You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1087 lines
80 KiB
1087 lines
80 KiB
<Providers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:noNamespaceSchemaLocation="OpenIddictClientWebIntegrationProviders.xsd">
|
|
<!--
|
|
Note: for more information on how to add a new web provider integration, visit
|
|
https://documentation.openiddict.com/guides/contributing-a-new-web-provider.html.
|
|
-->
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█ ▄▄▀██ ▄▄▀██ ▄▄▄██ ▄▄▄ ██
|
|
█ ▀▀ ██ ██ ██ ▄▄███▄▄▄▀▀██
|
|
█ ██ ██ ▀▀ ██ █████ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="ActiveDirectoryFederationServices" DisplayName="Microsoft Active Directory Federation Services"
|
|
Documentation="https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios">
|
|
<!--
|
|
Note: Active Directory Federation Services (ADFS) is a self-hosted identity provider that
|
|
doesn't have a generic issuer URI. As such, the complete URI must always be set in the options.
|
|
-->
|
|
|
|
<Environment Issuer="{settings.Issuer}" />
|
|
|
|
<Setting PropertyName="Issuer" ParameterName="issuer" Type="Uri" Required="true"
|
|
Description="The URI used to access the ADFS instance, including the virtual directory (e.g https://contoso.com/adfs)" />
|
|
|
|
<Setting PropertyName="Resource" ParameterName="resource" Type="String" Required="false"
|
|
Description="The optional value used as the 'resource' parameter (e.g urn:microsoft:userinfo)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█ ▄▄▀██ ▄▄▀██ ▄▄▀██ ▄▄ █▄ ▄██ ▄▄▄ ████ ▄▄▄ ██ ▀██ ██ ████▄ ▄██ ▀██ ██ ▄▄▄██
|
|
█ ▀▀ ██ ▀▀▄██ █████ █▀▀██ ███▄▄▄▀▀████ ███ ██ █ █ ██ █████ ███ █ █ ██ ▄▄▄██
|
|
█ ██ ██ ██ ██ ▀▀▄██ ▀▀▄█▀ ▀██ ▀▀▀ ████ ▀▀▀ ██ ██▄ ██ ▀▀ █▀ ▀██ ██▄ ██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="ArcGisOnline" DisplayName="ArcGIS Online"
|
|
Documentation="https://developers.arcgis.com/documentation/mapping-apis-and-services/security/oauth-2.0/">
|
|
<Environment Issuer="https://www.arcgis.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.arcgis.com/sharing/rest/oauth2/authorize"
|
|
TokenEndpoint="https://www.arcgis.com/sharing/rest/oauth2/token"
|
|
UserinfoEndpoint="https://www.arcgis.com/sharing/rest/community/self">
|
|
<CodeChallengeMethod Value="plain" />
|
|
<CodeChallengeMethod Value="S256" />
|
|
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="client_credentials" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█ ▄▄▀██ ▄▄ ██ ▄▄ ██ █████ ▄▄▄██
|
|
█ ▀▀ ██ ▀▀ ██ ▀▀ ██ █████ ▄▄▄██
|
|
█ ██ ██ █████ █████ ▀▀ ██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Apple" DisplayName="Sign in with Apple"
|
|
Documentation="https://developer.apple.com/documentation/sign_in_with_apple/sign_in_with_apple_rest_api">
|
|
<Environment Issuer="https://appleid.apple.com/" />
|
|
|
|
<Setting PropertyName="SigningKey" ParameterName="key" Type="SigningKey" Required="true"
|
|
Description="The Elliptic Curve Digital Signature Algorithm (ECDSA) signing key associated with the developer account">
|
|
<SigningAlgorithm Value="ES256" />
|
|
</Setting>
|
|
|
|
<Setting PropertyName="TeamId" ParameterName="identifier" Type="String" Required="true"
|
|
Description="The team ID associated with the developer account" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█ ▄▄▀██ ▄▄▄ █ ▄▄▀██ ▀██ █ ▄▄▀██
|
|
█ ▀▀ ██▄▄▄▀▀█ ▀▀ ██ █ █ █ ▀▀ ██
|
|
█ ██ ██ ▀▀▀ █ ██ ██ ██▄ █ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Asana" Documentation="https://developers.asana.com/docs/openid-connect">
|
|
<Environment Issuer="https://app.asana.com/api/1.0" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀█ ▄▄▀██ ▄▄▄ ██ ▄▄▄██ ▄▄▀█ ▄▄▀██ ▄▀▄ ██ ▄▄ ██
|
|
██ ▄▄▀█ ▀▀ ██▄▄▄▀▀██ ▄▄▄██ ████ ▀▀ ██ █ █ ██ ▀▀ ██
|
|
██ ▀▀ █ ██ ██ ▀▀▀ ██ ▀▀▀██ ▀▀▄█ ██ ██ ███ ██ █████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Basecamp" Documentation="https://github.com/basecamp/api/blob/master/sections/authentication.md">
|
|
<!--
|
|
Note: Basecamp implements an old draft of the OAuth 2.0 specification and doesn't support the
|
|
"response_type" and "grant_type" parameters adopted in the final version of the standard.
|
|
|
|
To work around that, these parameters are dynamically mapped to "type=web_server" or "type=refresh"
|
|
depending on the desired flow (and whether the request is an authorization or token request).
|
|
-->
|
|
|
|
<Environment Issuer="https://launchpad.37signals.com/">
|
|
<Configuration AuthorizationEndpoint="https://launchpad.37signals.com/authorization/new"
|
|
TokenEndpoint="https://launchpad.37signals.com/authorization/token"
|
|
UserinfoEndpoint="https://launchpad.37signals.com/authorization.json">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀█ ▄▄▀█▄▄ ▄▄█▄▄ ▄▄██ █████ ▄▄▄█████ ▀██ ██ ▄▄▄█▄▄ ▄▄██
|
|
██ ▄▄▀█ ▀▀ ███ █████ ████ █████ ▄▄▄█▀▀██ █ █ ██ ▄▄▄███ ████
|
|
██ ▀▀ █ ██ ███ █████ ████ ▀▀ ██ ▀▀▀█▄▄██ ██▄ ██ ▀▀▀███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="BattleNet" DisplayName="Battle.net"
|
|
Documentation="https://develop.battle.net/documentation/guides/using-oauth">
|
|
<!--
|
|
Note: most Battle.net regions use the same issuer URI but a different domain is required for China.
