Re-order OIDC dynamic registration options & Update doc + typos

2022-02-18 22:08:56 +01:00 · 2022-02-18 22:08:56 +01:00 · 9e0d28d659
parent 01eb5eafa0
commit 9e0d28d659
16 changed files with 103 additions and 89 deletions
--- a/doc/sources/admin/openidconnectservice.rst
+++ b/doc/sources/admin/openidconnectservice.rst
@ -13,14 +13,14 @@ Set the issuer identifier, which should be the portal URL.

 For example: http://auth.example.com

-End points
+Endpoints
 ~~~~~~~~~~

 Name of different OpenID Connect endpoints. You can keep the default
 values unless you have a specific need to change them.

 -  **Authorization**
-  **Token**
+-  **Tokens**
 -  **User Info**
 -  **JWKS**
 -  **Registration**
@ -42,11 +42,9 @@ Security

 -  **Keys**: Define public/private key pair for asymmetric signature. A JWKS
   ``kid`` (Key ID) is automatically derived when new keys are generated.
-  **Dynamic Registration**: Set to 1 to allow clients to register
-   themselves. This may be a security risk as this will create a new
-   configuration in the backend per registration request. You can limit
-   this by protecting in the WebServer the registration endpoint with
-   an authentication module, and give the credentials to clients.
+-  **Authorization Code flow**: Set to 1 to allow Authorization Code flow
+-  **Implicit flow**: Set to 1 to allow Implicit flow
+-  **Hybrid flow**: Set to 1 to allow Hybrid flow
 -  **Only allow declared scopes**: By default, LL::NG will grant all requested scopes.
   When this option is enabled, LL::NG will only grant:

@ -54,43 +52,43 @@ Security
   - Scopes declared in :ref:`Scope values content <oidcextraclaims>`
   - Scopes declared in :ref:`Scope Rules <oidcscoperules>` (if they match the rule)

-  **Authorization Code flow**: Set to 1 to allow Authorization Code flow
-  **Implicit flow**: Set to 1 to allow Implicit flow
-  **Hybrid flow**: Set to 1 to allow Hybrid flow
+Timeouts
+~~~~~~~~

-
-Timeout
-~~~~~~~
-
-  **Authorization Code expiration**: Expiration time of
-   authorization code. The default value is one minute.
-  **ID Token expiration**: Expiration time of ID Tokens. The default
-   value is one hour.
-  **Access Token expiration**: Expiration time of Access Tokens.
-   The default value is one hour.
-  **Offline session expiration**: This sets the lifetime of the
-   refresh token obtained with the ``offline_access`` scope. The
-   default value is one month.
+-  **Authorization Codes**: Expiration time of
+   authorization code. Default value is one minute.
+-  **ID Tokens**: Expiration time of ID Tokens.
+   Default value is one hour.
+-  **Access Tokens**: Expiration time of Access Tokens.
+   Default value is one hour.
+-  **Offline sessions**: This option sets Refresh Tokens lifetime
+   retrieved with ``offline_access`` scope. Default value is one month.


 Sessions
 ~~~~~~~~

 Best pratice is to use a separate sessions storage for OpenID Connect
-sessions, else they will stored in the main sessions storage.
+sessions, else they will be stored in main sessions storage.

 Dynamic Registration
 ~~~~~~~~~~~~~~~~~~~~

+-  **Dynamic Registration**: Set to 1 to allow clients to register
+   themselves. This may be a security risk as this will create a new
+   configuration in the backend per registration request. You can restrict
+   this by protecting the WebServer registration endpoint with
+   an authentication module, and give the credentials to clients.
+
 If dynamic registration is enabled, you can configure the following
-options to define attributes and extra claims when a new relying party
-is registered through the ``/oauth2/register`` endpoint:
+options to define attributes and extra claims released when a new relying
+party is registered through ``/oauth2/register`` endpoint:

-  Exported vars for dynamic registration
-  Extra claims for dynamic registration
+-  **Exported vars**
+-  **Extra claims**

-Key rotation script
-------------------
+Keys rotation script
+--------------------

 OpenID Connect specifications allow to rotate keys to improve security.
 LL::NG provides a script to do this, that should be used in a cronjob.
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm
@ -69,6 +69,6 @@ our $issuerParameters = {
  issuerOptions => [qw(issuersTimeout)],
 };
 our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapTLSClient samlAuthnContextMapKerberos samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlStorage samlStorageOptions samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive)];
-our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowDynamicRegistration oidcServiceAllowOnlyDeclaredScopes oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims)];
+our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataAuthnContext oidcServiceAllowDynamicRegistration oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceAllowOnlyDeclaredScopes oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcStorage oidcStorageOptions)];

 1;
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm
@ -72,7 +72,7 @@ sub tree {
                                },
                                {
                                    title => 'passwordManagement',
-                                    help  =>
+                                    help =>
                                      'portalcustom.html#password-management',
                                    form  => 'simpleInputContainer',
                                    nodes => [
@ -99,7 +99,7 @@ sub tree {
                                },
                                {
                                    title => 'portalOther',
-                                    help  =>
+                                    help =>
                                      'portalcustom.html#other-parameters',
                                    form  => 'simpleInputContainer',
                                    nodes => [
@ -129,7 +129,7 @@ sub tree {
                },
                {
                    title => 'authParams',
-                    help  =>
+                    help =>
                      'start.html#authentication-users-and-password-databases',
                    form  => 'authParams',
                    nodes => [
@ -650,7 +650,7 @@ sub tree {
                                },
                                {
                                    title => 'soapServices',
-                                    help  =>
+                                    help =>
                                      'portalservers.html#SOAP_(deprecated)',
                                    form  => 'simpleInputContainer',
                                    nodes => [
@ -684,7 +684,7 @@ sub tree {
                                'notificationStorageOptions',
                                {
                                    title => 'serverNotification',
-                                    help  =>
+                                    help =>
                                      'notifications.html#notification-server',
                                    nodes => [
                                        'notificationServer',
@ -1369,6 +1369,14 @@ sub tree {
                    ]
                },
                'oidcServiceMetaDataAuthnContext',
+                {
+                    title => "oidcServiceDynamicRegistration",
+                    nodes => [
+                        'oidcServiceAllowDynamicRegistration',
+                        'oidcServiceDynamicRegistrationExportedVars',
+                        'oidcServiceDynamicRegistrationExtraClaims',
+                    ],
+                },
                {
                    title => 'oidcServiceMetaDataSecurity',
                    nodes => [ {
@ -1380,11 +1388,10 @@ sub tree {
                                'oidcServiceKeyIdSig',
                            ],
                        },
-                        'oidcServiceAllowDynamicRegistration',
-                        'oidcServiceAllowOnlyDeclaredScopes',
                        'oidcServiceAllowAuthorizationCodeFlow',
                        'oidcServiceAllowImplicitFlow',
                        'oidcServiceAllowHybridFlow',
+                        'oidcServiceAllowOnlyDeclaredScopes',
                    ],
                },
                {
@ -1398,10 +1405,8 @@ sub tree {
                },
                {
                    title => "oidcServiceMetaDataSessions",
