Configuration

Defined in: @types/oidc-provider/index.d.ts:935

Properties

acceptQueryParamAccessTokens?

optional acceptQueryParamAccessTokens?: boolean

Defined in: @types/oidc-provider/index.d.ts:1413

---

acrValues?

optional acrValues?: string[] | Set<string>

Defined in: @types/oidc-provider/index.d.ts:936

---

adapter?

optional adapter?: AdapterFactory | AdapterConstructor

Defined in: @types/oidc-provider/index.d.ts:938

---

allowOmittingSingleRegisteredRedirectUri?

optional allowOmittingSingleRegisteredRedirectUri?: boolean

Defined in: @types/oidc-provider/index.d.ts:1411

---

assertJwtClientAuthClaimsAndHeader?

optional assertJwtClientAuthClaimsAndHeader?: (ctx, claims, header, client) => CanBePromise<void>

Defined in: @types/oidc-provider/index.d.ts:999

Parameters

ctx

KoaContextWithOIDC

claims

Record<string, JsonValue>

header

Record<string, JsonValue>

client

Client

Returns

CanBePromise<void>

---

claims?

optional claims?: object

Defined in: @types/oidc-provider/index.d.ts:940

Index Signature

[key: string]: string[] | null

---

clientAuthMethods?

optional clientAuthMethods?: ClientAuthMethod[]

Defined in: @types/oidc-provider/index.d.ts:1364

---

clientBasedCORS?

optional clientBasedCORS?: (ctx, origin, client) => boolean

Defined in: @types/oidc-provider/index.d.ts:946

Parameters

ctx

KoaContextWithOIDC

origin

string

client

Client

Returns

boolean

---

clientDefaults?

optional clientDefaults?: AllClientMetadata

Defined in: @types/oidc-provider/index.d.ts:967

---

clients?

optional clients?: ClientMetadata[]

Defined in: @types/oidc-provider/index.d.ts:948

---

clockTolerance?

optional clockTolerance?: number

Defined in: @types/oidc-provider/index.d.ts:969

---

conformIdTokenClaims?

optional conformIdTokenClaims?: boolean

Defined in: @types/oidc-provider/index.d.ts:971

---

cookies?

optional cookies?: object

Defined in: @types/oidc-provider/index.d.ts:973

keys?

optional keys?: (string | Buffer<ArrayBufferLike>)[] | Keygrip

long?

optional long?: CookiesSetOptions

names?

optional names?: object

names.interaction?

optional interaction?: string

names.resume?

optional resume?: string

names.session?

optional session?: string

names.state?

optional state?: string

short?

optional short?: CookiesSetOptions

---

discovery?

optional discovery?: UnknownObject

Defined in: @types/oidc-provider/index.d.ts:989

---

enabledJWA?

optional enabledJWA?: object

Defined in: @types/oidc-provider/index.d.ts:1424

authorizationEncryptionAlgValues?

optional authorizationEncryptionAlgValues?: EncryptionAlgValues[]

authorizationEncryptionEncValues?

optional authorizationEncryptionEncValues?: EncryptionEncValues[]

authorizationSigningAlgValues?

optional authorizationSigningAlgValues?: SigningAlgorithm[]

clientAuthSigningAlgValues?

optional clientAuthSigningAlgValues?: SigningAlgorithm[]

dPoPSigningAlgValues?

optional dPoPSigningAlgValues?: AsymmetricSigningAlgorithm[]

idTokenEncryptionAlgValues?

optional idTokenEncryptionAlgValues?: EncryptionAlgValues[]

idTokenEncryptionEncValues?

optional idTokenEncryptionEncValues?: EncryptionEncValues[]

idTokenSigningAlgValues?

optional idTokenSigningAlgValues?: SigningAlgorithmWithNone[]

introspectionEncryptionAlgValues?

optional introspectionEncryptionAlgValues?: EncryptionAlgValues[]

introspectionEncryptionEncValues?

optional introspectionEncryptionEncValues?: EncryptionEncValues[]

introspectionSigningAlgValues?

optional introspectionSigningAlgValues?: SigningAlgorithmWithNone[]

requestObjectEncryptionAlgValues?

optional requestObjectEncryptionAlgValues?: EncryptionAlgValues[]

requestObjectEncryptionEncValues?

optional requestObjectEncryptionEncValues?: EncryptionEncValues[]

requestObjectSigningAlgValues?

optional requestObjectSigningAlgValues?: SigningAlgorithmWithNone[]

userinfoEncryptionAlgValues?