|
|
-->
|
|
|
|
<Environment Issuer="https://oauth.{settings.Region switch {
|
|
string region when string.Equals(region, 'CN', StringComparison.OrdinalIgnoreCase)
|
|
=> 'battlenet.com.cn',
|
|
|
|
_ => 'battle.net' }}/" />
|
|
|
|
<Setting PropertyName="Region" ParameterName="region" Type="String" Required="false" DefaultValue="US"
|
|
Description="The preferred Battle.net region (by default, 'US')" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀█▄ ▄█▄▄ ▄▄██ ▄▄▀██ ██ ██ ▄▄▀██ █▀▄██ ▄▄▄█▄▄ ▄▄██
|
|
██ ▄▄▀██ ████ ████ ▄▄▀██ ██ ██ █████ ▄▀███ ▄▄▄███ ████
|
|
██ ▀▀ █▀ ▀███ ████ ▀▀ ██▄▀▀▄██ ▀▀▄██ ██ ██ ▀▀▀███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Bitbucket" Documentation="https://support.atlassian.com/bitbucket-cloud/docs/use-oauth-on-bitbucket-cloud/">
|
|
<Environment Issuer="https://bitbucket.org/">
|
|
<Configuration AuthorizationEndpoint="https://bitbucket.org/site/oauth2/authorize"
|
|
TokenEndpoint="https://bitbucket.org/site/oauth2/access_token"
|
|
UserinfoEndpoint="https://api.bitbucket.org/2.0/user">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█ ▄▄▀██ ▄▀▄ █ ▄▄▀██ ▄▄▄ ██ ▄▄▄ ██ ▀██ ████ ▄▄▀██ ▄▄▄ ██ ▄▄ ██ ▀██ █▄ ▄█▄▄ ▄▄██ ▄▄▄ ██
|
|
█ ▀▀ ██ █ █ █ ▀▀ ██▀▀▀▄▄██ ███ ██ █ █ ████ █████ ███ ██ █▀▀██ █ █ ██ ████ ████ ███ ██
|
|
█ ██ ██ ███ █ ██ ██ ▀▀▀ ██ ▀▀▀ ██ ██▄ ████ ▀▀▄██ ▀▀▀ ██ ▀▀▄██ ██▄ █▀ ▀███ ████ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Cognito" DisplayName="Amazon Cognito"
|
|
Documentation="https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-reference.html">
|
|
<Environment Issuer="https://cognito-idp.{settings.Region}.amazonaws.com/{settings.UserPoolId}" />
|
|
|
|
<Setting PropertyName="Region" ParameterName="region" Type="String" Required="true"
|
|
Description="The AWS region" />
|
|
|
|
<Setting PropertyName="UserPoolId" ParameterName="identifier" Type="String" Required="true"
|
|
Description="The User Pool ID" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀██ ▄▄▄██ ▄▄▄██ ▄▄▄ ██ ▄▄▄██ ▄▄▀██
|
|
██ ██ ██ ▄▄▄██ ▄▄▄██▀▀▀▄▄██ ▄▄▄██ ▀▀▄██
|
|
██ ▀▀ ██ ▀▀▀██ ▀▀▀██ ▀▀▀ ██ ▀▀▀██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Deezer" Documentation="https://developers.deezer.com/api/oauth">
|
|
<!--
|
|
Note: the Deezer documentation describes an implementation with important deviations from the OAuth 2.0 standard,
|
|
including the use of many non-standard and custom parameters. Luckily, while the documentation hasn't been fixed
|
|
to reflect it, the Deezer implementation has been updated at some point to also support the standard parameters.
|
|
As such, the Deezer integration tries to use the standard parameters and only uses the non-standard equivalents
|
|
when no other option exists (e.g an "output" query string parameter must be sent to get JSON token responses).
|
|
-->
|
|
|
|
<Environment Issuer="https://deezer.com/">
|
|
<Configuration AuthorizationEndpoint="https://connect.deezer.com/oauth/auth.php"
|
|
TokenEndpoint="https://connect.deezer.com/oauth/access_token.php"
|
|
UserinfoEndpoint="https://api.deezer.com/user/me" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀██ ▄▄▄██ ███ █▄ ▄█ ▄▄▀██ ▀██ █▄▄ ▄▄█ ▄▄▀██ ▄▄▀█▄▄ ▄▄██
|
|
██ ██ ██ ▄▄▄███ █ ███ ██ ▀▀ ██ █ █ ███ ███ ▀▀ ██ ▀▀▄███ ████
|
|
██ ▀▀ ██ ▀▀▀███▄▀▄██▀ ▀█ ██ ██ ██▄ ███ ███ ██ ██ ██ ███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="DeviantArt" Documentation="https://www.deviantart.com/developers/authentication">
|
|
<Environment Issuer="https://www.deviantart.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.deviantart.com/oauth2/authorize"
|
|
TokenEndpoint="https://www.deviantart.com/oauth2/token"
|
|
UserinfoEndpoint="https://www.deviantart.com/api/v1/oauth2/user/whoami">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="client_credentials" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀█▄ ▄██ ▄▄▄ ██ ▄▄▀██ ▄▄▄ ██ ▄▄▀██ ▄▄▀██
|
|
██ ██ ██ ███▄▄▄▀▀██ █████ ███ ██ ▀▀▄██ ██ ██
|
|
██ ▀▀ █▀ ▀██ ▀▀▀ ██ ▀▀▄██ ▀▀▀ ██ ██ ██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Discord" Documentation="https://discord.com/developers/docs/topics/oauth2">
|
|
<Environment Issuer="https://discord.com/">
|
|
<Configuration AuthorizationEndpoint="https://discord.com/oauth2/authorize"
|
|
TokenEndpoint="https://discord.com/api/oauth2/token"
|
|
UserinfoEndpoint="https://discord.com/api/oauth2/@me">
|
|
<CodeChallengeMethod Value="S256" />
|
|
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: Discord requires sending the "identify" scope to be able to use the userinfo endpoint.
|
|
-->
|
|
|
|
<Scope Name="identify" Default="true" Required="true" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀██ ▄▄▀██ ▄▄▄ ██ ▄▄ ██ ▄▄▀██ ▄▄▄ █▄▀█▀▄██
|
|
██ ██ ██ ▀▀▄██ ███ ██ ▀▀ ██ ▄▄▀██ ███ ███ ████
|
|
██ ▀▀ ██ ██ ██ ▀▀▀ ██ █████ ▀▀ ██ ▀▀▀ █▀▄█▄▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Dropbox" Documentation="https://developers.dropbox.com/oidc-guide">
|
|
<Environment Issuer="https://www.dropbox.com/">
|
|
<!--
|
|
Note: Dropbox requires sending at least either the "profile" or "email" scope.
|
|
To simplify the logic, the "profile" scope is considered required by OpenIddict.
