Manager options for JWT access tokens (#2419)
This commit is contained in:
parent
5303b4fc3e
commit
39a419c1b1
|
@ -30,7 +30,7 @@ use constant DEFAULTCONFBACKENDOPTIONS => (
|
|||
dirName => '/usr/local/lemonldap-ng/data/conf',
|
||||
);
|
||||
our $hashParameters = qr/^(?:(?:l(?:o(?:ca(?:lSessionStorageOption|tionRule)|goutService)|dapExportedVar|wp(?:Ssl)?Opt)|(?:(?:d(?:emo|bi)|webID)ExportedVa|exported(?:Heade|Va)|issuerDBGetParamete)r|f(?:indUser(?:Exclud|Search)ingAttribute|acebookExportedVar)|re(?:moteGlobalStorageOption|st2f(?:Verify|Init)Arg|loadUrl)|g(?:r(?:antSessionRule|oup)|lobalStorageOption)|n(?:otificationStorageOption|ginxCustomHandler)|macro)s|o(?:idc(?:S(?:ervice(?:DynamicRegistrationEx(?:portedVar|traClaim)s|MetaDataAuthnContext)|torageOptions)|RPMetaData(?:(?:Option(?:sExtraClaim)?|ExportedVar|Macro)s|Node)|OPMetaData(?:(?:ExportedVar|Option)s|J(?:SON|WKS)|Node))|penIdExportedVars)|c(?:as(?:A(?:ppMetaData(?:(?:ExportedVar|Option|Macro)s|Node)|ttributes)|S(?:rvMetaData(?:(?:ExportedVar|Option)s|Node)|torageOptions))|(?:ustom(?:Plugins|Add)Param|heckUserHiddenHeader|ombModule)s)|s(?:aml(?:S(?:PMetaData(?:(?:ExportedAttribute|Option|Macro)s|Node|XML)|torageOptions)|IDPMetaData(?:(?:ExportedAttribute|Option)s|Node|XML))|essionDataToRemember|laveExportedVars|fExtra)|a(?:(?:daptativeAuthenticationLevelR|ut(?:hChoiceMod|oSigninR))ules|pplicationList)|p(?:ersistentStorageOptions|o(?:rtalSkinRules|st))|v(?:hostOptions|irtualHost)|S(?:MTPTLSOpts|SLVarIf))$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:Allow(?:(?:ClientCredentials|Password)Grant|Offline)|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
|
||||
our $boolKeys = qr/^(?:s(?:aml(?:IDP(?:MetaDataOptions(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|IsPassiv)e|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Force(?:Authn|UTF8)|StoreSAMLToken|RelayStateURL)|SSODescriptorWantAuthnRequestsSigned)|S(?:P(?:MetaDataOptions(?:(?:CheckS[LS]OMessageSignatur|OneTimeUs)e|EnableIDPInitiatedURL|ForceUTF8)|SSODescriptor(?:WantAssertion|AuthnRequest)sSigned)|erviceUseCertificateInResponse)|DiscoveryProtocol(?:Activation|IsPassive)|CommonDomainCookieActivation|UseQueryStringSpecific|MetadataForceUTF8)|f(?:RemovedUseNotif|OnlyUpgrade)|kip(?:Upgrade|Renew)Confirmation|oap(?:Session|Config)Server|t(?:ayConnecte|orePasswor)d|laveDisplayLogo|howLanguages|slByAjax)|o(?:idc(?:RPMetaDataOptions(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Claims|JWT))|Re(?:freshToken|quirePKCE)|LogoutSessionRequired|IDTokenForceClaims|BypassConsent|Public)|ServiceAllow(?:(?:AuthorizationCode|Implicit|Hybrid)Flow|DynamicRegistration)|OPMetaDataOptions(?:(?:CheckJWTSignatur|UseNonc)e|StoreIDToken))|ldNotifFormat)|p(?:ortal(?:Display(?:Re(?:freshMyRights|setPassword|gister)|CertificateResetByMail|GeneratePassword|PasswordPolicy)|ErrorOn(?:ExpiredSession|MailNotFound)|(?:CheckLogin|Statu)s|OpenLinkInNewWindow|ForceAuthn|AntiFrame)|roxyUseSoap)|l(?:dap(?:(?:G(?:roup(?:DecodeSearchedValu|Recursiv)|etUserBeforePasswordChang)|UsePasswordResetAttribut)e|(?:AllowResetExpired|Set)Password|ChangePasswordAsUser|PpolicyControl|ITDS)|oginHistoryEnabled)|c(?:o(?:ntextSwitching(?:Allowed2fModifications|StopWithLogout)|mpactConf|rsEnabled)|a(?:ptcha_(?:register|login|mail)_enabled|sSrvMetaDataOptions(?:Gateway|Renew))|heck(?:State|User|XSS)|da)|no(?:tif(?:ication(?:Server(?:(?:POS|GE)T|DELETE)?|sExplorer)?|y(?:Deleted|Other))|AjaxHook)|i(?:ssuerDB(?:OpenID(?:Connect)?