If you need to send custom parameters to the Authorization Server, make sure to use the original parameter name.
Changes to recommended defaults, like defaultScope
The default scope to be included with all requests. If
not provided, 'openid profile email' is used.
This can be set to null in order to
effectively remove the default scopes.
Note: The openid scope is
always applied regardless of this
setting.
The default audience to be used for requesting API access.
A maximum number of seconds to wait before declaring background calls to /authorize as failed for timeout Defaults to 60s.
Specify a custom cache implementation to use for token
storage and retrieval. This setting takes precedence over
cacheLocation if they are both specified.
Read more about creating a custom cache
The location to use when storing cache data. Valid values
are memory or localstorage. The
default setting is memory.
The Client ID found on your Application settings page
The name of the connection configured for your application. If null, it will redirect to the Authok Login Page and show the Login Widget.
Your Authok account domain such as
'example.cn.authok.cn',
'example.cn.authok.cn' or ,
'example.mycompany.com' (when using
custom domains)
Path in your application to redirect to when the
Authorization server returns an error. Defaults to
/
Configuration for the built-in Http Interceptor, used for automatically attaching access tokens.
The Id of an invitation to accept.
This is available from the user invitation URL that is given when participating in a user invitation flow.
The issuer to be used for validation of JWTs, optionally defaults to the domain above
The value in seconds used to account for clock skew in JWT expirations. Typically, this value is no more than a minute or two at maximum. Defaults to 60s.
Maximum allowable elapsed time (in seconds) since authentication. If the last time the user authenticated is greater than this value, the user must be reauthenticated.
Modify the value used as the current time during the token validation.
Note: Using this improperly can potentially compromise the token validation.
The Id of an organization to log in to
This will specify an organization parameter in
your user's login request and will add a step to validate
the org_id claim in your user's ID Token.
The default URL where Authok will redirect your browser to with the authentication result. It must be added to the "Allowed Callback URLs" field in your Authok Application's settings. If not provided here, it should be provided in the other methods that provide authentication.
The default scope to be used on authentication requests. The defaultScope defined in the AuthokClient is included along with this scope
By default, if the page URL has code and state parameters,
the SDK will assume they are for an Authok application and
attempt to exchange the code for a token. In some cases the
code might be for something else (e.g. another OAuth SDK).
In these instances you can instruct the client to ignore
them by setting skipRedirectCallback.
AuthModule.forRoot({
skipRedirectCallback: window.location.pathname === '/other-callback'
})
Note: In the above example,
/other-callback is an existing route that will be
called by any other OAuth provider with a
code (or error in case when
something went wrong) and state.
If true, refresh tokens are used to fetch new access tokens
from the Authok server. If false, the legacy technique of
using a hidden iframe and the
authorization_code grant with
prompt=none is used. The default setting is
false.
Note: Use of refresh tokens must be enabled by an administrator on your Authok client application.
Configuration for the authentication service