-                    nodes => [ 'oidcStorage', 'oidcStorageOptions', ],
+                    nodes => [ 'oidcStorage', 'oidcStorageOptions' ],
                },
-                'oidcServiceDynamicRegistrationExportedVars',
-                'oidcServiceDynamicRegistrationExtraClaims',
            ]
        },
        'oidcOPMetaDataNodes',
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"حالة مهلة الجلسة",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"ترخيص كود التدفق",
-"oidcServiceAllowDynamicRegistration":"التسجيل الديناميكي",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"تدفق هجين",
 "oidcServiceAllowImplicitFlow":"التدفق الضمني",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"توقيع على هوية المفتاح ",
 "oidcServiceMetaData":"خدمة أوبين أيدي كونيكت",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"State session timeout",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Authorization Code Flow",
-"oidcServiceAllowDynamicRegistration":"Dynamic Registration",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Hybrid Flow",
 "oidcServiceAllowImplicitFlow":"Implicit Flow",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"Signing key ID",
 "oidcServiceMetaData":"OpenID Connect Service",
@ -722,7 +723,7 @@
 "oidcServiceMetaDataAuthorizeURI":"Authorization",
 "oidcServiceMetaDataBackChannelURI":"Back-Channel URI",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",
-"oidcServiceMetaDataEndPoints":"End points",
+"oidcServiceMetaDataEndPoints":"Endpoints",
 "oidcServiceMetaDataEndSessionURI":"End of session",
 "oidcServiceMetaDataFrontChannelURI":"Front-Channel URI",
 "oidcServiceMetaDataIntrospectionURI":"Introspection",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Security",
 "oidcServiceMetaDataSessions":"Sessions",
 "oidcServiceMetaDataTimeouts":"Timeouts",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"User Info",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Signing private key",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"State session timeout",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Authorization Code Flow",
-"oidcServiceAllowDynamicRegistration":"Dynamic Registration",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Hybrid Flow",
 "oidcServiceAllowImplicitFlow":"Implicit Flow",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"Signing key ID",
 "oidcServiceMetaData":"OpenID Connect Service",
@ -722,7 +723,7 @@
 "oidcServiceMetaDataAuthorizeURI":"Authorization",
 "oidcServiceMetaDataBackChannelURI":"Back-Channel URI",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",
-"oidcServiceMetaDataEndPoints":"End points",
+"oidcServiceMetaDataEndPoints":"Endpoints",
 "oidcServiceMetaDataEndSessionURI":"End of session",
 "oidcServiceMetaDataFrontChannelURI":"Front-Channel URI",
 "oidcServiceMetaDataIntrospectionURI":"Introspection",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Security",
 "oidcServiceMetaDataSessions":"Sessions",
 "oidcServiceMetaDataTimeouts":"Timeouts",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"User Info",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Signing private key",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Caducidad de estado de sesión",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Authorization Code Flow",
-"oidcServiceAllowDynamicRegistration":"Registro dinámico",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Flujo híbrido",
 "oidcServiceAllowImplicitFlow":"Flujo implícito",
 "oidcServiceAllowOffline":"Permitir acceso offline",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Variables exportadas para registro dinámico",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Variables exportadas",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"ID de la clave firmante",
 "oidcServiceMetaData":"OpenID Connect Service",
@ -722,7 +723,7 @@
 "oidcServiceMetaDataAuthorizeURI":"Autorización",
 "oidcServiceMetaDataBackChannelURI":"URI de Back-Channel",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",
-"oidcServiceMetaDataEndPoints":"End points",
+"oidcServiceMetaDataEndPoints":"Endpoints",
 "oidcServiceMetaDataEndSessionURI":"Fin de sesión",
 "oidcServiceMetaDataFrontChannelURI":"URI de Front-Channel",
 "oidcServiceMetaDataIntrospectionURI":"Instrospección",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Seguridad",