|
|
-->
|
|
|
|
<Scope Name="profile" Default="true" Required="true" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄██ ▄▄ █▄ ▄██ ▄▄▀████ ▄▄ █ ▄▄▀██ ▄▀▄ ██ ▄▄▄██ ▄▄▄ ██
|
|
██ ▄▄▄██ ▀▀ ██ ███ ███████ █▀▀█ ▀▀ ██ █ █ ██ ▄▄▄██▄▄▄▀▀██
|
|
██ ▀▀▀██ ████▀ ▀██ ▀▀▄████ ▀▀▄█ ██ ██ ███ ██ ▀▀▀██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="EpicGames" DisplayName="Epic Games"
|
|
Documentation="https://dev.epicgames.com/docs/web-api-ref/authentication">
|
|
<Environment Issuer="https://api.epicgames.dev/epic/oauth/v1" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄█ ▄▄▀██ ▄▄▀██ ▄▄▄██ ▄▄▀██ ▄▄▄ ██ ▄▄▄ ██ █▀▄██
|
|
██ ▄▄██ ▀▀ ██ █████ ▄▄▄██ ▄▄▀██ ███ ██ ███ ██ ▄▀███
|
|
██ ████ ██ ██ ▀▀▄██ ▀▀▀██ ▀▀ ██ ▀▀▀ ██ ▀▀▀ ██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Facebook" Documentation="https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow">
|
|
<Environment Issuer="https://www.facebook.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.facebook.com/v16.0/dialog/oauth"
|
|
TokenEndpoint="https://graph.facebook.com/v16.0/oauth/access_token"
|
|
UserinfoEndpoint="https://graph.facebook.com/v16.0/me">
|
|
<CodeChallengeMethod Value="S256" />
|
|
</Configuration>
|
|
</Environment>
|
|
|
|
<Setting PropertyName="Fields" ParameterName="fields" Collection="true" Type="String"
|
|
Description="The fields that should be retrieved from the userinfo endpoint (by default, only basic fields are requested)">
|
|
<Item Value="email" Default="true" Required="false" />
|
|
<Item Value="first_name" Default="true" Required="false" />
|
|
<Item Value="last_name" Default="true" Required="false" />
|
|
<Item Value="name" Default="true" Required="false" />
|
|
</Setting>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄█▄ ▄█▄▄ ▄▄██ ▄▄▀█▄ ▄█▄▄ ▄▄██
|
|
██ ▄▄███ ████ ████ ▄▄▀██ ████ ████
|
|
██ ████▀ ▀███ ████ ▀▀ █▀ ▀███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Fitbit" Documentation="https://dev.fitbit.com/build/reference/web-api/developer-guide/authorization/">
|
|
<Environment Issuer="https://www.fitbit.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.fitbit.com/oauth2/authorize"
|
|
TokenEndpoint="https://api.fitbit.com/oauth2/token"
|
|
UserinfoEndpoint="https://api.fitbit.com/1/user/-/profile.json">
|
|
<CodeChallengeMethod Value="plain" />
|
|
<CodeChallengeMethod Value="S256" />
|
|
|
|
<TokenEndpointAuthMethod Value="client_secret_basic" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: Fitbit requires sending the "profile" scope to be able to use the userinfo endpoint.
|
|
-->
|
|
|
|
<Scope Name="profile" Default="true" Required="true" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ █▄ ▄█▄▄ ▄▄██ ██ ██ ██ ██ ▄▄▀██
|
|
██ █▀▀██ ████ ████ ▄▄ ██ ██ ██ ▄▄▀██
|
|
██ ▀▀▄█▀ ▀███ ████ ██ ██▄▀▀▄██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="GitHub" Documentation="https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps">
|
|
<Environment Issuer="https://github.com/">
|
|
<Configuration AuthorizationEndpoint="https://github.com/login/oauth/authorize"
|
|
DeviceAuthorizationEndpoint="https://github.com/login/device/code"
|
|
TokenEndpoint="https://github.com/login/oauth/access_token"
|
|
UserinfoEndpoint="https://api.github.com/user">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="urn:ietf:params:oauth:grant-type:device_code" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ █▄ ▄█▄▄ ▄▄██ ████ ▄▄▀██ ▄▄▀██
|
|
██ █▀▀██ ████ ████ ████ ▀▀ ██ ▄▄▀██
|
|
██ ▀▀▄█▀ ▀███ ████ ▀▀ █ ██ ██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="GitLab" Documentation="https://docs.gitlab.com/ee/integration/openid_connect_provider.html">
|
|
<Environment Issuer="https://gitlab.com/" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ ██ ▄▄▄ ██ ▄▄▄ ██ ▄▄ ██ █████ ▄▄▄██
|
|
██ █▀▀██ ███ ██ ███ ██ █▀▀██ █████ ▄▄▄██
|
|
██ ▀▀▄██ ▀▀▀ ██ ▀▀▀ ██ ▀▀▄██ ▀▀ ██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Google" Documentation="https://developers.google.com/identity/protocols/oauth2/openid-connect">
|
|
<Environment Issuer="https://accounts.google.com/" />
|
|
|
|
<Setting PropertyName="AccessType" ParameterName="type" Type="String" Required="false"
|
|
Description="The value used as the 'access_type' parameter (can be set to 'offline' to retrieve a refresh token)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ██ █ ▄▄▀██ ▄▄▀██ ███ ██ ▄▄▄██ ▄▄▄ █▄▄ ▄▄██
|
|
██ ▄▄ █ ▀▀ ██ ▀▀▄███ █ ███ ▄▄▄██▄▄▄▀▀███ ████
|
|
██ ██ █ ██ ██ ██ ███▄▀▄███ ▀▀▀██ ▀▀▀ ███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Harvest" Documentation="https://help.getharvest.com/api-v2/authentication-api/authentication/authentication/">
|
|
<Environment Issuer="https://id.getharvest.com/">
|
|
<Configuration AuthorizationEndpoint="https://id.getharvest.com/oauth2/authorize"
|
|
TokenEndpoint="https://id.getharvest.com/api/v2/oauth2/token"
|
|
UserinfoEndpoint="https://id.getharvest.com/api/v2/accounts">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ██ ██ ██ ██ ▄▄▀██ ▄▄▄ ██ ▄▄ ██ ▄▄▄ █▄▄ ▄▄██
|
|
██ ▄▄ ██ ██ ██ ▄▄▀██▄▄▄▀▀██ ▀▀ ██ ███ ███ ████
|
|
██ ██ ██▄▀▀▄██ ▀▀ ██ ▀▀▀ ██ █████ ▀▀▀ ███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="HubSpot" Documentation="https://developers.hubspot.com/docs/api/oauth-quickstart-guide">
|
|
<Environment Issuer="https://www.hubspot.com/">
|
|
<Configuration AuthorizationEndpoint="https://app.hubspot.com/oauth/authorize"
|
|
TokenEndpoint="https://api.hubapi.com/oauth/v1/token">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: HubSpot requires sending the "profile" scope to
|
|
be able to use the dynamic access token info endpoint.
|
|
-->
|
|
|
|
<Scope Name="oauth" Default="true" Required="true" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ █▀▄██ ▄▄▄██ ███ ██ ▄▄▀██ █████ ▄▄▄ █ ▄▄▀██ █▀▄██
|
|
██ ▄▀███ ▄▄▄██▄▀▀▀▄██ █████ █████ ███ █ ▀▀ ██ ▄▀███
|
|
██ ██ ██ ▀▀▀████ ████ ▀▀▄██ ▀▀ ██ ▀▀▀ █ ██ ██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Keycloak" Documentation="https://www.keycloak.org/getting-started/getting-started-docker">
|
|
<!--
|
|
Note: Keycloak is a self-hosted-only identity provider that doesn't have a generic issuer URI.
|
|
As such, the complete URI must always be set in the options and include the realm, if applicable.
