[oa_identity_provider]
Configuration section for oa_identity_provider
[oa_identity_provider] clientCertificate
- Type
- string
- Default
- [\"config/certificate.pem\"]
Path(s) to client certificate(s) for mTLS authentication.
Required when tokenEndpointAuthMethod is tls_client_auth or self_signed_tls_client_auth. Can be an array or a single path.
[oa_identity_provider] cryptoenabled
- Type
- bool
- Default
- true
Enables cryptographic storage for sensitive data.
[oa_identity_provider] redirecturi
- Type
- string
- Default
- http://localhost
List of allowed redirect URIs for OIDC clients. Required when using ULC/UX, Dashboard, or similar components.
The default value is not overwritten; instead, the new value is appended. It can contain as many redirect URIs as required. To add more URIs, simply include additional redirecturi entries.
[oa_identity_provider] rejectUnauthorized
- Type
- bool
- Default
- false
Reject unauthorized SSL/TLS certificates.
true = reject self-signed certs (production), false = accept all certs (development).
[oa_identity_provider] serverCertificate
- Type
- string
Path to the SSL server certificate file, used for mutual TLS (mTLS).
[oa_identity_provider] serverPrivateKey
- Type
- string
Path to the SSL server private key file, used for mutual TLS (mTLS).
[oa_identity_provider] tokenEndpointAuthMethod
- Type
- string
- Default
- none
Client authentication method for the token endpoint.
Valid values: none, self_signed_tls_client_auth, tls_client_auth.
[oa_identity_provider] ttlAccessToken
- Type
- int
- Default
- 3600
- Range
- 60 - 86400
- Unit
- Seconds
Time to live for access tokens.
[oa_identity_provider] ttlGrant
- Type
- int
- Default
- 86400
- Range
- 300 - 604800
- Unit
- Seconds
Time to live for authorization grants.
[oa_identity_provider] ttlIdToken
- Type
- int
- Default
- 3600
- Range
- 60 - 86400
- Unit
- Seconds
Time to live for ID tokens.
[oa_identity_provider] ttlInteraction
- Type
- int
- Default
- 3600
- Range
- 60 - 86400
- Unit
- Seconds
Time to live for interaction sessions.
[oa_identity_provider] ttlJwkKey
- Type
- int
- Default
- 2592000
- Range
- 3600 - 31536000
- Unit
- Seconds
Time to live for JWK keys.
[oa_identity_provider] ttlRefreshToken
- Type
- int
- Default
- 86400
- Range
- 3600 - 2592000
- Unit
- Seconds
Time to live for refresh tokens.
[oa_identity_provider] ttlSession
- Type
- int
- Default
- 86400
- Range
- 300 - 604800
- Unit
- Seconds
Time to live for user sessions.