optional userinfoEncryptionAlgValues?: EncryptionAlgValues[]

userinfoEncryptionEncValues?

optional userinfoEncryptionEncValues?: EncryptionEncValues[]

userinfoSigningAlgValues?

optional userinfoSigningAlgValues?: SigningAlgorithmWithNone[]

---

enableHttpPostMethods?

optional enableHttpPostMethods?: boolean

Defined in: @types/oidc-provider/index.d.ts:991

---

expiresWithSession?

optional expiresWithSession?: (ctx, token) => CanBePromise<boolean>

Defined in: @types/oidc-provider/index.d.ts:1315

Parameters

ctx

KoaContextWithOIDC

token

AuthorizationCode | AccessToken | DeviceCode

Returns

CanBePromise<boolean>

---

extraClientMetadata?

optional extraClientMetadata?: object

Defined in: @types/oidc-provider/index.d.ts:1385

properties?

optional properties?: string[]

validator?

optional validator?: (ctx, key, value, metadata) => void | undefined

Parameters

ctx

KoaContextWithOIDC

key

string

value

unknown

metadata

ClientMetadata

Returns

void | undefined

---

extraParams?

optional extraParams?: string[] | {[param: string]: ((ctx, value, client) => CanBePromise<void>) | null; }

Defined in: @types/oidc-provider/index.d.ts:993

---

extraTokenClaims?

optional extraTokenClaims?: (ctx, token) => CanBePromise<UnknownObject | undefined>

Defined in: @types/oidc-provider/index.d.ts:1309

Parameters

ctx

KoaContextWithOIDC

token

AccessToken | ClientCredentials

Returns

CanBePromise<UnknownObject | undefined>

---

features?

optional features?: object

Defined in: @types/oidc-provider/index.d.ts:1006

attestClientAuth?

optional attestClientAuth?: object

Index Signature

[key: string]: any

attestClientAuth.ack?

optional ack?: string

attestClientAuth.enabled?

optional enabled?: boolean

backchannelLogout?

optional backchannelLogout?: object

backchannelLogout.enabled?

optional enabled?: boolean

ciba?

optional ciba?: object

ciba.deliveryModes

deliveryModes: CIBADeliveryMode[]

ciba.enabled?

optional enabled?: boolean

ciba.processLoginHint?

optional processLoginHint?: (ctx, loginHint?) => CanBePromise<string | undefined>

Parameters

ctx

KoaContextWithOIDC

loginHint?

string

Returns

CanBePromise<string | undefined>

ciba.processLoginHintToken?

optional processLoginHintToken?: (ctx, loginHintToken?) => CanBePromise<string | undefined>

Parameters

ctx

KoaContextWithOIDC

loginHintToken?

string

Returns

CanBePromise<string | undefined>

ciba.triggerAuthenticationDevice?

optional triggerAuthenticationDevice?: (ctx, request, account, client) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

request

BackchannelAuthenticationRequest

account

Account

client

Client

Returns

CanBePromise<void>

ciba.validateBindingMessage?

optional validateBindingMessage?: (ctx, bindingMessage?) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

bindingMessage?

string

Returns

CanBePromise<void>

ciba.validateRequestContext?

optional validateRequestContext?: (ctx, requestContext?) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

requestContext?

string

Returns

CanBePromise<void>

ciba.verifyUserCode?

optional verifyUserCode?: (ctx, userCode?) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

userCode?

string

Returns

CanBePromise<void>

claimsParameter?

optional claimsParameter?: object

claimsParameter.assertClaimsParameter?

optional assertClaimsParameter?: (ctx, claims, client) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

claims

ClaimsParameter

client

Client

Returns

CanBePromise<void>

claimsParameter.enabled?

optional enabled?: boolean

clientCredentials?

optional clientCredentials?: object

clientCredentials.enabled?

optional enabled?: boolean

deviceFlow?

optional deviceFlow?: object

deviceFlow.charset?

optional charset?: "base-20" | "digits"

deviceFlow.deviceInfo?

optional deviceInfo?: (ctx) => UnknownObject

Parameters

ctx

KoaContextWithOIDC

Returns

UnknownObject

deviceFlow.enabled?

optional enabled?: boolean

deviceFlow.mask?

optional mask?: string

deviceFlow.successSource?

optional successSource?: (ctx) => CanBePromise<void | undefined>

Parameters

ctx

KoaContextWithOIDC

Returns

CanBePromise<void | undefined>

deviceFlow.userCodeConfirmSource?

optional userCodeConfirmSource?: (ctx, form, client, deviceInfo, userCode) => CanBePromise<void | undefined>

Parameters

ctx

KoaContextWithOIDC

form

string

client

Client

deviceInfo

UnknownObject

userCode

string

Returns

CanBePromise<void | undefined>

deviceFlow.userCodeInputSource?

optional userCodeInputSource?: (ctx, form, out?, err?) => CanBePromise<void | undefined>

Parameters

ctx

KoaContextWithOIDC

form

string

out?