|SAML|CAS|Get)Activation|mpersonationSkipEmptyValues)|to(?:tp2f(?:UserCan(?:Chang|Remov)eKey|DisplayExistingSecret)|kenUseGlobalStorage)|u(?:se(?:RedirectOn(?:Forbidden|Error)|SafeJail)|2fUserCanRemoveKey|pgradeSession)|re(?:st(?:(?:Password|Session|Config|Auth)Server|ExportSecretKeys)|freshSessions)|br(?:uteForceProtection(?:IncrementalTempo)?|owsersDontStorePassword)|d(?:is(?:ablePersistentStorage|playSessionId)|biDynamicHashEnabled)|(?:mai(?:lOnPasswordChang|ntenanc)|vhostMaintenanc)e|g(?:roupsBeforeMacros|lobalLogoutTimer)|a(?:voidAssignment|ctiveTimer)|h(?:ideOldPassword|ttpOnly)|yubikey2fUserCanRemoveKey|krb(?:RemoveDomain|ByJs)|(?:wsdlServ|findUs)er)$/;
|
||||
|
||||
our @sessionTypes = ( 'remoteGlobal', 'global', 'localSession', 'persistent', 'saml', 'oidc', 'cas' );
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaData
|
|||
our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|Servic|Rul)e|AuthnLevel)|(?:ExportedVar|Macro)s)';
|
||||
our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:ProxiedServices|DisplayName|SortNumber|Gateway|Renew|Icon|Url)|ExportedVars)';
|
||||
our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:lient(?:Secret|ID)|heckJWTSignature|onfigurationURI)|S(?:toreIDToken|ortNumber|cope)|TokenEndpointAuthMethod|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|U(?:iLocales|seNonce)|Display(?:Name)?|AcrValues|MaxAge)|ExportedVars|J(?:SON|WKS))';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|uth(?:orizationCodeExpiration|nLevel)|ccessTokenExpiration|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:llow(?:(?:ClientCredentials|Password)Grant|Offline)|ccessToken(?:Expiration|SignAlg|Claims|JWT)|uth(?:orizationCodeExpiration|nLevel)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|con)|R(?:e(?:directUris|freshToken|quirePKCE)|ule)|Logout(?:SessionRequired|Type|Url)|P(?:ostLogoutRedirectUris|ublic)|OfflineSessionExpiration|Client(?:Secret|ID)|BypassConsent|DisplayName|ExtraClaims|UserIDAttr)|(?:ExportedVar|ScopeRule|Macro)s)';
|
||||
our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:(?:Check(?:S[LS]OMessageSignatur|Audienc|Tim)|EncryptionMod|UserAttribut|DisplayNam)e|S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|A(?:llow(?:LoginFromIDP|ProxiedAuthn)|daptSessionUtime)|Re(?:questedAuthnContext|solutionRule|layStateURL)|Force(?:Authn|UTF8)|I(?:sPassive|con)|NameIDFormat)|ExportedAttributes|XML)';
|
||||
our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|(?:CheckS[LS]OMessageSignatur|OneTimeUs|Rul)e|En(?:ableIDPInitiatedURL|cryptionMode)|AuthnLevel|ForceUTF8)|(?:ExportedAttribute|Macro)s|XML)';
|
||||
our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|ServiceTokenTTL|Https|Port)|(?:exportedHeader|locationRule)s|post)';
|
||||
|
|
|
@ -2253,9 +2253,34 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'oidcRPMetaDataOptions' => {
|
||||
'type' => 'subContainer'
|
||||
},
|
||||
'oidcRPMetaDataOptionsAccessTokenClaims' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcRPMetaDataOptionsAccessTokenExpiration' => {
|
||||
'type' => 'int'
|
||||
},
|
||||
'oidcRPMetaDataOptionsAccessTokenJWT' => {
|
||||
'default' => 0,
|
||||
'type' => 'bool'
|
||||
},
|
||||
'oidcRPMetaDataOptionsAccessTokenSignAlg' => {
|
||||
'default' => 'RS256',
|
||||
'select' => [ {
|
||||
'k' => 'RS256',
|
||||
'v' => 'RS256'
|
||||
},
|
||||
{
|
||||
'k' => 'RS384',
|
||||
'v' => 'RS384'
|
||||
},
|
||||
{
|
||||
'k' => 'RS512',
|
||||
'v' => 'RS512'
|
||||
}
|
||||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'oidcRPMetaDataOptionsAdditionalAudiences' => {
