docs/interfaces/management.Management.EventStreamCloudEventConnectionUpdatedObject1Options.html
Options for the 'okta' connection
interface EventStreamCloudEventConnectionUpdatedObject1Options {
authorization_endpoint?: string;
client_id: string;
connection_settings?: EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettings;
domain_aliases?: string[];
dpop_signing_alg?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsDpopSigningAlgEnum;
federated_connections_access_tokens?: EventStreamCloudEventConnectionUpdatedObject1OptionsFederatedConnectionsAccessTokens;
icon_url?: string;
id_token_session_expiry_supported?: boolean;
id_token_signed_response_algs?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsIdTokenSignedResponseAlgsItemEnum[];
issuer?: string;
jwks_uri?: string;
non_persistent_attrs?: string[];
oidc_metadata?: EventStreamCloudEventConnectionUpdatedObject1OptionsOidcMetadata;
schema_version?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsSchemaVersionEnum;
scope?: string;
send_back_channel_nonce?: boolean;
set_user_root_attributes?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsSetUserRootAttributesEnum;
tenant_domain?: string;
token_endpoint?: string;
token_endpoint_auth_method?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthMethodEnum;
token_endpoint_auth_signing_alg?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthSigningAlgEnum;
token_endpoint_jwtca_aud_format?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointJwtcaAudFormatEnum;
upstream_params?: EventStreamCloudEventConnectionUpdatedObject1OptionsUpstreamParams;
userinfo_endpoint?: string;
attribute_map?: EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMap;
domain?: string;
type?: "back_channel";
}
authorization_endpoint?client_idconnection_settings?domain_aliases?dpop_signing_alg?federated_connections_access_tokens?icon_url?id_token_session_expiry_supported?id_token_signed_response_algs?issuer?jwks_uri?non_persistent_attrs?oidc_metadata?schema_version?scope?send_back_channel_nonce?set_user_root_attributes?tenant_domain?token_endpoint?token_endpoint_auth_method?token_endpoint_auth_signing_alg?token_endpoint_jwtca_aud_format?upstream_params?userinfo_endpoint?attribute_map?domain?type?
Optionalauthorization_endpointauthorization_endpoint?: string
URL of the identity provider's OAuth 2.0 authorization endpoint where users are redirected for authentication. Must be a valid HTTPS URL. This endpoint initiates the OAuth 2.0 authorization code flow.
client_id: string
OAuth 2.0 client identifier issued by the identity provider during application registration. This value identifies your Auth0 connection to the identity provider.
Optionalconnection_settingsconnection_settings?: EventStreamCloudEventConnectionUpdatedObject1OptionsConnectionSettings
Optionaldomain_aliasesdomain_aliases?: string[]
Email domains associated with this connection for Home Realm Discovery (HRD). When a user's email matches one of these domains, they are automatically routed to this connection during authentication.
Optionaldpop_signing_algdpop_signing_alg?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsDpopSigningAlgEnum
Optionalfederated_connections_access_tokensfederated_connections_access_tokens?: EventStreamCloudEventConnectionUpdatedObject1OptionsFederatedConnectionsAccessTokens
Optionalicon_urlicon_url?: string
https url of the icon to be shown
Optionalid_token_session_expiry_supportedid_token_session_expiry_supported?: boolean
Indicates whether the identity provider supports session expiry via the id_token. If true, the system will use the session_expiry claim in the id_token to determine session expiry.
Optionalid_token_signed_response_algsid_token_signed_response_algs?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsIdTokenSignedResponseAlgsItemEnum[]
List of algorithms allowed to verify the ID tokens. Applicable when strategy=oidc or okta.
Optionalissuerissuer?: string
The identity provider's unique issuer identifier URL (e.g., https://accounts.google.com). Must match the 'iss' claim in ID tokens from the identity provider.
Optionaljwks_urijwks_uri?: string
URL of the identity provider's JSON Web Key Set (JWKS) endpoint containing public keys for signature verification. Auth0 retrieves these keys to validate ID token signatures.
Optionalnon_persistent_attrsnon_persistent_attrs?: string[]
An array of user fields that should not be stored in the Auth0 database (https://auth0.com/docs/security/data-security/denylist)
Optionaloidc_metadataoidc_metadata?: EventStreamCloudEventConnectionUpdatedObject1OptionsOidcMetadata
Optionalschema_versionschema_version?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsSchemaVersionEnum
Optionalscopescope?: string
Space-separated list of OAuth 2.0 scopes requested during authorization. Must include 'openid' (required by OIDC spec). Common values: 'openid profile email'. Additional scopes depend on the identity provider.
Optionalsend_back_channel_noncesend_back_channel_nonce?: boolean
When true and type is 'back_channel', includes a cryptographic nonce in authorization requests to prevent replay attacks. The identity provider must include this nonce in the ID token for validation.
Optionalset_user_root_attributesset_user_root_attributes?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsSetUserRootAttributesEnum
Optionaltenant_domaintenant_domain?: string
Tenant domain
Optionaltoken_endpointtoken_endpoint?: string
URL of the identity provider's OAuth 2.0 token endpoint where authorization codes are exchanged for access tokens. Must be a valid HTTPS URL. Required for authorization code flow but optional for implicit flow.
Optionaltoken_endpoint_auth_methodtoken_endpoint_auth_method?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthMethodEnum
Optionaltoken_endpoint_auth_signing_algtoken_endpoint_auth_signing_alg?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointAuthSigningAlgEnum
Optionaltoken_endpoint_jwtca_aud_formattoken_endpoint_jwtca_aud_format?: Management.EventStreamCloudEventConnectionUpdatedObject1OptionsTokenEndpointJwtcaAudFormatEnum
Optionalupstream_paramsupstream_params?: EventStreamCloudEventConnectionUpdatedObject1OptionsUpstreamParams
Optionaluserinfo_endpointuserinfo_endpoint?: string
Optional URL of the identity provider's UserInfo endpoint. When configured with attribute mapping, Auth0 calls this endpoint to retrieve additional user profile claims using the access token.
Optionalattribute_mapattribute_map?: EventStreamCloudEventConnectionUpdatedObject1OptionsAttributeMap
Optionaldomaindomain?: string
Domain of the Okta organization (e.g., dev-123456.okta.com). Should be just the domain of the okta server with no scheme or trailing backslash. Discovery runs only when connection.options.oidc_metadata is empty and a domain is provided
Optionaltypetype?: "back_channel"
Member Visibility
ThemeOSLightDark
Properties authorization_endpointclient_idconnection_settingsdomain_aliasesdpop_signing_algfederated_connections_access_tokensicon_urlid_token_session_expiry_supportedid_token_signed_response_algsissuerjwks_urinon_persistent_attrsoidc_metadataschema_versionscopesend_back_channel_nonceset_user_root_attributestenant_domaintoken_endpointtoken_endpoint_auth_methodtoken_endpoint_auth_signing_algtoken_endpoint_jwtca_aud_formatupstream_paramsuserinfo_endpointattribute_mapdomaintype