This repository has been archived by the owner on Apr 27, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
API Reference Models
VSTS System User edited this page May 20, 2019
·
14 revisions
| Name | Description | Schema |
|---|---|---|
|
apiSecret optional |
The API secret is used for the introspection endpoint. The API can authenticate with introspection using the API name and secret. |
string |
|
description optional |
Description of the resource. | string |
|
displayName optional |
Display name of the resource. | string |
|
enabled optional |
Indicates if this resource is enabled. Defaults to true. Default : true
|
boolean |
|
name required |
The unique name of the resource. Required in the request body ONLY for POST operations. | string |
|
scopes required |
An API must have at least one scope. Each scope can have different settings. | < Fabric.Identity.API.Models.Scope > array |
|
userClaims required |
List of accociated user claims that should be included when this resource is requested. | < string > array |
http://docs.identityserver.io/en/release/reference/client.html
| Name | Description | Schema |
|---|---|---|
|
absoluteRefreshTokenLifetime optional |
Maximum lifetime of a refresh token in seconds. Defaults to 2592000 seconds / 30 days. Default : 259200
|
integer (int32) |
|
accessTokenLifetime optional |
Lifetime of access token in seconds (defaults to 3600 seconds / 1 hour). Default : 3600
|
integer (int32) |
|
accessTokenType optional |
Specifies whether the access token is a reference token or a self contained JWT token (defaults to Jwt). Default : "Jwt"
|
enum (Jwt, Reference) |
|
allowAccessTokensViaBrowser optional |
Controls whether access tokens are transmitted via the browser for this client (defaults to false). This can prevent accidental leakage of access tokens when multiple response types are allowed. |
boolean |
|
allowOfflineAccess required |
Indicates whether the client can request refresh tokens (not allowed for implicit or password grant types). | boolean |
|
allowPlainTextPkce optional |
Specifies whether a proof key can be sent using plain method (not recommended and default to false). |
boolean |
|
allowRememberConsent optional |
Specifies whether user can choose to store consent decisions (defaults to true). Default : true
|
boolean |
|
allowedCorsOrigins optional |
Gets or sets the allowed CORS origins for JavaScript clients. | < string > array |
|
allowedGrantTypes required |
Supported grant types for this client. Valid options include the following: implicit | hybrid | authorization_code | client_credentials | password | delegation | delegation, client_credentials |
< string > array |
|
allowedScopes required |
Specifies the API scopes that the client is allowed to request. If empty, the client can't access any scope. |
< string > array |
|
alwaysIncludeUserClaimsInIdToken optional |
When requesting both an id token and access token, should the user claims always be added to the id token instead of requring the client to use the userinfo endpoint. |
boolean |
|
alwaysSendClientClaims optional |
Gets or sets a value indicating whether client claims should be always included in the access tokens - only for client credentials flow. |
boolean |
|
authorizationCodeLifetime optional |
Lifetime of authorization code in seconds (defaults to 300 seconds / 5 minutes). Default : 300
|
integer (int32) |
|
claims optional |
Allows settings claims for the client (will be included in the access token). | < System.Security.Claims.Claim > array |
|
clientId required |
Unique client ID. Required in the request body ONLY for POST operations. | string |
|
clientName required |
Client display name (used for logging and consent screen). | string |
|
clientSecret optional |
Client secrets - only relevant for flows that require a secret. | string |
|
clientUri optional |
URI for further information about client (used on consent screen). | string |
|
enableLocalLogin optional |
Gets or sets a value indicating whether the local login is allowed for this client. Defaults to true. Default : true
|
boolean |
|
enabled optional |
Specifies if client is enabled (defaults to true). Default : true
|
boolean |
|
identityProviderRestrictions optional |
Specifies which external IdPs can be used with this client (if list is empty all IdPs are allowed). Defaults to empty. |
< string > array |
|
identityTokenLifetime optional |
Lifetime of identity token in seconds (defaults to 300 seconds / 5 minutes). Default : 300
|
integer (int32) |
|
includeJwtId optional |
Gets or sets a value indicating whether JWT access tokens should include an identifier. | boolean |
|
logoUri optional |
URI to client logo (used on consent screen). | string |
|
logoutSessionRequired optional |
Specifies is the user's session id should be sent to the LogoutUri. Defaults to true. Default : true
|
boolean |
|
logoutUri optional |
Specifies logout URI at client for HTTP based logout. | string |
|
postLogoutRedirectUris optional |
Specifies allowed URIs to redirect to after logout. | < string > array |
|
prefixClientClaims optional |
Gets or sets a value indicating whether all client claims should be prefixed. Default : true
|