|
||||
'type' => 'text'
|
||||
},
|
||||
|
|
|
@ -29,7 +29,8 @@ sub perlExpr {
|
|||
split( /\n/, $@ ) );
|
||||
return ( -1, "__badExpression__: $err" )
|
||||
if ( $err && $conf->{useSafeJail} );
|
||||
return ( $val =~ qr/(?<=[^=<!>\|\?])=(?![>=~])/ && $conf->{avoidAssignment} )
|
||||
return ( $val =~ qr/(?<=[^=<!>\|\?])=(?![>=~])/
|
||||
&& $conf->{avoidAssignment} )
|
||||
? ( 1, "__badExpressionAssignment__" )
|
||||
: 1;
|
||||
}
|
||||
|
@ -4197,6 +4198,18 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
oidcRPMetaDataOptionsIDTokenExpiration => { type => 'int' },
|
||||
oidcRPMetaDataOptionsIDTokenForceClaims =>
|
||||
{ type => 'bool', default => 0 },
|
||||
oidcRPMetaDataOptionsAccessTokenSignAlg => {
|
||||
type => 'select',
|
||||
select => [
|
||||
{ k => 'RS256', v => 'RS256' },
|
||||
{ k => 'RS384', v => 'RS384' },
|
||||
{ k => 'RS512', v => 'RS512' },
|
||||
],
|
||||
default => 'RS256',
|
||||
},
|
||||
oidcRPMetaDataOptionsAccessTokenJWT => { type => 'bool', default => 0 },
|
||||
oidcRPMetaDataOptionsAccessTokenClaims =>
|
||||
{ type => 'bool', default => 0 },
|
||||
oidcRPMetaDataOptionsAdditionalAudiences => { type => 'text' },
|
||||
oidcRPMetaDataOptionsAccessTokenExpiration => { type => 'int' },
|
||||
oidcRPMetaDataOptionsAuthorizationCodeExpiration => { type => 'int' },
|
||||
|
|
|
@ -212,6 +212,8 @@ sub cTrees {
|
|||
'oidcRPMetaDataOptionsBypassConsent',
|
||||
'oidcRPMetaDataOptionsUserIDAttr',
|
||||
'oidcRPMetaDataOptionsIDTokenForceClaims',
|
||||
'oidcRPMetaDataOptionsAccessTokenJWT',
|
||||
'oidcRPMetaDataOptionsAccessTokenClaims',
|
||||
'oidcRPMetaDataOptionsAdditionalAudiences',
|
||||
'oidcRPMetaDataOptionsRefreshToken',
|
||||
]
|
||||
|
@ -221,6 +223,7 @@ sub cTrees {
|
|||
form => 'simpleInputContainer',
|
||||
nodes => [
|
||||
'oidcRPMetaDataOptionsIDTokenSignAlg',
|
||||
'oidcRPMetaDataOptionsAccessTokenSignAlg',
|
||||
'oidcRPMetaDataOptionsRequirePKCE',
|
||||
'oidcRPMetaDataOptionsAllowOffline',
|
||||
'oidcRPMetaDataOptionsAllowPasswordGrant',
|
||||
|
|
|
@ -476,6 +476,20 @@ function templates(tpl,key) {
|
|||
"title" : "oidcRPMetaDataOptionsIDTokenForceClaims",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenJWT",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenJWT",
|
||||
"title" : "oidcRPMetaDataOptionsAccessTokenJWT",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenClaims",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenClaims",
|
||||
"title" : "oidcRPMetaDataOptionsAccessTokenClaims",
|
||||
"type" : "bool"
|
||||
},
|
||||
{
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAdditionalAudiences",
|
||||
|
@ -532,6 +546,27 @@ function templates(tpl,key) {
|
|||
"title" : "oidcRPMetaDataOptionsIDTokenSignAlg",
|
||||
"type" : "select"
|
||||
},
|
||||
{
|
||||
"default" : "RS256",
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenSignAlg",
|
||||
"id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsAccessTokenSignAlg",
|
||||
"select" : [
|
||||
{
|
||||
"k" : "RS256",
|
||||
"v" : "RS256"
|
||||
},
|
||||
{
|
||||
"k" : "RS384",
|
||||
"v" : "RS384"
|
||||
},
|
||||
{
|
||||
"k" : "RS512",
|
||||
"v" : "RS512"
|
||||
}
|
||||
],
|
||||
"title" : "oidcRPMetaDataOptionsAccessTokenSignAlg",
|
||||
"type" : "select"
|
||||
},
|
||||
{
|
||||
"default" : 0,
|
||||
"get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsRequirePKCE",
|
||||
|
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"الأطراف المعتمد لي أوبين أيدي كونيكت",
