latest--oidc_apigw-plugin-schema

shared
Type object
Schema URL https://catalog.lintel.tools/schemas/schemastore/dwp-exchange-gateway/_shared/latest--oidc_apigw-plugin-schema.json
Parent schema dwp-exchange-gateway
Type: object

Properties

identity_provider string required

The identity provider the plugin will interact with to carry our the OpenId Connect auth code flow

Values: "cognito-non-prod" "cognito-staging" "cognito-prod" "azure-ad" "kbv-tactical-dev" "kbv-tactical-test" "kbv-tactical-nft" "kbv-tactical-stage" "kbv-tactical-prod"
use_internet boolean

Determines whether the JWKS endpoints for your IDP will be internet facing

Default: true
https_proxy string

The URL of the HTTPS proxy to use for outgoing requests

Examples: "https://proxy.example.com:3128"
format=uripattern=^(http|https)://[^ "]+$
scopes_required string[]

The scopes required to be present in the access token (or introspection results) for successful authorization.

audience_required string[]

The audience required to be present in the access token (or introspection results) for successful authorization.

client_id string

Reference to the client id env var in the gateway, refer to gateway module for details

minLength=2pattern=^\{vault://env/[\w|-]+/?[\w|-]+\}$
cache_ttl integer

Time is expressed in milliseconds

Default: 3600
min=1000
cache_introspection boolean
Default: false
introspection_endpoint string

The introspection endpoint. If set it overrides the value in introspection_endpoint returned by the discovery endpoint

format=uripattern=^(http|https)://[^ "]+$
forbidden_redirect_uri string

Where to redirect the client on forbidden requests

format=uripattern=^(http|https)://[^ "]+$
groups_required string[]

The groups required to be present in the access token (or introspection results) for successful authorization.

auth_methods string[]

Types of credentials/grants to enable

upstream_introspection_header string

The header to use for the introspection request to the upstream server

display_errors boolean
Default: false
ssl_verify boolean
Default: true
timeout integer

Time is expressed in milliseconds

Default: 10000
min=1000
client_secret string

Reference to the client secret env var in the gateway, refer to gateway module for details

minLength=3pattern=^\{vault://env/[\w|-]+/?[\w|-]+\}$