|
|
-->
|
|
|
|
<Environment Issuer="{settings.Issuer}" />
|
|
|
|
<Setting PropertyName="Issuer" ParameterName="issuer" Type="Uri" Required="true"
|
|
Description="The URI used to access the Keycloak identity provider (including the realm, if applicable)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ████▄ ▄██ ▀██ ██ █▀▄██ ▄▄▄██ ▄▄▀█▄ ▄██ ▀██ ██
|
|
██ █████ ███ █ █ ██ ▄▀███ ▄▄▄██ ██ ██ ███ █ █ ██
|
|
██ ▀▀ █▀ ▀██ ██▄ ██ ██ ██ ▀▀▀██ ▀▀ █▀ ▀██ ██▄ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="LinkedIn" Documentation="https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/sign-in-with-linkedin">
|
|
<Environment Issuer="https://www.linkedin.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.linkedin.com/oauth/v2/authorization"
|
|
TokenEndpoint="https://www.linkedin.com/oauth/v2/accessToken"
|
|
UserinfoEndpoint="https://api.linkedin.com/v2/me">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: LinkedIn requires sending at least one scope element. If no scope is set, an error is
|
|
returned to the caller. To prevent that, the "r_liteprofile" scope (that is required by the
|
|
userinfo endpoint) is always added even if another scope was explicitly registered by the user.
|
|
-->
|
|
|
|
<Scope Name="r_liteprofile" Default="true" Required="true" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="Fields" ParameterName="fields" Collection="true" Type="String"
|
|
Description="The fields that should be retrieved from the userinfo endpoint (by default, all known basic fields are requested)">
|
|
<Item Value="firstName" Default="true" Required="false" />
|
|
<Item Value="id" Default="true" Required="false" />
|
|
<Item Value="lastName" Default="true" Required="false" />
|
|
<Item Value="localizedFirstName" Default="true" Required="false" />
|
|
<Item Value="localizedLastName" Default="true" Required="false" />
|
|
<Item Value="profilePicture(displayImage~:playableStreams)" Default="true" Required="false" />
|
|
</Setting>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▀▄ █ ▄▄▀█▄ ▄██ █████ ▄▄▀██ ██ █▄ ▄██ ▄▀▄ ██ ▄▄ ██
|
|
██ █ █ █ ▀▀ ██ ███ █████ █████ ▄▄ ██ ███ █ █ ██ ▀▀ ██
|
|
██ ███ █ ██ █▀ ▀██ ▀▀ ██ ▀▀▄██ ██ █▀ ▀██ ███ ██ █████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Mailchimp" Documentation="https://mailchimp.com/developer/marketing/guides/access-user-data-oauth-2/#oauth-2-workflow-overview">
|
|
<Environment Issuer="https://login.mailchimp.com/">
|
|
<Configuration AuthorizationEndpoint="https://login.mailchimp.com/oauth2/authorize"
|
|
TokenEndpoint="https://login.mailchimp.com/oauth2/token"
|
|
UserinfoEndpoint="https://login.mailchimp.com/oauth2/metadata" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▀▄ █▄ ▄██ ▄▄▀██ ▄▄▀██ ▄▄▄ ██ ▄▄▄ ██ ▄▄▄ ██ ▄▄▄█▄▄ ▄▄███ ▄▄▀██ ▄▄▀██ ▄▄▀██ ▄▄▄ ██ ██ ██ ▀██ █▄▄ ▄▄██
|
|
██ █ █ ██ ███ █████ ▀▀▄██ ███ ██▄▄▄▀▀██ ███ ██ ▄▄████ █████ ▀▀ ██ █████ █████ ███ ██ ██ ██ █ █ ███ ████
|
|
██ ███ █▀ ▀██ ▀▀▄██ ██ ██ ▀▀▀ ██ ▀▀▀ ██ ▀▀▀ ██ ██████ █████ ██ ██ ▀▀▄██ ▀▀▄██ ▀▀▀ ██▄▀▀▄██ ██▄ ███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Microsoft" DisplayName="Microsoft Account/Azure Active Directory"
|
|
Documentation="https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc">
|
|
<!--
|
|
Note: Microsoft is a multitenant provider that relies on virtual paths to identify instances.
|
|
As such, the issuer includes a tenant placeholder that will be dynamically replaced
|
|
by OpenIddict at runtime by the tenant configured in the Microsoft Account settings.
|
|
If no tenant is explicitly configured, the "common" tenant will be automatically used.
|
|
-->
|
|
|
|
<Environment Issuer="https://login.microsoftonline.com/{settings.Tenant}/v2.0" />
|
|
|
|
<Setting PropertyName="Tenant" ParameterName="tenant" Type="String" Required="false" DefaultValue="common"
|
|
Description="The tenant used to identify the Azure AD instance (by default, the common tenant is used)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▀▄ █▄ ▄█▄▀█▀▄██ ▄▄▀██ █████ ▄▄▄ ██ ██ ██ ▄▄▀██
|
|
██ █ █ ██ ████ ████ █████ █████ ███ ██ ██ ██ ██ ██
|
|
██ ███ █▀ ▀█▀▄█▄▀██ ▀▀▄██ ▀▀ ██ ▀▀▀ ██▄▀▀▄██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Mixcloud" Documentation="https://www.mixcloud.com/developers/#authorization">
|
|
<Environment Issuer="https://www.mixcloud.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.mixcloud.com/oauth/authorize"
|
|
TokenEndpoint="https://www.mixcloud.com/oauth/access_token"
|
|
UserinfoEndpoint="https://api.mixcloud.com/me" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ █ ▄▄▀█▄▄ ▄▄██ ▄▄▀██ ▄▄▄██ ▄▄▄ ██ ▀██ ██
|
|
██ ▀▀ █ ▀▀ ███ ████ ▀▀▄██ ▄▄▄██ ███ ██ █ █ ██
|
|
██ ████ ██ ███ ████ ██ ██ ▀▀▀██ ▀▀▀ ██ ██▄ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Patreon" Documentation="https://docs.patreon.com/#oauth">
|
|
<Environment Issuer="https://www.patreon.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.patreon.com/oauth2/authorize"
|
|
TokenEndpoint="https://www.patreon.com/api/oauth2/token"
|
|
UserinfoEndpoint="https://www.patreon.com/api/oauth2/v2/identity">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
|
|
<Setting PropertyName="UserFields" ParameterName="fields" Collection="true" Type="String"
|
|
Description="The list of user fields to expand from the userinfo endpoint (by default, all known fields are requested)">
|
|
<Item Value="about" Default="true" Required="false" />
|
|
<Item Value="created" Default="true" Required="false" />
|
|
<Item Value="email" Default="true" Required="false" />
|
|
<Item Value="first_name" Default="true" Required="false" />
|
|
<Item Value="full_name" Default="true" Required="false" />
|
|
<Item Value="image_url" Default="true" Required="false" />
|
|
<Item Value="last_name" Default="true" Required="false" />
|
|
<Item Value="social_connections" Default="true" Required="false" />
|
|
<Item Value="thumb_url" Default="true" Required="false" />
|
|
<Item Value="url" Default="true" Required="false" />
|
|
<Item Value="vanity" Default="true" Required="false" />
|
|
</Setting>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ █ ▄▄▀██ ███ ██ ▄▄ █ ▄▄▀██ █████
|
|
██ ▀▀ █ ▀▀ ██▄▀▀▀▄██ ▀▀ █ ▀▀ ██ █████
|
|
██ ████ ██ ████ ████ ████ ██ ██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="PayPal" Documentation="https://developer.paypal.com/docs/log-in-with-paypal/">
|
|
<!--
|
|
Note: PayPal offers a production and a sandbox environment, but the sandbox server metadata
|
|
document doesn't reflect the configuration used by the sandbox environment (e.g the production
|
|
endpoints are always returned and the issuer is shared by both environments). To work around that,
|
|
the issuer configured globally is the same for both environments but the returned configuration
|
|
is amended by a dedicated handler to use the correct endpoints when the sandbox mode is used.