|
||||
"oidcRPMetaDataOptions":"الخيارات",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"انتهاء صلاحية التوكن",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Options",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Token expiration",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Options",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Token expiration",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Opciones",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Caducidad del token de acceso",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Caducidad del código de autorización",
|
||||
|
|
|
@ -643,6 +643,9 @@
|
|||
"oidcRPMetaDataNode":"Clients OpenID Connect",
|
||||
"oidcRPMetaDataOptions":"Options",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Expiration des jetons d'accès",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Format JWT pour les jetons d'accès",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Publier les attributs dans l'Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Algorithme de signature des Access Token",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Aurotiser le Client Credentials Grant OAuth2.0",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Autoriser le Password Grant OAuth2.0",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Expiration des codes d'autorisation",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"Parti basate su OpenID Connect",
|
||||
"oidcRPMetaDataOptions":"Opzioni",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Scadenza accesso token",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"Strony zależne od OpenID Connect",
|
||||
"oidcRPMetaDataOptions":"Opcje",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Wygaśnięcie tokena dostępu",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Zezwól na przyznanie hasła OAuth2.0",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Wygaśnięcie kodu autoryzacji",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Seçenekler",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Erişim jetonu sona erme",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"OAuth2.0 Password Grant İzin Ver",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Yetkilendirme Kodu sona erme",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Tùy chọn",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Hết hạn truy cập Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID Connect Relying Parties",
|
||||
"oidcRPMetaDataOptions":"Options",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"Access Token expiration",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"Allow OAuth2.0 Password Grant",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"Authorization Code expiration",
|
||||
|
|
|
@ -642,6 +642,9 @@
|
|||
"oidcRPMetaDataNode":"OpenID 連線提供方",
|
||||
"oidcRPMetaDataOptions":"選項",
|
||||
"oidcRPMetaDataOptionsAccessTokenExpiration":"存取權杖到期",
|
||||
"oidcRPMetaDataOptionsAccessTokenJWT":"Use JWT format for Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenClaims":"Release claims in Access Token",
|
||||
"oidcRPMetaDataOptionsAccessTokenSignAlg":"Access Token signature algorithm",
|
||||
"oidcRPMetaDataOptionsAllowClientCredentialsGrant":"Allow OAuth2.0 Client Credentials Grant",
|
||||
"oidcRPMetaDataOptionsAllowPasswordGrant":"允許 OAuth2.0 密碼授權",
|
||||
"oidcRPMetaDataOptionsAuthorizationCodeExpiration":"授權碼到期",
|
||||
|
|
Loading…
Reference in New Issue
Block a user