Back to Node Auth0

Interface EventStreamCloudEventConnectionCreatedObject1Options

docs/interfaces/management.Management.EventStreamCloudEventConnectionCreatedObject1Options.html

6.0.013.2 KB
Original Source

Interface EventStreamCloudEventConnectionCreatedObject1Options

Options for the 'okta' connection

interface EventStreamCloudEventConnectionCreatedObject1Options {
authorization_endpoint?: string;
client_id: string;
connection_settings?: EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettings;
domain_aliases?: string[];
dpop_signing_alg?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsDpopSigningAlgEnum;
federated_connections_access_tokens?: EventStreamCloudEventConnectionCreatedObject1OptionsFederatedConnectionsAccessTokens;
icon_url?: string;
id_token_session_expiry_supported?: boolean;
id_token_signed_response_algs?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsIdTokenSignedResponseAlgsItemEnum[];
issuer?: string;
jwks_uri?: string;
non_persistent_attrs?: string[];
oidc_metadata?: EventStreamCloudEventConnectionCreatedObject1OptionsOidcMetadata;
schema_version?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsSchemaVersionEnum;
scope?: string;
send_back_channel_nonce?: boolean;
set_user_root_attributes?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsSetUserRootAttributesEnum;
tenant_domain?: string;
token_endpoint?: string;
token_endpoint_auth_method?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthMethodEnum;
token_endpoint_auth_signing_alg?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthSigningAlgEnum;
token_endpoint_jwtca_aud_format?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointJwtcaAudFormatEnum;
upstream_params?: EventStreamCloudEventConnectionCreatedObject1OptionsUpstreamParams;
userinfo_endpoint?: string;
attribute_map?: EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMap;
domain?: string;
type?: "back_channel";
}

Index

Properties

authorization_endpoint?client_idconnection_settings?domain_aliases?dpop_signing_alg?federated_connections_access_tokens?icon_url?id_token_session_expiry_supported?id_token_signed_response_algs?issuer?jwks_uri?non_persistent_attrs?oidc_metadata?schema_version?scope?send_back_channel_nonce?set_user_root_attributes?tenant_domain?token_endpoint?token_endpoint_auth_method?token_endpoint_auth_signing_alg?token_endpoint_jwtca_aud_format?upstream_params?userinfo_endpoint?attribute_map?domain?type?

Properties

Optionalauthorization_endpoint

authorization_endpoint?: string

URL of the identity provider's OAuth 2.0 authorization endpoint where users are redirected for authentication. Must be a valid HTTPS URL. This endpoint initiates the OAuth 2.0 authorization code flow.

client_id

client_id: string

OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.

Optionalconnection_settings

connection_settings?: EventStreamCloudEventConnectionCreatedObject1OptionsConnectionSettings

Optionaldomain_aliases

domain_aliases?: string[]

Email domains associated with this connection for Home Realm Discovery (HRD). When a user's email matches one of these domains, they are automatically routed to this connection during authentication.

Optionaldpop_signing_alg

dpop_signing_alg?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsDpopSigningAlgEnum

Optionalfederated_connections_access_tokens

federated_connections_access_tokens?: EventStreamCloudEventConnectionCreatedObject1OptionsFederatedConnectionsAccessTokens

Optionalicon_url

icon_url?: string

https url of the icon to be shown

Optionalid_token_session_expiry_supported

id_token_session_expiry_supported?: boolean

Indicates whether the identity provider supports session expiry via the id_token. If true, the system will use the session_expiry claim in the id_token to determine session expiry.

Optionalid_token_signed_response_algs

id_token_signed_response_algs?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsIdTokenSignedResponseAlgsItemEnum[]

List of algorithms allowed to verify the ID tokens. Applicable when strategy=oidc or okta.

Optionalissuer

issuer?: string

The identity provider's unique issuer identifier URL (e.g., https://accounts.google.com). Must match the 'iss' claim in ID tokens from the identity provider.

Optionaljwks_uri

jwks_uri?: string

URL of the identity provider's JSON Web Key Set (JWKS) endpoint containing public keys for signature verification. Auth0 retrieves these keys to validate ID token signatures.

Optionalnon_persistent_attrs

non_persistent_attrs?: string[]

An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)

Optionaloidc_metadata

oidc_metadata?: EventStreamCloudEventConnectionCreatedObject1OptionsOidcMetadata

Optionalschema_version

schema_version?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsSchemaVersionEnum

Optionalscope

scope?: string

Space-separated list of OAuth 2.0 scopes requested during authorization. Must include 'openid' (required by OIDC spec). Common values: 'openid profile email'. Additional scopes depend on the identity provider.

Optionalsend_back_channel_nonce

send_back_channel_nonce?: boolean

When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.

Optionalset_user_root_attributes

set_user_root_attributes?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsSetUserRootAttributesEnum

Optionaltenant_domain

tenant_domain?: string

Tenant domain

Optionaltoken_endpoint

token_endpoint?: string

URL of the identity provider's OAuth 2.0 token endpoint where authorization codes are exchanged for access tokens. Must be a valid HTTPS URL. Required for authorization code flow but optional for implicit flow.

Optionaltoken_endpoint_auth_method

token_endpoint_auth_method?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthMethodEnum

Optionaltoken_endpoint_auth_signing_alg

token_endpoint_auth_signing_alg?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointAuthSigningAlgEnum

Optionaltoken_endpoint_jwtca_aud_format

token_endpoint_jwtca_aud_format?: Management.EventStreamCloudEventConnectionCreatedObject1OptionsTokenEndpointJwtcaAudFormatEnum

Optionalupstream_params

upstream_params?: EventStreamCloudEventConnectionCreatedObject1OptionsUpstreamParams

Optionaluserinfo_endpoint

userinfo_endpoint?: string

Optional URL of the identity provider's UserInfo endpoint. When configured with attribute mapping, Auth0 calls this endpoint to retrieve additional user profile claims using the access token.

Optionalattribute_map

attribute_map?: EventStreamCloudEventConnectionCreatedObject1OptionsAttributeMap

Optionaldomain

domain?: string

Domain of the Okta organization (e.g., dev-123456.okta.com). Should be just the domain of the okta server with no scheme or trailing backslash. Discovery runs only when connection.options.oidc_metadata is empty and a domain is provided

Optionaltype

type?: "back_channel"

Settings

Member Visibility

  • Protected
  • Inherited

ThemeOSLightDark

On This Page

Properties authorization_endpointclient_idconnection_settingsdomain_aliasesdpop_signing_algfederated_connections_access_tokensicon_urlid_token_session_expiry_supportedid_token_signed_response_algsissuerjwks_urinon_persistent_attrsoidc_metadataschema_versionscopesend_back_channel_nonceset_user_root_attributestenant_domaintoken_endpointtoken_endpoint_auth_methodtoken_endpoint_auth_signing_algtoken_endpoint_jwtca_aud_formatupstream_paramsuserinfo_endpointattribute_mapdomaintype