ErrorOut

err?

OIDCProviderError | Error

Returns

CanBePromise<void | undefined>

devInteractions?

optional devInteractions?: object

devInteractions.enabled?

optional enabled?: boolean

dPoP?

optional dPoP?: object

dPoP.allowReplay?

optional allowReplay?: boolean

dPoP.enabled?

optional enabled?: boolean

dPoP.nonceSecret?

optional nonceSecret?: Buffer<ArrayBufferLike>

dPoP.requireNonce?

optional requireNonce?: (ctx) => boolean

Parameters

ctx

KoaContextWithOIDC

Returns

boolean

encryption?

optional encryption?: object

encryption.enabled?

optional enabled?: boolean

externalSigningSupport?

optional externalSigningSupport?: object

Index Signature

[key: string]: any

externalSigningSupport.ack?

optional ack?: string

externalSigningSupport.enabled?

optional enabled?: boolean

fapi?

optional fapi?: object

fapi.enabled?

optional enabled?: boolean

fapi.profile

profile: FapiProfile | ((ctx, client) => FapiProfile) | undefined

introspection?

optional introspection?: object

introspection.allowedPolicy?

optional allowedPolicy?: (ctx, client, token) => CanBePromise<boolean>

Parameters

ctx

KoaContextWithOIDC

client

Client

token

AccessToken | ClientCredentials | RefreshToken

Returns

CanBePromise<boolean>

introspection.enabled?

optional enabled?: boolean

jwtIntrospection?

optional jwtIntrospection?: object

jwtIntrospection.enabled?

optional enabled?: boolean

jwtResponseModes?

optional jwtResponseModes?: object

jwtResponseModes.enabled?

optional enabled?: boolean

jwtUserinfo?

optional jwtUserinfo?: object

jwtUserinfo.enabled?

optional enabled?: boolean

mTLS?

optional mTLS?: object

mTLS.certificateAuthorized?

optional certificateAuthorized?: (ctx) => boolean

Parameters

ctx

KoaContextWithOIDC

Returns

boolean

mTLS.certificateBoundAccessTokens?

optional certificateBoundAccessTokens?: boolean

mTLS.certificateSubjectMatches?

optional certificateSubjectMatches?: (ctx, property, expected) => boolean

Parameters

ctx

KoaContextWithOIDC

property

TLSClientAuthProperty

expected

string

Returns

boolean

mTLS.enabled?

optional enabled?: boolean

mTLS.getCertificate?

optional getCertificate?: (ctx) => string | X509Certificate | undefined

Parameters

ctx

KoaContextWithOIDC

Returns

string | X509Certificate | undefined

mTLS.selfSignedTlsClientAuth?

optional selfSignedTlsClientAuth?: boolean

mTLS.tlsClientAuth?

optional tlsClientAuth?: boolean

pushedAuthorizationRequests?

optional pushedAuthorizationRequests?: object

pushedAuthorizationRequests.allowUnregisteredRedirectUris?

optional allowUnregisteredRedirectUris?: boolean

pushedAuthorizationRequests.enabled?

optional enabled?: boolean

pushedAuthorizationRequests.requirePushedAuthorizationRequests?

optional requirePushedAuthorizationRequests?: boolean

registration?

optional registration?: object

registration.enabled?

optional enabled?: boolean

registration.idFactory?

optional idFactory?: (ctx) => string

Parameters

ctx

KoaContextWithOIDC

Returns

string

registration.initialAccessToken?

optional initialAccessToken?: string | boolean

registration.issueRegistrationAccessToken?

optional issueRegistrationAccessToken?: boolean | IssueRegistrationAccessTokenFunction

registration.policies?

optional policies?: object

Index Signature

[key: string]: (ctx, metadata) => CanBePromise<void | undefined>

registration.secretFactory?

optional secretFactory?: (ctx) => string

Parameters

ctx

KoaContextWithOIDC

Returns

string

registrationManagement?

