...
For an in detail description of the various tokens, see the Tokens Token documentation.
Name | Datatype | Mandatory | Example | Description | ||
---|---|---|---|---|---|---|
Identity Token Life Time | Seconds | ✅ | 3600 | Defines the lifetime of the identity token that will be issues for a user. | ||
Access token life time | Seconds | ✅ | 3600 | Defines the lifetime of that access token that will be issued for a user and a specific client. | ||
Authorization code life time | Seconds | ✅ | 60 | Defines the lifetime of the authorization code that will be used in some authentication processes. Less is more secure! | ||
Refresh token expiration type | Drop Down | ✅ | Absolute |
| ||
Sliding refresh token life time | Seconds | ✅ | 1296000 / 15 days | Sliding lifetime of a refresh token in seconds. | ||
Absolute refresh token life time | Seconds | ✅ | 2592000 / 30 days | Maximum lifetime of a refresh token in seconds | ||
Always include user claims in id token | Checkbox | ✅ | false | When both tokens, the id and the access token, are requested, this defines if the user claims should be included in the id token or not. If set to false, the client must get the info by using the user info endpoint. | ||
Update access token claims on refresh | Checkbox | ✅ | true | Defines whether or not the access token should be refreshed when a refresh token is requested | ||
Include JSON web tokens | Checkbox | ✅ | true | Specifies whether JWT access tokens should have an embedded unique ID (via the jti claim). | ||
Refresh token usage type | Drop Down | ✅ | OneTime |
| ||
Access token type | Drop Down | ✅ | JWT | Specifies whether the access token is a reference token or a self contained JWT token |
...
Name | Datatype | Mandatory | Example | Description | ||
---|---|---|---|---|---|---|
Require Consent | Checkbox | ✅ | false | Defines whether or not the user needs to give consent when accessing this client. | ||
Allow remember me | Checkbox | ✅ | false | Whether or not the user is presented with the option to select “remember me” which will cause the persistence of a cookie in the clients browser for any subsequent logins. | ||
Enable local authentication | Checkbox | ✅ | true | Defines if local logins are allowed. If set to false, only external logins are available to the user. | ||
URI | string | https://www.coreone.ch | The url of the client / application. | |||
Email verification redirect uri | REGEX Pattern | regex:^https:\/\/webshop\.ch$ | If any external systems are using urls to verify the mail address of authentication users, the provided redirect uri in the link will be tested against the configured pattern.
| |||
Post logout redirect URI's | REGEX Pattern | regex:^https:\/\/webshop\.ch$ | The client will provide an URL where the user will be logged out. It’s good practice to test those URLs against a pattern to ensure that the user can only be redirected to previously configured URLs. This will significantly increase the security of the system.
| |||
Identity provider restrictions | REGEX Pattern | regex:^https:\/\/swissid\.ch$ | Defines a list of allowed external identity providers that are allowed. If you do not specify any, all configured IdPs are allowed. Version 7 and above | |||
Required Multi-Factor Authentication | Checkbox | ✅ | true | Whether or not a MFA authentication is required for the client Deprecated version 6 and above | ||
Allow self-registration | Checkbox | ✅ | true | Whether or not a self registration is allowed for this client or not. | ||
Activation disabled | Checkbox | ✅ | true | If the activation process is enabled in the system, you can disable it for a specific client. | ||
Show in self-service | Checkbox | ✅ | true | Whether or not the client should be listed in the user self-service portal. |
...