Skip to content

Commit

Permalink
Improve documentation of OIDC activation configuration
Browse files Browse the repository at this point in the history 
A follow-up to #1683
  • Loading branch information
@banterCZ
banterCZ committed Oct 9, 2024
1 parent 3f3ccb0 commit b1def3d
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 4 deletions.
4 changes: 3 additions & 1 deletion docs/OIDC-Activation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,9 @@ PowerAuth protocol allows activation using OpenID Connect (OIDC) protocol.
## OIDC Activation Configuration

To enable OIDC activation, an entry with the key `oauth2_providers` must exist in the table `pa_application_config`.
Mind that this table supports encryption.
This configuration is partially exposed to the mobile token by the Enrollment Server, because some values are required for calling the authorize endpoint.

Mind that this table supports encryption, see [Encrypting Records in Database](./Encrypting-Records-in-Database.md) for details.


### Required Configuration
Expand Down
12 changes: 10 additions & 2 deletions docs/WebServices-Methods.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -374,7 +374,14 @@ REST endpoint: `POST /rest/v3/application/config/detail`

The `ApplicationConfigurationItem` record contains following parameters:
- `String key` - configuration key name
- `List<Object> values` - configuration values
- `List<Object> values` - configuration values

Following configuration keys are expected:

- `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed
- `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed
- `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format
- `oauth2_providers` - Configuration of OAuth 2.0 providers, see [OpenID Connect (OIDC) Activation](./OIDC-Activation.md) for details.

### Method 'createApplicationConfig'

Expand All @@ -393,10 +400,11 @@ REST endpoint: `POST /rest/v3/application/config/create`
| `List<Object>` | `values` | Application configuration values serialized as JSON array |

Following configuration keys are accepted:

- `fido2_attestation_fmt_allowed` - list of allowed attestation formats for FIDO2 registrations, unset value means all attestation formats are allowed
- `fido2_aaguids_allowed` - list of allowed AAGUIDs for FIDO2 registration, unset value means all AAGUIDs are allowed
- `fido2_root_ca_certs` - list of trusted root CA certificates for certificate validation in PEM format
- `oauth2_providers` - Configuration of OAuth 2.0 providers.
- `oauth2_providers` - Configuration of OAuth 2.0 providers, see for [OpenID Connect (OIDC) Activation](./OIDC-Activation.md) details.

#### Response

Expand Down
1 change: 0 additions & 1 deletion docs/_Sidebar.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@

- [Web Services - Methods](WebServices-Methods.md)
- [FIDO2 API](FIDO2-API.md)
- [OpenID Connect (OIDC) Activation](OIDC-Activation.md)
- [Telemetry API](Telemetry-API.md)
- [Database Structure](./Database-Structure.md)
- [Error Codes](./Server-Error-Codes.md)
Expand Down

0 comments on commit b1def3d

Please sign in to comment.