optional registrationManagement?: object

registrationManagement.enabled?

optional enabled?: boolean

registrationManagement.rotateRegistrationAccessToken?

optional rotateRegistrationAccessToken?: boolean | RotateRegistrationAccessTokenFunction

requestObjects?

optional requestObjects?: object

requestObjects.assertJwtClaimsAndHeader?

optional assertJwtClaimsAndHeader?: (ctx, claims, header, client) => CanBePromise<void>

Parameters

ctx

KoaContextWithOIDC

claims

Record<string, JsonValue>

header

Record<string, JsonValue>

client

Client

Returns

CanBePromise<void>

requestObjects.enabled?

optional enabled?: boolean

requestObjects.requireSignedRequestObject?

optional requireSignedRequestObject?: boolean

resourceIndicators?

optional resourceIndicators?: object

resourceIndicators.defaultResource?

optional defaultResource?: (ctx, client, oneOf?) => CanBePromise<string | string[]>

Parameters

ctx

KoaContextWithOIDC

client

Client

oneOf?

string[]

Returns

CanBePromise<string | string[]>

resourceIndicators.enabled?

optional enabled?: boolean

resourceIndicators.getResourceServerInfo?

optional getResourceServerInfo?: (ctx, resourceIndicator, client) => CanBePromise<ResourceServer>

Parameters

ctx

KoaContextWithOIDC

resourceIndicator

string

client

Client

Returns

CanBePromise<ResourceServer>

resourceIndicators.useGrantedResource?

optional useGrantedResource?: (ctx, model) => CanBePromise<boolean>

Parameters

ctx

KoaContextWithOIDC

model

AuthorizationCode | DeviceCode | BackchannelAuthenticationRequest | RefreshToken

Returns

CanBePromise<boolean>

revocation?

optional revocation?: object

revocation.allowedPolicy?

optional allowedPolicy?: (ctx, client, token) => CanBePromise<boolean>

Parameters

ctx

KoaContextWithOIDC

client

Client

token

AccessToken | ClientCredentials | RefreshToken

Returns

CanBePromise<boolean>

revocation.enabled?

optional enabled?: boolean

richAuthorizationRequests?

optional richAuthorizationRequests?: object

Index Signature

[key: string]: any

richAuthorizationRequests.ack?

optional ack?: string

richAuthorizationRequests.enabled?

optional enabled?: boolean

rpInitiatedLogout?

optional rpInitiatedLogout?: object

rpInitiatedLogout.enabled?

optional enabled?: boolean

rpInitiatedLogout.logoutSource?

optional logoutSource?: (ctx, form) => CanBePromise<void | undefined>

Parameters

ctx

KoaContextWithOIDC

form

string

Returns

CanBePromise<void | undefined>

rpInitiatedLogout.postLogoutSuccessSource?

optional postLogoutSuccessSource?: (ctx) => CanBePromise<void | undefined>

Parameters

ctx

KoaContextWithOIDC

Returns

CanBePromise<void | undefined>

rpMetadataChoices?

optional rpMetadataChoices?: object

Index Signature

[key: string]: any

rpMetadataChoices.ack?

optional ack?: string

rpMetadataChoices.enabled?

optional enabled?: boolean

userinfo?

optional userinfo?: object

userinfo.enabled?

optional enabled?: boolean

webMessageResponseMode?

optional webMessageResponseMode?: object

webMessageResponseMode.ack?

optional ack?: string

webMessageResponseMode.enabled?

optional enabled?: boolean

---

fetch?

optional fetch?: {(input, init?): Promise<Response>; (input, init?): Promise<Response>; }

Defined in: @types/oidc-provider/index.d.ts:1313

Call Signature

(input, init?): Promise<Response>

MDN Reference

Parameters

input

RequestInfo | URL

init?

RequestInit

Returns

Promise<Response>

Call Signature

(input, init?): Promise<Response>

MDN Reference

Parameters

input

string | Request | URL

init?

