OAuth2 object
Revision as of 12:30, 19 June 2020 by Alexei.baranov (talk | contribs)
TODO
Contents
Builtin and external implementation
Some OAuth2 settings allow the use of a built-in (embedded) or external implementation.
- i2Rest Server Free edition allows to use built-in implementation only. This implementation uses a specific parameter structure and configuration principles. You can define the list of scopes, users or clients, set some parameters for code generation rules etc. All these parameters must be configured in the configuration file, and they will be unchanged from the moment the server starts. To change the settings, you must change the configuration file and restart the server. A detailed description of all parameters in embedded implementation is given below.
- With i2Rest Server Premium edition, you can develop your own custom implementation of functions for working with codes, scopes, users and clients. You can use any storage for this data, any algorithms, for example, to checking passwords, to querying permissions, to define valid scopes etc.
Code generation rules
The following parameters control the rules for generating various kinds of codes. i2Rest Server generates the following codes:
- tokens
- refresh_tokens
- codes
- device_codes
To set the generation rule for some code, you must define it in the OAuth2 object:
"<code_name>":{<definition object>}
The structure of definition object
Scopes
Users
Clients
Endpoints
- auth_endpoint
- access_endpoint
- decision_endpoint
- device_endpoint
- user_device_endpoint
- bridge_endpoint
Web pages
- login_page
- decision_page
- bad_auth_page
- enter_code_page
- device_connected_page
- bridge_enter_code_page
- bridge_completed_page
Miscellaneous parameters
- device_request_interval
- token_expires_in
- refresh_token_expires_in
- revoke_token_on_change_resource_owner_credentials
- revoke_token_on_scope_violation
- PKCE_mandatory
