Type Alias CreateOIDCPayload

Payload for creating an OIDC-compatible identity provider.

type CreateOIDCPayload = {
    clockToleranceSec?: number;
    createNewUsersOnLogin?: boolean;
    description?: string;
    interactive: boolean;
    options?: {
        allowedClientIds?: string[];
        audience?: string;
        claimsMapping: ClaimsMappingNonInteractive;
        discoveryUrl?: string;
        openid_configuration?: OpenIDConfiguration;
        realm?: string;
    };
    pendingOptions?: {
        blockOfflineAccessScope?: boolean;
        claimsMapping: ClaimsMappingInteractive;
        clientId: string;
        clientSecret: string;
        decryptingKey?: DecryptingKey;
        discoveryUrl?: string;
        emailVerifiedAlwaysTrue?: boolean;
        idTokenSignatureAlg?: "RS256"
        | "RS512";
        openid_configuration?: OpenIDConfiguration;
        realm?: string;
        scope?: string;
        useClaimsFromIdToken?: boolean;
    };
    postLogoutRedirectUri?: string;
    protocol: "OIDC";
    provider: | "auth0"
    | "okta"
    | "generic"
    | "salesforce"
    | "keycloak"
    | "adfs"
    | "azureAD";
    skipVerify?: boolean;
    tenantIds?: string[];
}
Index

Properties

clockToleranceSec? createNewUsersOnLogin? description? interactive options? pendingOptions? postLogoutRedirectUri? protocol provider skipVerify? tenantIds?

Properties

clockToleranceSec?: number

There can be clock skew between the IdP and Qlik's login server. In these cases, a tolerance can be set.

createNewUsersOnLogin?: boolean
description?: string
interactive: boolean
options?: {
    allowedClientIds?: string[];
    audience?: string;
    claimsMapping: ClaimsMappingNonInteractive;
    discoveryUrl?: string;
    openid_configuration?: OpenIDConfiguration;
    realm?: string;
}

Type Declaration

  • OptionalallowedClientIds?: string[]

    Only clients with IDs in this list will be allowed API access. A blank list or empty value means any client IDs authenticated against the IdP will be allowed access.

  • Optionalaudience?: string
  • claimsMapping: ClaimsMappingNonInteractive
  • OptionaldiscoveryUrl?: string
  • Optionalopenid_configuration?: OpenIDConfiguration
  • Optionalrealm?: string
pendingOptions?: {
    blockOfflineAccessScope?: boolean;
    claimsMapping: ClaimsMappingInteractive;
    clientId: string;
    clientSecret: string;
    decryptingKey?: DecryptingKey;
    discoveryUrl?: string;
    emailVerifiedAlwaysTrue?: boolean;
    idTokenSignatureAlg?: "RS256" | "RS512";
    openid_configuration?: OpenIDConfiguration;
    realm?: string;
    scope?: string;
    useClaimsFromIdToken?: boolean;
}

Type Declaration

  • OptionalblockOfflineAccessScope?: boolean

    When true, the offline_access scope will not be requested from the IdP where applicable.

  • claimsMapping: ClaimsMappingInteractive
  • clientId: string
  • clientSecret: string
  • OptionaldecryptingKey?: DecryptingKey
  • OptionaldiscoveryUrl?: string
  • OptionalemailVerifiedAlwaysTrue?: boolean
  • OptionalidTokenSignatureAlg?: "RS256" | "RS512"
  • Optionalopenid_configuration?: OpenIDConfiguration
  • Optionalrealm?: string
  • Optionalscope?: string
  • OptionaluseClaimsFromIdToken?: boolean
postLogoutRedirectUri?: string
protocol: "OIDC"
provider:
    | "auth0"
    | "okta"
    | "generic"
    | "salesforce"
    | "keycloak"
    | "adfs"
    | "azureAD"
skipVerify?: boolean
tenantIds?: string[]

Settings

Member Visibility

On This Page

Properties