-
Notifications
You must be signed in to change notification settings - Fork 1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #17274 from uwwint/oidc/add-backend-schema
Add OIDC backend configuration schema and validation
- Loading branch information
Showing
4 changed files
with
173 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,151 @@ | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:vc="http://www.w3.org/2007/XMLSchema-versioning" elementFormDefault="qualified" vc:minVersion="1.1"> | ||
<xs:element name="OIDC"> | ||
<xs:complexType> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Root element for OpenID Connect (OIDC) configurations, encompassing multiple identity providers. | ||
</xs:documentation> | ||
</xs:annotation> | ||
<xs:sequence> | ||
<xs:element name="provider" maxOccurs="unbounded"> | ||
<xs:complexType> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Configuration for a specific OIDC Identity Provider (IdP). | ||
</xs:documentation> | ||
</xs:annotation> | ||
<xs:all> | ||
<xs:element name="client_id" minOccurs="1" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Client ID obtained from the IdP at client registration. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="client_secret" minOccurs="1" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Secret generated by the IdP for the client upon registration. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="redirect_uri" minOccurs="1" type="xs:anyURI"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
URI where the IdP will send the authentication response. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="prompt" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Determines whether the IdP should prompt the user for re-authorization and consent. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="icon" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
URL to an icon representing the IdP. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="extra_scopes" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Additional scopes requested from the IdP. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="require_create_confirmation" minOccurs="0" type="xs:boolean"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Indicates whether a confirmation page is shown for new user creation. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="ca_bundle" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Path to a CA bundle file or directory for SSL certificate verification. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="well_known_oidc_config_uri" minOccurs="0" type="xs:anyURI"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Override the default OIDC configuration URI. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="allowed_idp" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Restricts the list of allowed identity providers for authentication. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="enable_idp_logout" minOccurs="0" type="xs:boolean"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Enable logout from the IdP when logging out of the application. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="label" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Custom label for the IdP in the user interface. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="url" minOccurs="0" type="xs:anyURI"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
URL of the IdP. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="api_url" minOccurs="0" type="xs:anyURI"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
API URL for the IdP, if different from the main URL. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="pkce_support" minOccurs="0" type="xs:boolean"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Indicates support for Proof Key for Code Exchange (PKCE). | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="idphint" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Hint to preselect the IdP during authentication. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
<xs:element name="accepted_audiences" minOccurs="0" type="xs:string"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Specifies the accepted audiences for authentication tokens. | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:element> | ||
</xs:all> | ||
<xs:attribute name="name" type="xs:string" use="required"> | ||
<xs:annotation> | ||
<xs:documentation> | ||
Name of the Identity Provider (IdP). | ||
</xs:documentation> | ||
</xs:annotation> | ||
</xs:attribute> | ||
</xs:complexType> | ||
</xs:element> | ||
</xs:sequence> | ||
</xs:complexType> | ||
</xs:element> | ||
</xs:schema> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters