# Configuration In this document are all the values which can be set to configure this library. | Name | Type | Description | Required | | ----------------------------------------- | -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | | `stsServer` | `string` | This is the redirect_url which was configured on the security token service (STS) server. | Yes | | `authWellknownEndpoint` | `string` | A different well known endpoint can be defined instead of the used STS domain, with the standard postfix. | No | | `redirectUrl` | `string` | This is the redirect_url which was configured on the security token service (STS) server. | No | | `clientId` | `string` | The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client. | No | | `responseType` | `string` | 'code', 'id_token token' or 'id_token' Name of the flow which can be configured. You must use the 'id_token token' flow, if you want to access an API or get user data from the server. The access_token is required for this, and only returned with this flow. | No | | `scope` | `string` | This is this scopes which are requested from the server from this client. This must match the STS server configuration. | No | | `hdParam` | `string` | Optional hd parameter for Google Auth with particular G Suite domain, see https://developers.google.com/identity/protocols/OpenIDConnect#hd-param | No | | `postLogoutRedirectUri` | `string` | URL after a server logout if using the end session API. | No | | `startCheckSession` | `boolean` | Starts the OpenID session management for this client. | No | | `silentRenew` | `boolean` | Renews the client tokens, once the token_id expires. Can use the iframes, or the refresh tokens | No | | `silentRenewUrl` | `string` | URL which can be used for a lightweight renew callback. See silent renew. | No | | `renewTimeBeforeTokenExpiresInSeconds` | `number` | Makes it possible to add an offset to the silent renew check in seconds. By entering a value, you can renew the tokens, before the tokens expire. | No | | `useRefreshToken` | `boolean` | boolean property set to false. Standard silent renew mode used per default. Refresh tokens can be activated. | No | | `ignoreNonceAfterRefresh` | `boolean` | A token obtained by using a refresh token normally doesn't contain a nonce value. The library checks it is not there. However some oidc endpoint implementations do send one. Setting ignore_nonce_after_refresh to true disables the check if a nonce is present. Please note that the nonce value, if present, will not be verified. Default is false. | No | | `postLoginRoute` | `string` | The default Angular route which is used after a successful login, if not using the trigger_authorization_result_event | No | | `forbiddenRoute` | `string` | Route, if the server returns a 403. This is an Angular route. HTTP 403 | No | | `unauthorizedRoute` | `string` | Route, if the server returns a 401. This is an Angular route. HTTP 401 | No | | `autoUserinfo` | `boolean` | Automatically get user info after authentication. | No | | `renewUserInfoAfterTokenRenew` | `boolean` | Automatically get user info after token renew. | No | | `autoCleanStateAfterAuthentication` | `boolean` | can be used for custom state logic handling, the state is not automatically reset, when set to false. | No | | `triggerAuthorizationResultEvent` | `boolean` | This can be set to `true` which emits an event instead of an angular route change. Instead of forcing the application consuming this library to automatically redirect to one of the 3 hard-configured routes (start, unauthorized, forbidden), this modification will add an extra configuration option to override such behavior and trigger an event that will allow to subscribe to it and let the application perform other actions. This would be useful to allow the application to save an initial return url so that the user is redirected to it after a successful login on the STS (ie: saving the return url previously on sessionStorage and then retrieving it during the triggering of the event). | No | | `logLevel` | `LogLevel` | 0, 1, 2 can be used to set the log level displayed in the console. | No | | `issValidationOff` | `boolean` | Make it possible to turn the iss validation off per configuration. You should not turn this off! | No | | `historyCleanupOff` | `boolean` | If this is active, the history is not cleaned up at an authorize callback. This can be used, when the application needs to preserve the history. | No | | `maxIdTokenIatOffsetAllowedInSeconds` | `number` | Amount of offset allowed beteen the server creating the token, and the client app receiving the id_token. The diff in time betweent the server time and client time is also important in validating this value. All times are in UTC. | No | | `disableIatOffsetValidation` | `boolean` | This allows the application to disable the iat offset validation check. The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks.The acceptable range is client specific. | No | | `storage` | `any` | You can set the storage to `localStorage`, or implement a custom storage (see README). | No | | `customParams` | `{ [key: string]: string, number, boolean }` | extra parameters can be added to the authorization URL request. | No | | `disableRefreshIdTokenAuthTimeValidation` | `boolean` | disables the auth_time validation for id_tokens in a refresh due to Azure incorrect implementation | No | | `eagerLoadAuthWellKnownEndpoints` | `boolean` | Tells if the AuthWellKnownEndpoints should be loaded on start or when the user calls the `authorize` method | No |