---
title: SocialAuthTwitterModule
description: Resource path:
component: pingam
version: 8.1
page_id: pingam:entity-reference:sec-amster-entity-socialauthtwittermodule
canonical_url: https://docs.pingidentity.com/pingam/8.1/entity-reference/sec-amster-entity-socialauthtwittermodule.html
section_ids:
sec-amster-entity-socialauthtwittermodule-realm-ops: Realm Operations
sec-amster-entity-socialauthtwittermodule-realm-ops-create: create
sec-amster-entity-socialauthtwittermodule-realm-ops-delete: delete
sec-amster-entity-socialauthtwittermodule-realm-ops-getalltypes: getAllTypes
sec-amster-entity-socialauthtwittermodule-realm-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-socialauthtwittermodule-realm-ops-nextdescendents: nextdescendents
sec-amster-entity-socialauthtwittermodule-realm-ops-query: query
sec-amster-entity-socialauthtwittermodule-realm-ops-read: read
sec-amster-entity-socialauthtwittermodule-realm-ops-update: update
sec-amster-entity-socialauthtwittermodule-global-ops: Global Operations
sec-amster-entity-socialauthtwittermodule-global-ops-getalltypes: getAllTypes
sec-amster-entity-socialauthtwittermodule-global-ops-getcreatabletypes: getCreatableTypes
sec-amster-entity-socialauthtwittermodule-global-ops-nextdescendents: nextdescendents
sec-amster-entity-socialauthtwittermodule-global-ops-read: read
sec-amster-entity-socialauthtwittermodule-global-ops-update: update
---
# SocialAuthTwitterModule
## Realm Operations
Resource path:
```
/realm-config/authentication/modules/authSocialTwitter
```
Resource version: `0.0`
### create
**Usage**
```
am> create SocialAuthTwitterModule --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"core" : {
"type" : "object",
"title" : "Core",
"propertyOrder" : 0,
"properties" : {
"usesBasicAuth" : {
"title" : "Use Basic Auth",
"description" : "When enabled, the client will use basic auth for authenticating with the social auth provider. Enabled by default.",
"propertyOrder" : 1200,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"ssoProxyUrl" : {
"title" : "Proxy URL",
"description" : "The URL to the OpenAM OAuth proxy JSP
This URL should only be changed from the default, if an external server is performing the GET to POST proxying. The default is /openam/oauth2c/OAuthProxy.jsp",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"tokenEndpoint" : {
"title" : "Access Token Endpoint URL",
"description" : "OAuth access token endpoint URL
This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the RFC 6749, section 3.2",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"clientSecret" : {
"title" : "Client Secret",
"description" : "OAuth client_secret parameter
For more information on the OAuth client_secret parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authorizeEndpoint" : {
"title" : "Authentication Endpoint URL",
"description" : "OAuth authentication endpoint URL
This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticationLevel" : {
"title" : "Authentication Level",
"description" : "The authentication level associated with this module.
Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
"propertyOrder" : 100,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"userInfoEndpoint" : {
"title" : "User Profile Service URL",
"description" : "User profile information URL
This URL endpoint provides user profile information and is provided by the OAuth Identity Provider
NB This URL should return JSON objects in response",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"subjectProperty" : {
"title" : "Subject Property",
"description" : "Property used to identify which attribute an auth server identifies a user by.",
"propertyOrder" : 1100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"clientId" : {
"title" : "Client Id",
"description" : "OAuth client_id parameter
For more information on the OAuth client_id parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"provider" : {
"title" : "Social Provider",
"description" : "Social Provider for which this module is being setup.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"requestTokenEndpoint" : {
"title" : "Request Token Endpoint URL",
"description" : "OAuth request token endpoint URL
This is the URL endpoint for OAuth request token provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"accountProvisioning" : {
"type" : "object",
"title" : "Account Provisioning",
"propertyOrder" : 1,
"properties" : {
"attributeMappingClasses" : {
"title" : "Attribute Mapper",
"description" : "Name of the class that implements the attribute mapping
This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.