|
|
-->
|
|
|
|
<Environment Name="Production" Issuer="https://www.paypal.com/" />
|
|
<Environment Name="Sandbox" Issuer="https://www.paypal.com/" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ █▄ ▄██ ▀██ ██ ▄▄ ██ ▄▄▄ ██ ▀██ ██ ▄▄▄██
|
|
██ ▀▀ ██ ███ █ █ ██ █▀▀██ ███ ██ █ █ ██ ▄▄▄██
|
|
██ ████▀ ▀██ ██▄ ██ ▀▀▄██ ▀▀▀ ██ ██▄ ██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="PingOne" Documentation="https://docs.pingidentity.com/r/en-us/pingoneforenterprise/p14e_connect_oidc">
|
|
<!--
|
|
Note: PingOne is a multitenant identity provider that doesn't have a generic issuer URI.
|
|
As such, the complete URI must always be set in the options (and include the environment ID).
|
|
-->
|
|
|
|
<Environment Issuer="{settings.Issuer}" />
|
|
|
|
<Setting PropertyName="Issuer" ParameterName="issuer" Type="Uri" Required="true"
|
|
Description="The URI used to access the PingOne instance (e.g 'https://auth.pingone.eu/3bedc164-22f1-4f8f-9f51-227975033cbd/as')" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ ██ ▄▄▀██ ▄▄▄ ████ ▄▄▄ █ ▄▄▀██ ▀██ █▄▄ ▄▄██ ▄▄▄████ ▄▄▀██ ▄▄▄ ██ ▀██ ██ ▀██ ██ ▄▄▄██ ▄▄▀█▄▄ ▄▄██
|
|
██ ▀▀ ██ ▀▀▄██ ███ ████▄▄▄▀▀█ ▀▀ ██ █ █ ███ ████ ▄▄▄████ █████ ███ ██ █ █ ██ █ █ ██ ▄▄▄██ ██████ ████
|
|
██ █████ ██ ██ ▀▀▀ ████ ▀▀▀ █ ██ ██ ██▄ ███ ████ ▀▀▀████ ▀▀▄██ ▀▀▀ ██ ██▄ ██ ██▄ ██ ▀▀▀██ ▀▀▄███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="ProSantéConnect" DisplayName="Pro Santé Connect"
|
|
Documentation="https://industriels.esante.gouv.fr/en/products-services/health-pro-authentication-pro-sante-connect">
|
|
<!--
|
|
Note: Pro Santé Connect requires sending the "scope_all" scope (which is currently the only supported value).
|
|
-->
|
|
|
|
<Environment Name="Production" Issuer="https://auth.esw.esante.gouv.fr/auth/realms/esante-wallet"
|
|
ConfigurationEndpoint="https://auth.esw.esante.gouv.fr/auth/realms/esante-wallet/.well-known/wallet-openid-configuration">
|
|
<Scope Name="scope_all" Default="true" Required="true" />
|
|
</Environment>
|
|
|
|
<Environment Name="Sandbox" Issuer="https://auth.bas.psc.esante.gouv.fr/auth/realms/esante-wallet"
|
|
ConfigurationEndpoint="https://auth.bas.psc.esante.gouv.fr/auth/realms/esante-wallet/.well-known/wallet-openid-configuration">
|
|
<Scope Name="scope_all" Default="true" Required="true" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="AuthenticationLevel" ParameterName="level" Type="String" Required="true" DefaultValue="eidas1"
|
|
Description="The level of authentication requested, sent as part of the 'acr_values' parameter (by default, 'eidas1')" />
|
|
|
|
<Setting PropertyName="ClientCertificate" ParameterName="certificate" Type="Certificate" Required="false"
|
|
Description="The TLS client certificate that will be used with the backchannel endpoints (while not enforced yet, its use is strongly recommended)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄ ██ ██ █▄ ▄██ ▄▄▀██ █▀▄██ ▄▄▀██ ▄▄▄ ██ ▄▄▄ ██ █▀▄██ ▄▄▄ ████ ▄▄▄ ██ ▀██ ██ ████▄ ▄██ ▀██ ██ ▄▄▄██
|
|
██ ██ ██ ██ ██ ███ █████ ▄▀███ ▄▄▀██ ███ ██ ███ ██ ▄▀███▄▄▄▀▀████ ███ ██ █ █ ██ █████ ███ █ █ ██ ▄▄▄██
|
|
██▄▄ ▀██▄▀▀▄█▀ ▀██ ▀▀▄██ ██ ██ ▀▀ ██ ▀▀▀ ██ ▀▀▀ ██ ██ ██ ▀▀▀ ████ ▀▀▀ ██ ██▄ ██ ▀▀ █▀ ▀██ ██▄ ██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="QuickBooksOnline" DisplayName="QuickBooks Online"
|
|
Documentation="https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/openid-connect">
|
|
<Environment Name="Production" Issuer="https://oauth.platform.intuit.com/op/v1"
|
|
ConfigurationEndpoint="https://developer.api.intuit.com/.well-known/openid_configuration" />
|
|
|
|
<Environment Name="Sandbox" Issuer="https://oauth.platform.intuit.com/op/v1"
|
|
ConfigurationEndpoint="https://developer.api.intuit.com/.well-known/openid_sandbox_configuration" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▀██ ▄▄▄██ ▄▄▀██ ▄▄▀█▄ ▄█▄▄ ▄▄██
|
|
██ ▀▀▄██ ▄▄▄██ ██ ██ ██ ██ ████ ████
|
|
██ ██ ██ ▀▀▀██ ▀▀ ██ ▀▀ █▀ ▀███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Reddit" Documentation="https://github.com/reddit-archive/reddit/wiki/OAuth2">
|
|
<Environment Issuer="https://www.reddit.com/">
|
|
<Configuration AuthorizationEndpoint="https://www.reddit.com/api/v1/authorize"
|
|
TokenEndpoint="https://www.reddit.com/api/v1/access_token"
|
|
UserinfoEndpoint="https://oauth.reddit.com/api/v1/me">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="client_credentials" />
|
|
<GrantType Value="refresh_token" />
|
|
|
|
<TokenEndpointAuthMethod Value="client_secret_basic" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: Reddit requires sending at least one scope element. If no scope parameter
|
|
is set, a misleading "invalid client identifier" error is returned to the caller.
