dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Doc for #2602

Browse Source
This commit is contained in:
Maxime Besson 2021-09-01 15:28:57 +02:00
parent 5ea7a0916d
commit d3c27ed6fb
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc/sources/admin/idpopenidconnect.rst
View File

@ -333,10 +333,21 @@ Options
- **Logout**
- **Allowed redirection addresses for logout**: A space separated list of URLs that this client can redirect the user to once the logout is done (through ``post_logout_redirect_uri``)
- **URL**: Specify the relying party's logout URL
- **Type**: Type of Logout to perform (only Front-Channel is implemented for now)
- **Session required**: Whether to send the Session ID in the logout request
- **Allowed redirection addresses for logout**: A space separated list of
URLs that this client can redirect the user to once the logout is done
(through ``post_logout_redirect_uri``)
- **URL**: Specify the relying party's logout URL
- **Type**: Type of Logout to perform (only Front-Channel is implemented for now)
- **Session required**: Whether to send the Session ID in the logout request
Access Rule extra variables
^^^^^^^^^^^^^^^^^^^^^^^^^^^
When writing your access rules, you can additionally use the following variables:
* ``$_oidc_grant_type`` (since version ``2.0.14``): the grant type being used to
access this service. Possible values: ``authorizationcode``,
``implicit``, ``hybrid``, ``clientcredentials``, ``password``
.. _resource-owner-password-grant:

4
doc/sources/admin/oauth2handler.rst
View File

@ -48,6 +48,10 @@ The OAuth2 handler defines a few extra variables that you can use in
* ``$_clientId``: client ID of the application which requested the Access Token
* ``$_clientConfKey``: configuration key of the application which requested the
Access Token
* ``$_oidc_grant_type`` (since *2.0.14*): the grant type used to generate the Access Token. If
Refresh Tokens are used, this is the grant type of the first emitted Access
Token. Possible values: ``authorizationcode``, ``implicit``, ``hybrid``,
``clientcredentials``, ``password``
* ``$_scope``: list of space-separated scopes granted by the Access Token
For example, to grant access to access tokens containing the ``write`` scope,