# Switch to enable disable the core OpenID feature.
#
# Cascading: false
# Reloadable: true
#
# Default: false
com.openexchange.oidc.enabled = false

# Start the default core OpenID backend.
#
# Cascading: false
# Reloadable: true
#
# Default: false
com.openexchange.oidc.startDefaultBackend = false

# The client id, which was assigned by thr OP to this client/backend
# on registration
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.clientId =

# The path to the init servlet of this backend
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.rpRedirectURIInit =

# The path to the authentication servlet of this backend
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.rpRedirectURIAuth =

# The OPs authorization endpoint
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.opAuthorizationEndpoint =

# The OPs token endpoint
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.opTokenEndpoint =

# The client secret, which was assigned by the OP to this client/backend
# on registration
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.clientSecret =

# The OPs JWK Set endpoint
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.opJwkSetEndpoint =

# The used JWS encryption algorithm
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.jwsAlgorithm =

# The used scope
#
# Cascading: false
# Reloadable: true
#
# Default: OpenID
com.openexchange.oidc.scope = OpenID

# The OPs issuer path
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.opIssuer =

# The OPs response type, which also identifies the used flow
#
# Cascading: false
# Reloadable: true
#
# Default: code
com.openexchange.oidc.responseType = code

# The OPs logout endpoint
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.opLogoutEndpoint =

# The location where the Browser should be redirected after logout
# from OP
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.rpRedirectURIPostSSOLogout =

# Whether to redirect to the OP on logout trigger from client or not
#
# Cascading: false
# Reloadable: true
#
# Default: false
com.openexchange.oidc.ssoLogout = false

# Where to redirect the user after a valid logout
#
# Cascading: false
# Reloadable: true
#
# Default: false
com.openexchange.oidc.rpRedirectURILogout = false

# Which login mode is enabled look at {@link OIDCBackendConfig.AutologinMode} for all valid values,
# so far the following values are valid: {off, ox_direct, sso_redirect}.
# off - no autologin
# ox_direct - load user session from cookie and load Appsuite directly
# sso_redirect - check for a valid session on OPs side before login into
#   a valid session loaded from a cookie
#
# Cascading: false
# Reloadable: true
#
# Default: off
com.openexchange.oidc.autologinCookieMode = off

# Time in milliseconds determines how long before the expiration of the
# OAuth AccessToken a new AccessToken should be requested. "refresh_token"
# grant type must be registered for this client.
#
# Cascading: false
# Reloadable: true
#
# Default: 60000
com.openexchange.oidc.oauthRefreshTime = 60000

# This backends UI path
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.uiWebPath =

# This backends servlet path, which is appended to the default /oidc/ path.
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.backendPath =

# This contains a comma separated list of hosts, that this backend supports.
#
# Cascading: false
# Reloadable: true
#
# Default: <empty>
com.openexchange.oidc.hosts =