 "oidcServiceMetaDataSessions":"Sesiones",
 "oidcServiceMetaDataTimeouts":"Timeouts",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"Información del usuario",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Clave privada firmante",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Durée d'une session state",
 "oidcServiceAccessTokenExpiration":"Jetons d'accès",
 "oidcServiceAllowAuthorizationCodeFlow":"Authorization Code Flow",
-"oidcServiceAllowDynamicRegistration":"Enregistrement dynamique",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Hybrid Flow",
 "oidcServiceAllowImplicitFlow":"Implicit Flow",
 "oidcServiceAllowOffline":"Autoriser l'accès hors ligne",
 "oidcServiceAllowOnlyDeclaredScopes":"N'autoriser que les scopes déclarés",
 "oidcServiceAuthorizationCodeExpiration":"Codes d'autorisation",
-"oidcServiceDynamicRegistrationExportedVars":"Variables exportées pour l'enregistrement dynamique",
-"oidcServiceDynamicRegistrationExtraClaims":"Claims supplémentaires pour l'enregistrement dynamique",
+"oidcServiceDynamicRegistration":"Enregistrement dynamique",
+"oidcServiceDynamicRegistrationExportedVars":"Variables exportées",
+"oidcServiceDynamicRegistrationExtraClaims":"Claims supplémentaires",
 "oidcServiceIDTokenExpiration":"Jetons d'identité",
 "oidcServiceKeyIdSig":"Identifiant de clef de signature",
 "oidcServiceMetaData":"Service OpenID Connect",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Sécurité",
 "oidcServiceMetaDataSessions":"Sessions",
 "oidcServiceMetaDataTimeouts":"Expiration",
-"oidcServiceMetaDataTokenURI":"Jeton",
+"oidcServiceMetaDataTokenURI":"Jetons",
 "oidcServiceMetaDataUserInfoURI":"Informations Utilisateur",
 "oidcServiceOfflineSessionExpiration":"Sessions hors-ligne",
 "oidcServicePrivateKeySig":"Clef privée de signature",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Durata della sessione stato",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Flusso del codice di autorizzazione",
-"oidcServiceAllowDynamicRegistration":"Registrazione dinamica",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Flusso ibrido",
 "oidcServiceAllowImplicitFlow":"Flusso implicito",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"ID del codice di accesso",
 "oidcServiceMetaData":"Servizio di OpenID Connect",
@ -722,7 +723,7 @@
 "oidcServiceMetaDataAuthorizeURI":"Autorizzazione",
 "oidcServiceMetaDataBackChannelURI":"URI Back-Channel",
 "oidcServiceMetaDataCheckSessionURI":"Controlla sessione",
-"oidcServiceMetaDataEndPoints":"Endpoint",
+"oidcServiceMetaDataEndPoints":"Endpoints",
 "oidcServiceMetaDataEndSessionURI":"Fine sessione",
 "oidcServiceMetaDataFrontChannelURI":"URI Front-Channel ",
 "oidcServiceMetaDataIntrospectionURI":"Introspection",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Sicurezza",
 "oidcServiceMetaDataSessions":"Sessioni",
 "oidcServiceMetaDataTimeouts":"Timeouts",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"Informazioni utente",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Firma della chiave privata",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Limit czasu sesji stanowej",
 "oidcServiceAccessTokenExpiration":"Token dostępowy",
 "oidcServiceAllowAuthorizationCodeFlow":"Przepływ kodu autoryzacji",
-"oidcServiceAllowDynamicRegistration":"Rejestracja dynamiczna",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Przepływ hybrydowy",
 "oidcServiceAllowImplicitFlow":"Implikowany przepływ",
 "oidcServiceAllowOffline":"Zezwalaj na dostęp offline",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Zmienne wyeksportowane do dynamicznej rejestracji",
-"oidcServiceDynamicRegistrationExtraClaims":"Dodatkowe roszczenia dotyczące rejestracji dynamicznej",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"Token identyfikacyjny",
 "oidcServiceKeyIdSig":"Identyfikator klucza podpisu",
 "oidcServiceMetaData":"Usługa OpenID Connect",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Bezpieczeństwo",
 "oidcServiceMetaDataSessions":"Sesje",
 "oidcServiceMetaDataTimeouts":"Limit czasu",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"Informacja o użytkowniku",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Klucz prywatny podpisu",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Oturum zaman aşımını belirle",
 "oidcServiceAccessTokenExpiration":"Erişim Jetonu",
