<title>QWC OIDC authentication service</title>

QWC OIDC authentication service

Type: object

root $schema

JSON Schema

Type: stringFormat: uri Default: "https://github.com/qwc-services/qwc-oidc-auth/raw/main/schemas/qwc-oidc-auth.json"

Reference to JSON schema of this config

root service

Service name

Type: const
Specific value: "oidc-auth"

root config

Config options

Type: object

root config issuer_url

Type: stringFormat: uri

OpenID Connect Issuer URL

root config client_id

Type: string

Client ID

root config client_secret

Type: string

Client secret

root config openid_scopes

Type: string Default: "openid email profile"

Scopes

root config redirect_uri

Type: string

Custom redirect URI after calling authorization endpoint

root config username

Type: string

Attribute for user name

root config groupinfo

Type: string

Attribute name of group memberships

root config authorized_api_token

Type: array of object

List of api token authorized to use tokenlogin endpoint

No Additional Items

Each item of this array must be:

root config authorized_api_token authorized_api_token items

Type: object

root config authorized_api_token authorized_api_token items keys_url

Type: string

Public keys URL to decode token

root config authorized_api_token authorized_api_token items claims_options

Type: object

Token validation parameters following authlib specs : https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation

QWC OIDC authentication service

$schema

JSON Schema

service Required

Service name

config Required

Config options

issuer_url Required

client_id Required

client_secret Required

openid_scopes

redirect_uri

username

groupinfo

authorized_api_token

Each item of this array must be:

keys_url

claims_options