Skip to content

config properties third_party properties custom_providers custom_provider

Jump to bottom
GitHub Action edited this page Jan 8, 2025 · 3 revisions

Version

v1.3.2

additionalProperties Type

object (custom_provider)

additionalProperties Properties

Property Type Required Nullable Defined by
allow_linking boolean Optional cannot be null Config
attribute_mapping object Optional cannot be null Config
authorization_endpoint string Optional cannot be null Config
issuer string Optional cannot be null Config
client_id string Optional cannot be null Config
display_name string Optional cannot be null Config
enabled boolean Optional cannot be null Config
scopes array Optional cannot be null Config
secret string Optional cannot be null Config
token_endpoint string Optional cannot be null Config
use_discovery boolean Optional cannot be null Config
userinfo_endpoint string Optional cannot be null Config

allow_linking

allow_linking indicates whether existing accounts can be automatically linked with this provider.

Linking is based on matching one of the email addresses of an existing user account with the (primary) email address of the third party provider account.

allow_linking

  • is optional

  • cannot be null

allow_linking Type

boolean

attribute_mapping

attribute_mapping defines a map that associates a set of known standard OIDC conformant end-user claims (the key of a map entry) at the Hanko backend to claims retrieved from a third party provider (the value of the map entry). This is primarily necessary if a non-OIDC provider is configured/used in which case it is probable that user data returned from the userinfo endpoint does not already conform to OIDC standard claims.

Example: You configure an OAuth Provider (i.e. non-OIDC) and the provider's configured userinfo endpoint returns an end-user's user ID at the provider not under a sub key in its JSON response but rather under a user_id key. You would then configure an attribute mapping as follows:

attribute_mapping:
 sub: user_id

See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for a list of known standard claims that provider claims can be mapped into. Any other claims received from a provider are not discarded but are retained internally in a custom_claims claim.

Mappings are one-to-one mappings, complex mappings (e.g. mapping concatenations of two claims) are not possible.

attribute_mapping

  • is optional

  • cannot be null

attribute_mapping Type

object (Details)

authorization_endpoint

URL of the provider's authorization endpoint where the end-user is redirected to authenticate and grant consent for an application to access their resources.

Required if use_discovery is false or omitted.

authorization_endpoint

  • is optional

  • cannot be null

authorization_endpoint Type

string

issuer

issuer is the provider's issuer identifier. It should be a URL that uses the "https" scheme and has no query or fragment components.

Required if use_discovery is true.

issuer

  • is optional

  • cannot be null

issuer Type

string

client_id

client_id is the ID of the OAuth/OIDC client. Must be obtained from the provider.

Required if the provider is enabled.

client_id

  • is optional

  • cannot be null

client_id Type

string

display_name

display_name is the name of the provider that is intended to be shown to an end-user.

Required if the provider is enabled.

display_name

  • is optional

  • cannot be null

display_name Type

string

enabled

enabled indicates if the provider is enabled or disabled.

enabled

  • is optional

  • cannot be null

enabled Type

boolean

scopes

scopes is a list of scopes requested from the provider that specify the level of access an application has to a user's resources on a server, defining what actions the app can perform on behalf of the user.

Required if the provider is enabled.

scopes

  • is optional

  • cannot be null

scopes Type

string[]

secret

secret is the client secret for the OAuth/OIDC client. Must be obtained from the provider.

Required if the provider is enabled.

secret

  • is optional

  • cannot be null

secret Type

string

token_endpoint

URL of the provider's token endpoint URL where an application exchanges an authorization code for an access token, which is used to authenticate API requests on behalf of the end-user.

Required if use_discovery is false or omitted.

token_endpoint

  • is optional

  • cannot be null

token_endpoint Type

string

use_discovery

use_discovery determines if configuration information about an OpenID Connect (OIDC) provider, such as endpoint URLs and supported features,should be automatically retrieved, from a well-known URL (typically /.well-known/openid-configuration).

use_discovery

  • is optional

  • cannot be null

use_discovery Type

boolean

use_discovery Default Value

The default value is:

true

userinfo_endpoint

URL of the provider's endpoint that returns claims about an authenticated end-user.

Required if use_discovery is false or omitted.

userinfo_endpoint

  • is optional

  • cannot be null

userinfo_endpoint Type

string

Clone this wiki locally