 "oidcServiceAllowAuthorizationCodeFlow":"Yetkilendirme Kodu Akışı",
-"oidcServiceAllowDynamicRegistration":"Dinamik Kayıtlanma",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Hibrit Akış",
 "oidcServiceAllowImplicitFlow":"Kapalı Akış",
 "oidcServiceAllowOffline":"Çevrimdışı erişime izin ver",
 "oidcServiceAllowOnlyDeclaredScopes":"Sadece belirli kapsamlara izin ver",
 "oidcServiceAuthorizationCodeExpiration":"Yetkilendirme Kodu",
-"oidcServiceDynamicRegistrationExportedVars":"Dinamik kayıtlanma için dışa aktarılan değişkenler",
-"oidcServiceDynamicRegistrationExtraClaims":"Dinamik kayıtlanma için ekstra talepler",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Jetonu",
 "oidcServiceKeyIdSig":"Anahtar ID imzalama",
 "oidcServiceMetaData":"OpenID Connect Servisi",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Güvenlik",
 "oidcServiceMetaDataSessions":"Oturumlar",
 "oidcServiceMetaDataTimeouts":"Zaman aşımları",
-"oidcServiceMetaDataTokenURI":"Jeton",
+"oidcServiceMetaDataTokenURI":"Jetons",
 "oidcServiceMetaDataUserInfoURI":"Kullanıcı Bilgisi",
 "oidcServiceOfflineSessionExpiration":"Çevrimdışı oturum",
 "oidcServicePrivateKeySig":"Özel anahtar imzalama",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"Thời gian chờ của trạng thái phiên làm việc",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Dòng mã ủy quyền",
-"oidcServiceAllowDynamicRegistration":"Đăng ký động",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Dòng chảy hỗn hợp",
 "oidcServiceAllowImplicitFlow":"Dòng chảy ngầm",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"Khóa ID chính",
 "oidcServiceMetaData":"Dịch vụ Kết nối OpenID",
@ -733,7 +734,7 @@
 "oidcServiceMetaDataSecurity":"Bảo mật",
 "oidcServiceMetaDataSessions":"Phiên",
 "oidcServiceMetaDataTimeouts":"Timeouts",
-"oidcServiceMetaDataTokenURI":"Token",
+"oidcServiceMetaDataTokenURI":"Tokens",
 "oidcServiceMetaDataUserInfoURI":"Thông tin người dùng",
 "oidcServiceOfflineSessionExpiration":"Offline session",
 "oidcServicePrivateKeySig":"Ký khóa cá nhân",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"State session timeout",
 "oidcServiceAccessTokenExpiration":"Access Token",
 "oidcServiceAllowAuthorizationCodeFlow":"Authorization Code Flow",
-"oidcServiceAllowDynamicRegistration":"Dynamic Registration",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"Hybrid Flow",
 "oidcServiceAllowImplicitFlow":"Implicit Flow",
 "oidcServiceAllowOffline":"Allow offline access",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"Exported vars for dynamic registration",
-"oidcServiceDynamicRegistrationExtraClaims":"Extra claims for dynamic registration",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID Token",
 "oidcServiceKeyIdSig":"Signing key ID",
 "oidcServiceMetaData":"OpenID Connect Service",
@ -722,7 +723,7 @@
 "oidcServiceMetaDataAuthorizeURI":"Authorization",
 "oidcServiceMetaDataBackChannelURI":"Back-Channel URI",
 "oidcServiceMetaDataCheckSessionURI":"Check Session",
-"oidcServiceMetaDataEndPoints":"End points",
+"oidcServiceMetaDataEndPoints":"Endpoints",
 "oidcServiceMetaDataEndSessionURI":"End of session",
 "oidcServiceMetaDataFrontChannelURI":"Front-Channel URI",
 "oidcServiceMetaDataIntrospectionURI":"Introspection",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json
@ -707,14 +707,15 @@
 "oidcRPStateTimeout":"狀態工作階段逾時",
 "oidcServiceAccessTokenExpiration":"存取權杖",
 "oidcServiceAllowAuthorizationCodeFlow":"授權碼流程",
-"oidcServiceAllowDynamicRegistration":"動態註冊",
+"oidcServiceAllowDynamicRegistration":"Activation",
 "oidcServiceAllowHybridFlow":"混合流程",
 "oidcServiceAllowImplicitFlow":"內含流程",
 "oidcServiceAllowOffline":"允許離線存取",
 "oidcServiceAllowOnlyDeclaredScopes":"Only allow declared scopes",
 "oidcServiceAuthorizationCodeExpiration":"Authorization Code",
-"oidcServiceDynamicRegistrationExportedVars":"用於動態註冊的已匯出變數",
-"oidcServiceDynamicRegistrationExtraClaims":"動態註冊的額外聲明",
+"oidcServiceDynamicRegistration":"Dynamic registration",
+"oidcServiceDynamicRegistrationExportedVars":"Exported vars",
+"oidcServiceDynamicRegistrationExtraClaims":"Extra claims",
 "oidcServiceIDTokenExpiration":"ID 權杖",
 "oidcServiceKeyIdSig":"簽署金鑰 ID",
 "oidcServiceMetaData":"OpenID 連線服務",
--- a/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
+++ b/lemonldap-ng-manager/site/htdocs/static/reverseTree.json
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json