boolean |
|
protocolType optional |
Gets or sets the protocol type. Defaults to "oidc". Default : "oidc"
|
string |
|
redirectUris optional |
Specifies allowed URIs to return tokens or authorization codes to. | < string > array |
|
refreshTokenExpiration optional |
Absolute: the refresh token will expire on a fixed point in time (specified by the AbsoluteRefreshTokenLifetime) Sliding: when refreshing the token, the lifetime of the refresh token will be renewed (by the amount specified in SlidingRefreshTokenLifetime). The lifetime will not exceed AbsoluteRefreshTokenLifetime. Default : "Absolute"
|
enum (Sliding, Absolute) |
|
refreshTokenUsage optional |
ReUse: the refresh token handle will stay the same when refreshing tokens OneTime: the refresh token handle will be updated when refreshing tokens Default : "OneTimeOnly"
|
enum (ReUse, OneTimeOnly) |
|
requireClientSecret optional |
If set to false, no client secret is needed to request tokens at the token endpoint (defaults to true). Default : true
|
boolean |
|
requireConsent optional |
Specifies whether a consent screen is required (defaults to true). Default : true
|
boolean |
|
requirePkce optional |
Specifies whether a proof key is required for authorization code based token requests. | boolean |
|
slidingRefreshTokenLifetime optional |
Sliding lifetime of a refresh token in seconds. Defaults to 1296000 seconds / 15 days. Default : 1296000
|
integer (int32) |
|
updateAccessTokenClaimsOnRefresh optional |
Gets or sets a value indicating whether the access token (and its claims) should be updated on a refresh token request. |
boolean |
| Name | Schema |
|---|---|
|
code optional |
string |
|
details optional |
< Fabric.Identity.API.Models.Error > array |
|
innererror optional |
Fabric.Identity.API.Models.InnerError |
|
message optional |
string |
|
target optional |
string |
| Name | Schema |
|---|---|
|
authenticationScheme optional |
string |
|
displayName optional |
string |
| Name | Description | Schema |
|---|---|---|
|
description optional |
Description of the resource. | string |
|
displayName optional |
Display name of the resource. | string |
|
emphasize optional |
Specifies whether the consent screen will emphasize this scope (if the consent screen wants to implement such a feature). Use this setting for sensitive or important scopes. Defaults to false. |
boolean |
|
enabled optional |
Indicates if this resource is enabled. Defaults to true. Default : true
|
boolean |
|
name required |
The unique name of the resource. Required in the request body ONLY for POST operations. | string |
|
required optional |
Specifies whether the user can de-select the scope on the consent screen (if the consent screen wants to implement such a feature). Defaults to false. |
boolean |
|
showInDiscoveryDocument optional |
Specifies whether this scope is shown in the discovery document. Defaults to true. Default : true
|
boolean |
|
userClaims required |
List of accociated user claims that should be included when this resource is requested. | < string > array |
| Name | Schema |
|---|---|
|
code optional |
string |
|
innererror optional |
Fabric.Identity.API.Models.InnerError |
| Name | Description | Schema |
|---|---|---|
|
description optional |
Description. This value will be used e.g. on the consent screen. | string |
|
displayName optional |
Display name. This value will be used e.g. on the consent screen. | string |
|
emphasize optional |
Specifies whether the consent screen will emphasize this scope. Use this setting for sensitive or important scopes. Defaults to false. |
boolean |
|
name required |
Name of the scope. This is the value a client will use to request the scope. | string |
|
required optional |
Specifies whether the user can de-select the scope on the consent screen. Defaults to false. |
boolean |
|
showInDiscoveryDocument optional |
Specifies whether this scope is shown in the discovery document. Defaults to true. Default : true
|
boolean |
|
userClaims optional |
List of user claims that should be included in the access token. | < string > array |
| Name | Schema |
|---|---|
|
email optional |
string |
|
firstName optional |
string |
|
lastLoginDate optional |
string (date-time) |
|
lastName optional |
string |
|
middleName optional |
string |
|
subjectId optional |
string |
| Name | Schema |
|---|---|
|
clientId optional |
string |
|
userIds optional |
< string > array |
| Name | Schema |
|---|---|
|
issuer optional read-only |
string |
|
originalIssuer optional read-only |
string |
|
properties optional |
< string, string > map |
|
subject optional |
System.Security.Claims.ClaimsIdentity |
|
type optional read-only |
string |
|
value optional read-only |
string |
|
valueType optional read-only |
string |
| Name | Schema |
|---|---|
|
actor optional |
System.Security.Claims.ClaimsIdentity |
|
authenticationType optional read-only |
string |
|
bootstrapContext optional |
object |
|
claims optional |
< System.Security.Claims.Claim > array |
|
isAuthenticated optional read-only |
boolean |
|
label optional |
string |
|
name optional read-only |
string |
|
nameClaimType optional read-only |
string |
|
roleClaimType optional read-only |
string |