|
|
To prevent that, the "identity" scope (that is required by the userinfo endpoint)
|
|
is always added even if another scope was explicitly registered by the user.
|
|
-->
|
|
|
|
<Scope Name="identity" Default="true" Required="true" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="Duration" ParameterName="duration" Type="String" Required="false"
|
|
Description="The value used as the 'duration' parameter (can be set to 'permanent' to retrieve a refresh token)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ ██ ▄▄▄██ ▄▄▀██ ███ █▄ ▄██ ▄▄▀██ ▄▄▄██ ▄▄▀██ ██ █ ▄▄▀██ ▀██ ██ ▀██ ██ ▄▄▄██ █████
|
|
██▄▄▄▀▀██ ▄▄▄██ ▀▀▄███ █ ███ ███ █████ ▄▄▄██ █████ ▄▄ █ ▀▀ ██ █ █ ██ █ █ ██ ▄▄▄██ █████
|
|
██ ▀▀▀ ██ ▀▀▀██ ██ ███▄▀▄██▀ ▀██ ▀▀▄██ ▀▀▀██ ▀▀▄██ ██ █ ██ ██ ██▄ ██ ██▄ ██ ▀▀▀██ ▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="ServiceChannel" Documentation="https://developer.servicechannel.com/basics/general/authentication/">
|
|
<Environment Name="Production" Issuer="https://servicechannel.com/">
|
|
<Configuration AuthorizationEndpoint="https://login.servicechannel.com/oauth/authorize"
|
|
TokenEndpoint="https://login.servicechannel.com/oauth/token"
|
|
UserinfoEndpoint="https://api.servicechannel.com/v3/users/current/profile">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
|
|
<TokenEndpointAuthMethod Value="client_secret_basic" />
|
|
</Configuration>
|
|
</Environment>
|
|
|
|
<Environment Name="Sandbox" Issuer="https://servicechannel.com/">
|
|
<Configuration AuthorizationEndpoint="https://sb2login.servicechannel.com/oauth/authorize"
|
|
TokenEndpoint="https://sb2login.servicechannel.com/oauth/token"
|
|
UserinfoEndpoint="https://sb2api.servicechannel.com/v3/users/current/profile">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
|
|
<TokenEndpointAuthMethod Value="client_secret_basic" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ ██ ████ ▄▄▀██ ▄▄▀██ █▀▄██
|
|
██▄▄▄▀▀██ ████ ▀▀ ██ █████ ▄▀███
|
|
██ ▀▀▀ ██ ▀▀ █ ██ ██ ▀▀▄██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Slack" Documentation="https://api.slack.com/authentication/sign-in-with-slack">
|
|
<Environment Issuer="https://slack.com/" />
|
|
|
|
<Setting PropertyName="Team" ParameterName="team" Type="String" Required="false"
|
|
Description="The value used as the 'team' parameter (allowing to bypass the login screen if the user is already authenticated in the specified workspace)" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ ██ ▄▀▄ █ ▄▄▀██ ▄▄▀█▄▄ ▄▄██ ▄▄▄ ██ ██ ██ ▄▄▄██ ▄▄▄█▄▄ ▄▄██
|
|
██▄▄▄▀▀██ █ █ █ ▀▀ ██ ▀▀▄███ ████▄▄▄▀▀██ ▄▄ ██ ▄▄▄██ ▄▄▄███ ████
|
|
██ ▀▀▀ ██ ███ █ ██ ██ ██ ███ ████ ▀▀▀ ██ ██ ██ ▀▀▀██ ▀▀▀███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Smartsheet" Documentation="https://smartsheet.redoc.ly/#section/OAuth-Walkthrough">
|
|
<Environment Issuer="https://www.smartsheet.com/">
|
|
<Configuration AuthorizationEndpoint="https://app.smartsheet.com/b/authorize"
|
|
TokenEndpoint="https://api.smartsheet.com/2.0/token"
|
|
UserinfoEndpoint="https://api.smartsheet.com/2.0/users/me">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ ██ ▄▄ ██ ▄▄▄ █▄▄ ▄▄█▄ ▄██ ▄▄▄██ ███ ██
|
|
██▄▄▄▀▀██ ▀▀ ██ ███ ███ ████ ███ ▄▄███▄▀▀▀▄██
|
|
██ ▀▀▀ ██ █████ ▀▀▀ ███ ███▀ ▀██ ███████ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Spotify" Documentation="https://developer.spotify.com/documentation/general/guides/authorization/">
|
|
<Environment Issuer="https://accounts.spotify.com/">
|
|
<Configuration AuthorizationEndpoint="https://accounts.spotify.com/authorize"
|
|
TokenEndpoint="https://accounts.spotify.com/api/token"
|
|
UserinfoEndpoint="https://api.spotify.com/v1/me">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="client_credentials" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ █▄▄ ▄▄█ ▄▄▀██ ▄▄▀██ █▀▄████ ▄▄▄█▄▀█▀▄██ ▄▄▀██ ██ █ ▄▄▀██ ▀██ ██ ▄▄ ██ ▄▄▄██
|
|
██▄▄▄▀▀███ ███ ▀▀ ██ █████ ▄▀█████ ▄▄▄███ ████ █████ ▄▄ █ ▀▀ ██ █ █ ██ █▀▀██ ▄▄▄██
|
|
██ ▀▀▀ ███ ███ ██ ██ ▀▀▄██ ██ ████ ▀▀▀█▀▄█▄▀██ ▀▀▄██ ██ █ ██ ██ ██▄ ██ ▀▀▄██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="StackExchange" DisplayName="Stack Exchange"
|
|
Documentation="https://api.stackexchange.com/docs/authentication">
|
|
<Environment Issuer="https://api.stackexchange.com/">
|
|
<Configuration AuthorizationEndpoint="https://stackoverflow.com/oauth"
|
|
TokenEndpoint="https://stackoverflow.com/oauth/access_token/json"
|
|
UserinfoEndpoint="https://api.stackexchange.com/2.3/me" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="ApplicationKey" ParameterName="key" Type="String" Required="true"
|
|
Description="The application key used to communicate with the StackExchange API" />
|
|
|
|
<Setting PropertyName="Site" ParameterName="site" Type="String" Required="true" DefaultValue="stackoverflow"
|
|
Description="The site specified in userinfo requests (by default, 'stackoverflow')" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ █▄▄ ▄▄██ ▄▄▀█ ▄▄▀██ ███ █ ▄▄▀██
|
|
██▄▄▄▀▀███ ████ ▀▀▄█ ▀▀ ███ █ ██ ▀▀ ██
|
|
██ ▀▀▀ ███ ████ ██ █ ██ ███▄▀▄██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Strava" Documentation="https://developers.strava.com/docs/authentication/">
|
|
<Environment Issuer="http://www.strava.com/">
|
|
<!--
|
|
Note: Strava doesn't provide a userinfo endpoint and returns
|
|
the user information via custom token response parameters.