A custom attribute mapper must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1700,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"mapToAnonymousUser" : {
"title" : "Map to anonymous user",
"description" : "Enabled anonymous user access to OpenAM for OAuth authenticated users
If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the next parameter.
If not selected the users authenticated will be mapped by the parameters configured in the account mapper.
NB If Create account if it does not exist is enabled, that parameter takes precedence.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"enableRegistrationService" : {
"title" : "Use IDM as Registration Service",
"description" : "Whether to use IDM as an external Registration Service to complete registration for new users.
IDM is called and passed these parameters:
clientToken: Signed, encrypted JWT of the OAuth 2.0 authentication state.returnParams: Encoded URL parameters, required to be returned to AM to resume authentication after registration in IDM is complete.
",
"propertyOrder" : 1350,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountMapperConfiguration" : {
"title" : "Account Mapper Configuration",
"description" : "Mapping of OAuth account to local OpenAM account
Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to the local data store in the OpenAM. Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1600,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"saveAttributesInSession" : {
"title" : "Save attributes in the session",
"description" : "If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session",
"propertyOrder" : 2400,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountProviderClass" : {
"title" : "Account Provider",
"description" : "Name of the class implementing the account provider.
This class is used by the module to find the account from the attributes mapped by the Account Mapper org.forgerock.openam.authentication.modules.common.mapping.AccountProvider interface.
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"createAccount" : {
"title" : "Create account if it does not exist",
"description" : "If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter \"Prompt for password setting and activation code\" is enabled.
If this flag is not enabled, 3 alternative options exist:
- The accounts need to have a user profile in the OpenAM User Data Store
- The user does not have a user profile and the \"Ignore Profile\" is set in the Authentication Service of the realm.
- The account is mapped to an anonymous account (see parameter \"Map to anonymous user\" and \"Anonymous User\")
",
"propertyOrder" : 1360,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountMapperClass" : {
"title" : "Account Mapper",
"description" : "Name of the class implementing the attribute mapping for the account search.
This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.
The class must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1500,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"anonymousUserName" : {
"title" : "Anonymous User",
"description" : "Username of the OpenAM anonymous user
The username of the user that will represent the anonymous user. This user account must already exist in the realm.",
"propertyOrder" : 2100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"attributeMapperConfiguration" : {
"title" : "Attribute Mapper Configuration",
"description" : "Mapping of OAuth attributes to local OpenAM attributes
Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local user data store in the OpenAM.
Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1800,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
}
}
}
```
### delete
**Usage**
```
am> delete SocialAuthTwitterModule --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --realm Realm --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --realm Realm --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --realm Realm --actionName nextdescendents
```
### query
Get the full list of instances of this collection. This query only supports `_queryFilter=true` filter.
**Usage**
```
am> query SocialAuthTwitterModule --realm Realm --filter filter
```
**Parameters**
* *\--filter*
A CREST formatted query filter, where "true" will query all.
### read
**Usage**
```
am> read SocialAuthTwitterModule --realm Realm --id id
```
**Parameters**
* *\--id*
The unique identifier for the resource.
### update
**Usage**
```
am> update SocialAuthTwitterModule --realm Realm --id id --body body
```
**Parameters**
* *\--id*
The unique identifier for the resource.
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"core" : {
"type" : "object",
"title" : "Core",
"propertyOrder" : 0,
"properties" : {
"usesBasicAuth" : {
"title" : "Use Basic Auth",
"description" : "When enabled, the client will use basic auth for authenticating with the social auth provider. Enabled by default.",
"propertyOrder" : 1200,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"ssoProxyUrl" : {
"title" : "Proxy URL",
"description" : "The URL to the OpenAM OAuth proxy JSP
This URL should only be changed from the default, if an external server is performing the GET to POST proxying. The default is /openam/oauth2c/OAuthProxy.jsp",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"tokenEndpoint" : {
"title" : "Access Token Endpoint URL",
"description" : "OAuth access token endpoint URL
This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the RFC 6749, section 3.2",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"clientSecret" : {
"title" : "Client Secret",
"description" : "OAuth client_secret parameter
For more information on the OAuth client_secret parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"authorizeEndpoint" : {
"title" : "Authentication Endpoint URL",
"description" : "OAuth authentication endpoint URL
This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticationLevel" : {
"title" : "Authentication Level",
"description" : "The authentication level associated with this module.
Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
"propertyOrder" : 100,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"userInfoEndpoint" : {
"title" : "User Profile Service URL",
"description" : "User profile information URL
This URL endpoint provides user profile information and is provided by the OAuth Identity Provider
NB This URL should return JSON objects in response",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"subjectProperty" : {
"title" : "Subject Property",
"description" : "Property used to identify which attribute an auth server identifies a user by.",
"propertyOrder" : 1100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"clientId" : {
"title" : "Client Id",
"description" : "OAuth client_id parameter
For more information on the OAuth client_id parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"provider" : {
"title" : "Social Provider",
"description" : "Social Provider for which this module is being setup.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"requestTokenEndpoint" : {
"title" : "Request Token Endpoint URL",
"description" : "OAuth request token endpoint URL
This is the URL endpoint for OAuth request token provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
}
}
},
"accountProvisioning" : {
"type" : "object",
"title" : "Account Provisioning",
"propertyOrder" : 1,
"properties" : {
"attributeMappingClasses" : {
"title" : "Attribute Mapper",
"description" : "Name of the class that implements the attribute mapping
This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.
A custom attribute mapper must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1700,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"mapToAnonymousUser" : {
"title" : "Map to anonymous user",
"description" : "Enabled anonymous user access to OpenAM for OAuth authenticated users
If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the next parameter.
If not selected the users authenticated will be mapped by the parameters configured in the account mapper.
NB If Create account if it does not exist is enabled, that parameter takes precedence.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"enableRegistrationService" : {
"title" : "Use IDM as Registration Service",
"description" : "Whether to use IDM as an external Registration Service to complete registration for new users.
IDM is called and passed these parameters:
clientToken: Signed, encrypted JWT of the OAuth 2.0 authentication state.returnParams: Encoded URL parameters, required to be returned to AM to resume authentication after registration in IDM is complete.
",
"propertyOrder" : 1350,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountMapperConfiguration" : {
"title" : "Account Mapper Configuration",
"description" : "Mapping of OAuth account to local OpenAM account
Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to the local data store in the OpenAM. Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1600,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"saveAttributesInSession" : {
"title" : "Save attributes in the session",
"description" : "If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session",
"propertyOrder" : 2400,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountProviderClass" : {
"title" : "Account Provider",
"description" : "Name of the class implementing the account provider.
This class is used by the module to find the account from the attributes mapped by the Account Mapper org.forgerock.openam.authentication.modules.common.mapping.AccountProvider interface.
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"createAccount" : {
"title" : "Create account if it does not exist",
"description" : "If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter \"Prompt for password setting and activation code\" is enabled.
If this flag is not enabled, 3 alternative options exist:
- The accounts need to have a user profile in the OpenAM User Data Store
- The user does not have a user profile and the \"Ignore Profile\" is set in the Authentication Service of the realm.
- The account is mapped to an anonymous account (see parameter \"Map to anonymous user\" and \"Anonymous User\")
",
"propertyOrder" : 1360,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountMapperClass" : {
"title" : "Account Mapper",
"description" : "Name of the class implementing the attribute mapping for the account search.
This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.
The class must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1500,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"anonymousUserName" : {
"title" : "Anonymous User",
"description" : "Username of the OpenAM anonymous user
The username of the user that will represent the anonymous user. This user account must already exist in the realm.",
"propertyOrder" : 2100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"attributeMapperConfiguration" : {
"title" : "Attribute Mapper Configuration",
"description" : "Mapping of OAuth attributes to local OpenAM attributes
Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local user data store in the OpenAM.
Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1800,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
}
}
}
}
}
```
## Global Operations
Resource path:
```
/global-config/authentication/modules/authSocialTwitter
```
Resource version: `1.0`
### getAllTypes
Obtain the collection of all secondary configuration types related to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --global --actionName getAllTypes
```
### getCreatableTypes
Obtain the collection of secondary configuration types that have yet to be added to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --global --actionName getCreatableTypes
```
### nextdescendents
Obtain the collection of secondary configuration instances that have been added to the resource.
**Usage**
```
am> action SocialAuthTwitterModule --global --actionName nextdescendents
```
### read
**Usage**
```
am> read SocialAuthTwitterModule --global
```
### update
**Usage**
```
am> update SocialAuthTwitterModule --global --body body
```
**Parameters**
* *\--body*
The resource in JSON format, described by the following JSON schema:
```json
{
"type" : "object",
"properties" : {
"defaults" : {
"properties" : {
"accountProvisioning" : {
"type" : "object",
"title" : "Account Provisioning",
"propertyOrder" : 1,
"properties" : {
"mapToAnonymousUser" : {
"title" : "Map to anonymous user",
"description" : "Enabled anonymous user access to OpenAM for OAuth authenticated users
If selected, the authenticated users in the OAuth 2.0 Provider will be mapped to the anonymous user configured in the next parameter.
If not selected the users authenticated will be mapped by the parameters configured in the account mapper.
NB If Create account if it does not exist is enabled, that parameter takes precedence.",
"propertyOrder" : 2000,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"accountMapperConfiguration" : {
"title" : "Account Mapper Configuration",
"description" : "Mapping of OAuth account to local OpenAM account
Attribute configuration that will be used to map the account of the user authenticated in the OAuth 2.0 Provider to the local data store in the OpenAM. Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1600,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"accountMapperClass" : {
"title" : "Account Mapper",
"description" : "Name of the class implementing the attribute mapping for the account search.
This class is used by the module to map from the account information received from the OAuth Identity Provider into OpenAM.
The class must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1500,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"saveAttributesInSession" : {
"title" : "Save attributes in the session",
"description" : "If this option is enabled, the attributes configured in the attribute mapper will be saved into the OpenAM session",
"propertyOrder" : 2400,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"attributeMapperConfiguration" : {
"title" : "Attribute Mapper Configuration",
"description" : "Mapping of OAuth attributes to local OpenAM attributes
Attribute configuration that will be used to map the user info obtained from the OAuth 2.0 Provider to the local user data store in the OpenAM.
Example: OAuth2.0_attribute=local_attribute",
"propertyOrder" : 1800,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"accountProviderClass" : {
"title" : "Account Provider",
"description" : "Name of the class implementing the account provider.
This class is used by the module to find the account from the attributes mapped by the Account Mapper org.forgerock.openam.authentication.modules.common.mapping.AccountProvider interface.
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"attributeMappingClasses" : {
"title" : "Attribute Mapper",
"description" : "Name of the class that implements the attribute mapping
This class maps the OAuth properties into OpenAM properties. A custom attribute mapper can be provided.
A custom attribute mapper must implement the org.forgerock.openam.authentication.modules.common.mapping.AttributeMapper interface.
Provided implementations are:- org.forgerock.openam.authentication.modules.common.mapping.JsonAttributeMapper
- org.forgerock.openam.authentication.modules.oidc.JwtAttributeMapper (can only be used when using the openid scope)
String constructor parameters can be provided by appending | separated values.",
"propertyOrder" : 1700,
"required" : true,
"items" : {
"type" : "string"
},
"type" : "array",
"exampleValue" : ""
},
"createAccount" : {
"title" : "Create account if it does not exist",
"description" : "If the OAuth2 account does not exist in the local OpenAM data store, an account will be created dynamically.
If this is enabled, the account mapper could create the account dynamically if there is no account mapped. Before creating the account, a dialog prompting for a password and asking for an activation code can be shown if the parameter \"Prompt for password setting and activation code\" is enabled.
If this flag is not enabled, 3 alternative options exist:
- The accounts need to have a user profile in the OpenAM User Data Store
- The user does not have a user profile and the \"Ignore Profile\" is set in the Authentication Service of the realm.
- The account is mapped to an anonymous account (see parameter \"Map to anonymous user\" and \"Anonymous User\")
",
"propertyOrder" : 1360,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
},
"anonymousUserName" : {
"title" : "Anonymous User",
"description" : "Username of the OpenAM anonymous user
The username of the user that will represent the anonymous user. This user account must already exist in the realm.",
"propertyOrder" : 2100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"enableRegistrationService" : {
"title" : "Use IDM as Registration Service",
"description" : "Whether to use IDM as an external Registration Service to complete registration for new users.
IDM is called and passed these parameters:
clientToken: Signed, encrypted JWT of the OAuth 2.0 authentication state.returnParams: Encoded URL parameters, required to be returned to AM to resume authentication after registration in IDM is complete.
",
"propertyOrder" : 1350,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
},
"core" : {
"type" : "object",
"title" : "Core",
"propertyOrder" : 0,
"properties" : {
"ssoProxyUrl" : {
"title" : "Proxy URL",
"description" : "The URL to the OpenAM OAuth proxy JSP
This URL should only be changed from the default, if an external server is performing the GET to POST proxying. The default is /openam/oauth2c/OAuthProxy.jsp",
"propertyOrder" : 1300,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"requestTokenEndpoint" : {
"title" : "Request Token Endpoint URL",
"description" : "OAuth request token endpoint URL
This is the URL endpoint for OAuth request token provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authenticationLevel" : {
"title" : "Authentication Level",
"description" : "The authentication level associated with this module.
Each authentication module has an authentication level that can be used to indicate the level of security associated with the module; 0 is the lowest (and the default).",
"propertyOrder" : 100,
"required" : true,
"type" : "integer",
"exampleValue" : ""
},
"clientId" : {
"title" : "Client Id",
"description" : "OAuth client_id parameter
For more information on the OAuth client_id parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 400,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"provider" : {
"title" : "Social Provider",
"description" : "Social Provider for which this module is being setup.",
"propertyOrder" : 200,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"subjectProperty" : {
"title" : "Subject Property",
"description" : "Property used to identify which attribute an auth server identifies a user by.",
"propertyOrder" : 1100,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"userInfoEndpoint" : {
"title" : "User Profile Service URL",
"description" : "User profile information URL
This URL endpoint provides user profile information and is provided by the OAuth Identity Provider
NB This URL should return JSON objects in response",
"propertyOrder" : 800,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"authorizeEndpoint" : {
"title" : "Authentication Endpoint URL",
"description" : "OAuth authentication endpoint URL
This is the URL endpoint for OAuth authentication provided by the OAuth Identity Provider",
"propertyOrder" : 600,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"clientSecret" : {
"title" : "Client Secret",
"description" : "OAuth client_secret parameter
For more information on the OAuth client_secret parameter refer to the RFC 6749, section 2.3.1",
"propertyOrder" : 500,
"required" : true,
"type" : "string",
"format" : "password",
"exampleValue" : ""
},
"tokenEndpoint" : {
"title" : "Access Token Endpoint URL",
"description" : "OAuth access token endpoint URL
This is the URL endpoint for access token retrieval provided by the OAuth Identity Provider. Refer to the RFC 6749, section 3.2",
"propertyOrder" : 700,
"required" : true,
"type" : "string",
"exampleValue" : ""
},
"usesBasicAuth" : {
"title" : "Use Basic Auth",
"description" : "When enabled, the client will use basic auth for authenticating with the social auth provider. Enabled by default.",
"propertyOrder" : 1200,
"required" : true,
"type" : "boolean",
"exampleValue" : ""
}
}
}
},
"type" : "object",
"title" : "Realm Defaults"
}
}
}
```