scopes | Required. The list of OAuth2 scopes required to get information about a user. See OAuth 2.0 Scopes for details. Click to add scopes. | N/A | N/A | ||
Scope | The name of the OAuth2 scope. | N/A | user token session | ||
Access Token URL | Required. The OAuth2 provider’s access token URL. The response from this token URL will be stored in $token and can be referenced in User Info URL below. | N/A | |||
Client ID | Required. The ID of the application registered with the OAuth2 provider. | N/A | |||
Client Secret | Required. The client secret for the application registered with the OAuth2 provider. | N/A | chocolatE | ||
Redirect URI | The URI of the Snaplex load-balancer appended with | N/A | |||
User Info URL #1-2 | These sections describe the HTTP GET requests this API policy should make to get information about a user.
User Info URL #2 is optional. | N/A | N/A | ||
Trust all certificates | Option to
| False/Not selected | N/A | ||
Target Path | The location to store the result of the request in the working object as a JSON-Path.
| N/A | $user | ||
URL | The destination for the request. | N/A | |||
Query Parameters | The query parameters (name and value) to add into the URL. | N/A | N/A | ||
Headers | The headers (name and value) to include in the request. | N/A | Authorization | ||
Extract User Info | Required. Specifies how to extract information about the user from the working object. | N/A | N/A | ||
User ID Expression | Required. An expression that returns a string to be used as the user ID. | N/A | $user.email | ||
Roles Expression | Required. An expression that returns the list of roles this user is in. | N/A | $user.groups.map(group => group.name) | ||
Session: Time-To-Live in Seconds | Required. The number of seconds for which the session is active. | 86400 | 90000 | ||
OAuth State: Time-To-Live in Seconds | Required. The number of seconds for which the Oauth state is active. | 300 | 1000 | ||
Status | Specifies whether the API policy is enabled or disabled. | Enabled | Disabled |
...