|
|
-->
|
|
|
|
<Configuration AuthorizationEndpoint="http://www.strava.com/oauth/authorize"
|
|
TokenEndpoint="https://www.strava.com/api/v3/oauth/token">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ █▄▄ ▄▄██ ▄▄▀█▄ ▄██ ▄▄ ██ ▄▄▄████ ▄▄▀██ ▄▄▄ ██ ▀██ ██ ▀██ ██ ▄▄▄██ ▄▄▀█▄▄ ▄▄██
|
|
██▄▄▄▀▀███ ████ ▀▀▄██ ███ ▀▀ ██ ▄▄▄████ █████ ███ ██ █ █ ██ █ █ ██ ▄▄▄██ ██████ ████
|
|
██ ▀▀▀ ███ ████ ██ █▀ ▀██ █████ ▀▀▀████ ▀▀▄██ ▀▀▀ ██ ██▄ ██ ██▄ ██ ▀▀▀██ ▀▀▄███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="StripeConnect" DisplayName="Stripe Connect" Documentation="https://stripe.com/docs/connect/oauth-reference">
|
|
<Environment Issuer="https://connect.stripe.com/">
|
|
<!--
|
|
Note: Stripe uses a different authorization endpoint for Express accounts. It also doesn't provide
|
|
a userinfo endpoint and returns the user information via custom token response parameters.
|
|
-->
|
|
|
|
<Configuration AuthorizationEndpoint="{settings.AccountType switch {
|
|
string type when string.Equals(type, 'express', StringComparison.OrdinalIgnoreCase)
|
|
=> 'https://connect.stripe.com/express/oauth/authorize',
|
|
|
|
_ => 'https://connect.stripe.com/oauth/authorize' }}"
|
|
TokenEndpoint="https://connect.stripe.com/oauth/token" />
|
|
|
|
<!--
|
|
Note: while Stripe supports both "read_write" and "read_only" as valid scopes
|
|
(and automatically defaults to "read_only" when no scope is explicitly set),
|
|
it seems that new applications are only allowed to use "read_write". As such,
|
|
"read_write" is automatically added if no scope is explicitly configured.
|
|
-->
|
|
|
|
<Scope Name="read_write" Default="true" Required="false" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="AccountType" ParameterName="type" Type="String" Required="true" DefaultValue="standard"
|
|
Description="The type of the Stripe account (by default, 'standard', but can also be set to 'express')" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ █▄▄ ▄▄██ ▄▄▀██ ▄▄▄█ ▄▄▀██ ▄▀▄ ██ ████ ▄▄▀██ ▄▄▀██ ▄▄▄ ██
|
|
██▄▄▄▀▀███ ████ ▀▀▄██ ▄▄▄█ ▀▀ ██ █ █ ██ ████ ▀▀ ██ ▄▄▀██▄▄▄▀▀██
|
|
██ ▀▀▀ ███ ████ ██ ██ ▀▀▀█ ██ ██ ███ ██ ▀▀ █ ██ ██ ▀▀ ██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Streamlabs" Documentation="https://dev.streamlabs.com/docs/oauth-2">
|
|
<Environment Issuer="https://streamlabs.com/">
|
|
<Configuration AuthorizationEndpoint="https://streamlabs.com/api/v2.0/authorize"
|
|
TokenEndpoint="https://streamlabs.com/api/v2.0/token"
|
|
UserinfoEndpoint="https://streamlabs.com/api/v2.0/user">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ▄▄▄ ██ ██ ██ ▄▄ ██ ▄▄▄██ ▄▄▀██ ▄▄▄ ██ ▄▄▄██ ▄▄▄█▄ ▄██ ▄▄▀██ ▄▄▄██
|
|
██▄▄▄▀▀██ ██ ██ ▀▀ ██ ▄▄▄██ ▀▀▄██ ███ ██ ▄▄███ ▄▄███ ███ █████ ▄▄▄██
|
|
██ ▀▀▀ ██▄▀▀▄██ █████ ▀▀▀██ ██ ██ ▀▀▀ ██ █████ ████▀ ▀██ ▀▀▄██ ▀▀▀██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="SuperOffice" Documentation="https://docs.superoffice.com/en/authentication/online/api.html">
|
|
<Environment Name="Production" Issuer="https://online.superoffice.com/" />
|
|
<Environment Name="Development" Issuer="https://sod.superoffice.com/" />
|
|
<Environment Name="Staging" Issuer="https://qaonline.superoffice.com/" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█▄▄ ▄▄██ ▄▄▀█ ▄▄▀██ █▀▄█▄▄ ▄▄██
|
|
███ ████ ▀▀▄█ ▀▀ ██ ▄▀████ ████
|
|
███ ████ ██ █ ██ ██ ██ ███ ████
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Trakt" Documentation="https://trakt.docs.apiary.io/#reference/authentication-oauth">
|
|
<Environment Issuer="https://trakt.tv/">
|
|
<Configuration AuthorizationEndpoint="https://trakt.tv/oauth/authorize"
|
|
TokenEndpoint="https://api.trakt.tv/oauth/token"
|
|
UserinfoEndpoint="https://api.trakt.tv/users/me">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█▄▄ ▄▄██ ▄▄▀██ ▄▄▄ ██ ███ ██ ▄▄▄ ██
|
|
███ ████ ▀▀▄██ ███ ███ █ ███ ███ ██
|
|
███ ████ ██ ██ ▀▀▀ ███▄▀▄███ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Trovo" Documentation="https://developer.trovo.live/docs/APIs.html#_3-authentication">
|
|
<Environment Issuer="https://trovo.live/">
|
|
<!--
|
|
Note: Trovo uses a different token endpoint for the refresh token grant. To accommodate this requirement,
|
|
the /exchangetoken endpoint is used as the default value and a dedicated event handler is responsible for
|
|
dynamically replacing the token endpoint address to /refreshtoken when using the refresh token grant.
|
|
-->
|
|
|
|
<Configuration AuthorizationEndpoint="https://open.trovo.live/page/login.html"
|
|
TokenEndpoint="https://open-api.trovo.live/openplatform/exchangetoken"
|
|
UserinfoEndpoint="https://open-api.trovo.live/openplatform/getuserinfo">
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: Trovo requires sending the "profile" scope to be able to use the userinfo endpoint.
|
|
-->
|
|
|
|
<Scope Name="user_details_self" Default="true" Required="true" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█▄▄ ▄▄██ ███ █▄ ▄█▄▄ ▄▄█▄▄ ▄▄██ ▄▄▄██ ▄▄▀██
|
|
███ ████ █ █ ██ ████ █████ ████ ▄▄▄██ ▀▀▄██
|
|
███ ████▄▀▄▀▄█▀ ▀███ █████ ████ ▀▀▀██ ██ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Twitter" Documentation="https://developer.twitter.com/en/docs/authentication/oauth-2-0/authorization-code">
|
|
<Environment Issuer="https://twitter.com/">
|
|
<Configuration AuthorizationEndpoint="https://twitter.com/i/oauth2/authorize"
|
|
TokenEndpoint="https://api.twitter.com/2/oauth2/token"
|
|
UserinfoEndpoint="https://api.twitter.com/2/users/me">
|
|
<CodeChallengeMethod Value="plain" />
|
|
<CodeChallengeMethod Value="S256" />
|
|
|
|
<GrantType Value="authorization_code" />
|
|
<GrantType Value="refresh_token" />
|
|
|
|
<TokenEndpointAuthMethod Value="client_secret_basic" />
|
|
</Configuration>
|
|
|
|
<!--
|
|
Note: Twitter requires requesting the "tweet.read" and "users.read" scopes for the
|
|
userinfo endpoint to work correctly. As such, these 2 scopes are marked as required
|
|
so they are always sent even if they were not explicitly added by the user.
|
|
-->
|
|
|
|
<Scope Name="tweet.read" Default="true" Required="true" />
|
|
<Scope Name="users.read" Default="true" Required="true" />
|
|
</Environment>
|
|
|
|
<Setting PropertyName="Expansions" ParameterName="expansions" Collection="true" Type="String"
|
|
Description="The list of data objects to expand from the userinfo endpoint (by default, all known expansions are requested)">
|
|
<Item Value="pinned_tweet_id" Default="true" Required="false" />
|
|
</Setting>
|
|
|
|
<Setting PropertyName="TweetFields" ParameterName="fields" Collection="true" Type="String"
|
|
Description="The tweet fields that should be retrieved from the userinfo endpoint (by default, all known tweet fields are requested)">
|
|
<Item Value="attachments" Default="true" Required="false" />
|
|
<Item Value="author_id" Default="true" Required="false" />
|
|
<Item Value="context_annotations" Default="true" Required="false" />
|
|
<Item Value="conversation_id" Default="true" Required="false" />
|
|
<Item Value="created_at" Default="true" Required="false" />
|
|
<Item Value="entities" Default="true" Required="false" />
|
|
<Item Value="geo" Default="true" Required="false" />
|
|
<Item Value="id" Default="true" Required="false" />
|
|
<Item Value="in_reply_to_user_id" Default="true" Required="false" />
|
|
<Item Value="lang" Default="true" Required="false" />
|
|
<Item Value="non_public_metrics" Default="true" Required="false" />
|
|
<Item Value="public_metrics" Default="true" Required="false" />
|
|
<Item Value="organic_metrics" Default="true" Required="false" />
|
|
<Item Value="promoted_metrics" Default="true" Required="false" />
|
|
<Item Value="possibly_sensitive" Default="true" Required="false" />
|
|
<Item Value="referenced_tweets" Default="true" Required="false" />
|
|
<Item Value="reply_settings" Default="true" Required="false" />
|
|
<Item Value="source" Default="true" Required="false" />
|
|
<Item Value="text" Default="true" Required="false" />
|
|
<Item Value="withheld" Default="true" Required="false" />
|
|
</Setting>
|
|
|
|
<Setting PropertyName="UserFields" ParameterName="fields" Collection="true" Type="String"
|
|
Description="The user fields that should be retrieved from the userinfo endpoint (by default, all known user fields are requested)">
|
|
<Item Value="created_at" Default="true" Required="false" />
|
|
<Item Value="description" Default="true" Required="false" />
|
|
<Item Value="entities" Default="true" Required="false" />
|
|
<Item Value="id" Default="true" Required="false" />
|
|
<Item Value="location" Default="true" Required="false" />
|
|
<Item Value="name" Default="true" Required="false" />
|
|
<Item Value="pinned_tweet_id" Default="true" Required="false" />
|
|
<Item Value="protected" Default="true" Required="false" />
|
|
<Item Value="public_metrics" Default="true" Required="false" />
|
|
<Item Value="url" Default="true" Required="false" />
|
|
<Item Value="username" Default="true" Required="false" />
|
|
<Item Value="verified" Default="true" Required="false" />
|
|
<Item Value="withheld" Default="true" Required="false" />
|
|
</Setting>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ███ █▄ ▄██ ▄▀▄ ██ ▄▄▄██ ▄▄▄ ██
|
|
███ █ ███ ███ █ █ ██ ▄▄▄██ ███ ██
|
|
███▄▀▄██▀ ▀██ ███ ██ ▀▀▀██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Vimeo" Documentation="https://developer.vimeo.com/api/authentication">
|
|
<Environment Issuer="https://api.vimeo.com/">
|
|
<Configuration AuthorizationEndpoint="https://api.vimeo.com/oauth/authorize"
|
|
TokenEndpoint="https://api.vimeo.com/oauth/access_token"
|
|
UserinfoEndpoint="https://api.vimeo.com/me" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ███ ██ ▄▄▄ ██ ▄▄▀██ ▄▄▀██ ▄▄ ██ ▄▄▀██ ▄▄▄██ ▄▄▄ ██ ▄▄▄ ██
|
|
██ █ █ ██ ███ ██ ▀▀▄██ ██ ██ ▀▀ ██ ▀▀▄██ ▄▄▄██▄▄▄▀▀██▄▄▄▀▀██
|
|
██▄▀▄▀▄██ ▀▀▀ ██ ██ ██ ▀▀ ██ █████ ██ ██ ▀▀▀██ ▀▀▀ ██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="WordPress" Documentation="https://developer.wordpress.com/docs/oauth2/">
|
|
<Environment Issuer="https://wordpress.com/">
|
|
<Configuration AuthorizationEndpoint="https://public-api.wordpress.com/oauth2/authorize"
|
|
TokenEndpoint="https://public-api.wordpress.com/oauth2/token"
|
|
UserinfoEndpoint="https://public-api.wordpress.com/rest/v1/me" />
|
|
<!--
|
|
Note: by default, if no specific scope is requested, an unlimited access is granted by
|
|
WordPress. To avoid that, the special "auth" scope (that shouldn't be used with any
|
|
of the other scopes) can be used to only grant access to the userinfo endpoint.
|
|
-->
|
|
|
|
<Scope Name="auth" Default="true" Required="false" />
|
|
</Environment>
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
█▄▀█▀▄██ ▄▄▄██ ▄▄▀██ ▄▄▄ ██
|
|
███ ████ ▄▄▄██ ▀▀▄██ ███ ██
|
|
█▀▄█▄▀██ ▀▀▀██ ██ ██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Xero" Documentation="https://developer.xero.com/documentation/xero-app-store/app-partner-guides/sign-in/">
|
|
<Environment Issuer="https://identity.xero.com/" />
|
|
</Provider>
|
|
|
|
<!--
|
|
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
|
|
██ ███ █ ▄▄▀██ ██ ██ ▄▄▄ ██ ▄▄▄ ██
|
|
██▄▀▀▀▄█ ▀▀ ██ ▄▄ ██ ███ ██ ███ ██
|
|
████ ███ ██ ██ ██ ██ ▀▀▀ ██ ▀▀▀ ██
|
|
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
|
|
-->
|
|
|
|
<Provider Name="Yahoo" Documentation="https://developer.yahoo.com/oauth2/guide/openid_connect/">
|
|
<Environment Issuer="https://api.login.yahoo.com/" />
|
|
</Provider>
|
|
|
|
</Providers>
|