To configure Brainware for OAuth2.0, find the OAuth2Settings and secureSettings sections in web.config and update the following values.
Settings | Description |
---|---|
OAuth2ClientId* | The client ID provided by your IdP provider. |
OAuth2ClientSecret | When using client secret, enter the client secret provided your IdP provider; otherwise, leave blank. |
OAuth2Enabled* | Enter True to enable OAuth2 authentication |
OAuth2DiscoveryUrl* | The discovery endpoint of your authorization provider. |
OAuth2RequireHttps | Enter True to indicate that you require OAuth2 connections to use https. This is recommended for production environments. |
OAuth2RedirectUrl* | The URL of the hosted Web Verifier login page. |
OAuth2Scope | Set to ‘offline_access’ to enable refresh tokens; otherwise leave blank. |
OAuth2ValidateLifetime | Enter True to indicate that the Web Verifier will validate the lifetime of the returned access token. When the token expires, the user will be logged out. If using refresh tokens Web Verifier will attempt to refresh the users token before logging them out.Enter False to indicate that the token lifetime will be ignored. |
OAuth2ClockSkew | Enter the duration in minutes, a user session is still valid after the token expires.This can be used to account for clock differences between the Web Verifier server and the IdP server. |
OAuth2PKCEMehtod | Set to S256 to enable PKCE; leave blank to disable PKCE. |
OAuth2ValidateSignature | Set to True to validate the token signature; recommended for production environments. |
* Indicates mandatory fields