<title>QWC OIDC authentication service</title>

QWC OIDC authentication service

Type: object

JSON Schema

Type: stringFormat: uri Default: "https://github.com/qwc-services/qwc-oidc-auth/raw/main/schemas/qwc-oidc-auth.json"

Reference to JSON schema of this config

Service name

Type: const
Specific value: "oidc-auth"

Config options

Type: object

Type: stringFormat: uri

OpenID Connect Issuer URL

Type: string

Client ID

Type: string

Client secret

Type: string Default: "openid email profile"

Scopes

Type: string

Custom redirect URI after calling authorization endpoint

Type: string

Attribute for user name

Type: string

Attribute name of group memberships

Type: array of object

List of api token authorized to use tokenlogin endpoint

No Additional Items

Each item of this array must be:

Type: object

Type: string

Public keys URL to decode token

Type: object

Token validation parameters following authlib specs : https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation

Type: string

DB connection URL (to sync users and userinfofields). Can be set to an empty string if sync is not needed. Default: postgresql:///?service=qwc_configdb

Type: string

The name of the DB schema which stores the qwc config. Default: qwc_config

Type: array of string

List of user info fields to get from IdP and to include in JWT identity and DB (if db_url is set). Default: []

No Additional Items

Each item of this array must be: