Attribute | Required | Description |
---|---|---|
Name | Yes | The application name. Maps to the client_name on Dynamic Client Registration |
Realm__c | Yes | The Realm under which the application lives |
ApplicationType__c | Yes | Applciation type. Possible values: resource_server |
Contacts__c | No | List of email addresses for the contacts of this application |
ExternalAuthServer__c | No | A reference to the External Auth Server responsible for generating access_tokens for this resource_server |
Attribute | Required | Description |
---|---|---|
ClientId__c | Yes | A unique identifier for the application. You must ensure that this value is generated by your administrator or through the DCR. Must not be allowed to the end user to choose this value |
ClientSecret__c | No |
Attribute | Required | Description |
---|---|---|
ResponseTypes__c | Yes | Only accepted value is none . A Resource Server will never be allowed to login a user. |
GrantTypes__c | Yes | grant_types which the resource_server commits to use. All other grant_types will be rejected. Only possible value is client_credentials |
RedirectUris__c | Yes | redirect_uris which the client commits to use. All other redirect_uris will be rejected |
AccessTokenExpirationTime__c | Yes | Expiration time for access_tokens when this resource_server is the audience. The value is defined by an adminsitration |
AccessTokenSigningAlgValue__c | Yes | Algorithm to sign the access_token when this resource server is the audience. A JWK with this algorithm must be available at the Realm JWKS |
RefreshTokenExpirationTime__c | Yes | Expiration time for refresh_tokens when this resource_server is the audience. The value is defined by an adminsitration |
TokenEndpointAuthMethod__c | Yes | Authentication method used when calling the token_endpoint |
TokenEndpointAuthSigning__c | No | Required only when token_endpoint_auth_method is one of private_key_jwt or client_secret_jwt |
RevocationEndpointAuthMethod__c | Yes | Authentication method used when calling the revocation_endpoint |
RevocationEndpointAuthSigning__c | No | Required only when revocation_endpoint_auth_method is one of private_key_jwt or client_secret_jwt |
IntrospectionEndpointAuthMethod__c | Yes | Authentication method used when calling the introspection_endpoint |
IntrospectionEndpointAuthSigning__c | No | Required only when introspection_endpoint_auth_method is one of private_key_jwt or client_secret_jwt |
Attribute | Required | Description |
---|---|---|
Jwks__c | No | Required if token_endpoint_auth_methods , revocation_endpoint_auth_method or introspection_endpoint_auth_method has value private_key_jwt . |
ResourceServer
sintrospection_endpoint
response.Attribute | Required | Description |
---|---|---|
Name | Yes | Name of the protected resource. Useful to search for protected resources |
ResourceServer__c | Yes | The resource_server to which this protected resource belongs to. |
ResourceUri__c | Yes | A URL which can be referenced by Applications when requesting access to this Protected Resource |
MaxAge__c | No | Maximum age for a user authentication beyond which an access_token will not be generated. e.g. If max age is 3600, only users who have successfully authenticated in the last 1h will receive an access_token. The refresh_token requests for the resource will also be rejected if the auth_time is older than max_age |
Scopes__c | No | Scopes required to have access to this resource |