RequestInit

Returns

Promise<Response>

---

findAccount?

optional findAccount?: FindAccount

Defined in: @types/oidc-provider/index.d.ts:1422

---

formats?

optional formats?: object

Defined in: @types/oidc-provider/index.d.ts:950

bitsOfOpaqueRandomness?

optional bitsOfOpaqueRandomness?: number | ((ctx, model) => number)

customizers?

optional customizers?: object

customizers.jwt?

optional jwt?: (ctx, token, parts) => CanBePromise<JWTStructured>

Parameters

ctx

KoaContextWithOIDC

token

AccessToken | ClientCredentials

parts

JWTStructured

Returns

CanBePromise<JWTStructured>

---

interactions?

optional interactions?: object

Defined in: @types/oidc-provider/index.d.ts:1415

policy?

optional policy?: Prompt[]

url?

optional url?: (ctx, interaction) => CanBePromise<string>

Parameters

ctx

KoaContextWithOIDC

interaction

Interaction

Returns

CanBePromise<string>

---

issueRefreshToken?

optional issueRefreshToken?: (ctx, client, code) => CanBePromise<boolean>

Defined in: @types/oidc-provider/index.d.ts:1319

Parameters

ctx

KoaContextWithOIDC

client

Client

code

AuthorizationCode | DeviceCode | BackchannelAuthenticationRequest

Returns

CanBePromise<boolean>

---

jwks?

optional jwks?: JWKS

Defined in: @types/oidc-provider/index.d.ts:1327

---

loadExistingGrant?

optional loadExistingGrant?: (ctx) => CanBePromise<Grant | undefined>

Defined in: @types/oidc-provider/index.d.ts:1383

Parameters

ctx

KoaContextWithOIDC

Returns

CanBePromise<Grant | undefined>

---

pairwiseIdentifier?

optional pairwiseIdentifier?: (ctx, accountId, client) => CanBePromise<string>

Defined in: @types/oidc-provider/index.d.ts:1360

Parameters

ctx

KoaContextWithOIDC

accountId

string

client

Client

Returns

CanBePromise<string>

---

pkce?

optional pkce?: object

Defined in: @types/oidc-provider/index.d.ts:1333

required?

optional required?: (ctx, client) => boolean

Parameters

ctx

KoaContextWithOIDC

client

Client

Returns

boolean

---

renderError?

optional renderError?: (ctx, out, error) => CanBePromise<void | undefined>

Defined in: @types/oidc-provider/index.d.ts:1403

Parameters

ctx

KoaContextWithOIDC

out

ErrorOut

error

OIDCProviderError | Error

Returns

CanBePromise<void | undefined>

---

responseTypes?

optional responseTypes?: ResponseType[]

Defined in: @types/oidc-provider/index.d.ts:1329

---

revokeGrantPolicy?

optional revokeGrantPolicy?: (ctx) => boolean

Defined in: @types/oidc-provider/index.d.ts:1331

Parameters

ctx

KoaContextWithOIDC

Returns

boolean

---

rotateRefreshToken?

optional rotateRefreshToken?: boolean | ((ctx) => CanBePromise<boolean>)

Defined in: @types/oidc-provider/index.d.ts:1401

---

routes?

optional routes?: object

Defined in: @types/oidc-provider/index.d.ts:1339

authorization?

optional authorization?: string

backchannel_authentication?

optional backchannel_authentication?: string

code_verification?

optional code_verification?: string

device_authorization?

optional device_authorization?: string

end_session?

optional end_session?: string

introspection?

optional introspection?: string

jwks?

optional jwks?: string

pushed_authorization_request?

optional pushed_authorization_request?: string

registration?

optional registration?: string

revocation?

optional revocation?: string

token?

optional token?: string

userinfo?

optional userinfo?: string

---

scopes?

optional scopes?: string[]

Defined in: @types/oidc-provider/index.d.ts:1356

---

subjectTypes?

optional subjectTypes?: SubjectTypes[]

Defined in: @types/oidc-provider/index.d.ts:1358

---

ttl?

optional ttl?: object

Defined in: @types/oidc-provider/index.d.ts:1366

Index Signature

[key: string]: unknown

AccessToken?

optional AccessToken?: number | TTLFunction<AccessToken>

AuthorizationCode?

optional AuthorizationCode?: number | TTLFunction<AuthorizationCode>

BackchannelAuthenticationRequest?

optional BackchannelAuthenticationRequest?: number | TTLFunction<BackchannelAuthenticationRequest>

ClientCredentials?

optional ClientCredentials?: number | TTLFunction<ClientCredentials>

DeviceCode?

optional DeviceCode?: number | TTLFunction<DeviceCode>

Grant?

optional Grant?: number | TTLFunction<Grant>

IdToken?

optional IdToken?: number | TTLFunction<IdToken>

Interaction?

optional Interaction?: number | TTLFunction<Interaction>

RefreshToken?

optional RefreshToken?: number | TTLFunction<RefreshToken>

Session?

optional Session?: number | TTLFunction<Session>