OIDCConfiguration class

Available extensions

GeneratedMessageGenericExtensions

Constructors

OIDCConfiguration({Iterable<String>? redirectUris, Iterable<OIDCResponseType>? responseTypes, Iterable<OIDCGrantType>? grantTypes, OIDCApplicationType? applicationType, String? clientId, OIDCAuthMethodType? authMethodType, Iterable<String>? postLogoutRedirectUris, OIDCVersion? version, bool? nonCompliant, Iterable<OIDCLocalizedMessage>? complianceProblems, bool? developmentMode, OIDCTokenType? accessTokenType, bool? accessTokenRoleAssertion, bool? idTokenRoleAssertion, bool? idTokenUserinfoAssertion, Duration? clockSkew, Iterable<String>? additionalOrigins, Iterable<String>? allowedOrigins, bool? skipNativeAppSuccessPage, String? backChannelLogoutUri, LoginVersion? loginVersion}): factory
OIDCConfiguration.fromBuffer(List<int> data, [ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]): factory
OIDCConfiguration.fromJson(String json, [ExtensionRegistry registry = $pb.ExtensionRegistry.EMPTY]): factory

Properties

accessTokenRoleAssertion ↔ bool: If AccessTokenRoleAssertion is enabled, the roles of the user are added to the access token. Ensure that the access token is a JWT token and not a bearer token. And either request the roles by scope or enable the user role assertion on the project.
getter/setter pair
accessTokenType ↔ OIDCTokenType: The AccessTokenType defines the type of the access token returned from ZITADEL. Bearer tokens are opaque to clients. JWT tokens are self-contained and can be validated by the client. Bearer tokens must be introspected at the ZITADEL token endpoint.
getter/setter pair
additionalOrigins → PbList<String>: AdditionalOrigins are HTTP origins (scheme + host + port) from where the API can be used additional to the redirect_uris. This is useful if the application is used from an origin different to the redirect_uris, e.g. if the application is a SPA served in a native app, where the redirect_uri is a custom scheme, but the application is served from a https origin.
no setter
allowedOrigins → PbList<String>: AllowedOrigins are all HTTP origins where the application is allowed to be used from. This is used to prevent CORS issues in browsers. If the origin of the request is not in this list, the request will be rejected. This is especially important for SPAs. Note that this is a generated list from the redirect_uris and additional_origins. If you use the application from another origin, you have to add it to the additional_origins.
no setter
applicationType ↔ OIDCApplicationType: ApplicationType defines the OAuth2/OIDC client type and their ability to maintain confidentiality of their credentials. This influences the allowed grant types and the required authentication method.
getter/setter pair
authMethodType ↔ OIDCAuthMethodType: The authentication method type used by the application to authenticate at the token endpoint.
getter/setter pair
backChannelLogoutUri ↔ String: BackChannelLogoutURI is used to notify the application about terminated sessions according to the OIDC Back-Channel Logout (https://openid.net/specs/openid-connect-backchannel-1_0.html).
getter/setter pair
clientId ↔ String: The unique OAuth2/OIDC client_id used for authentication of the application, e.g. at the token endpoint.
getter/setter pair
clockSkew ↔ Duration: ClockSkew is used to compensate time differences between the servers of ZITADEL and the application. It is added to the "exp" claim and subtracted from "iat", "auth_time" and "nbf" claims. The default is 0s, the maximum is 5s.
getter/setter pair
complianceProblems → PbList<OIDCLocalizedMessage>: ComplianceProblems lists the problems for non-compliant configurations. In case of a compliant configuration, this list is empty.
no setter
developmentMode ↔ bool: DevelopmentMode can be enabled for development purposes. This allows the use of OIDC non-compliant and potentially insecure settings, such as the use of HTTP redirect URIs or wildcard redirect URIs.
getter/setter pair
grantTypes → PbList<OIDCGrantType>: GrantTypes define the flow type the application is allowed to use. The grant_type parameter in the token request must exactly match one of these values.
no setter
hashCode → int: Calculates a hash code based on the contents of the protobuf.
no setterinherited
idTokenRoleAssertion ↔ bool: If IDTokenRoleAssertion is enabled, the roles of the user are added to the id token. Ensure that either the roles are requested by scope or enable the user role assertion on the project.
getter/setter pair
idTokenUserinfoAssertion ↔ bool: If IDTokenUserinfoAssertion is enabled, the claims of profile, email, address and phone scopes are added to the id token even if an access token is issued. This can be required by some applications that do not call the userinfo endpoint after authentication or directly use the id_token for retrieving user information. Attention: this violates the OIDC specification, which states that these claims must only be requested from the userinfo endpoint if an access token is issued. This is to prevent leaking of personal information in the id token, which is often stored in the browser and therefore more vulnerable.
getter/setter pair
info_ → BuilderInfo: no setter
isFrozen → bool: Returns true if this message is marked read-only. Otherwise false.
no setterinherited
loginVersion ↔ LoginVersion: LoginVersion specifies the login UI, where the user is redirected to for authentication. It can be used to select a specific login UI, e.g. for embedded UIs or for custom login pages hosted on any other domain. If unset, the login UI is chosen by the instance default.
getter/setter pair
nonCompliant ↔ bool: NonCompliant specifies whether the config is OIDC compliant. A production configuration SHOULD be compliant. Non-compliant configurations can run into interoperability issues with OIDC libraries and tools. Compliance problems are listed in the compliance_problems field.
getter/setter pair
postLogoutRedirectUris → PbList<String>: PostLogoutRedirectURIs are the allowed URIs to redirect to after a logout. The post_logout_redirect_uri parameter in the logout request must exactly match one of these URIs.
no setter
redirectUris → PbList<String>: RedirectURIs are the allowed callback URIs for the OAuth2 / OIDC flows, where the authorization code or tokens will be sent to. The redirect_uri parameter in the authorization request must exactly match one of these URIs.
no setter
responseTypes → PbList<OIDCResponseType>: ResponseTypes define whether a code, id_token token or just id_token will be returned. The response_type parameter in the authorization request must exactly match one of these values.
no setter
runtimeType → Type: A representation of the runtime type of the object.
no setterinherited
skipNativeAppSuccessPage ↔ bool: For native apps a successful login usually shows a success page with a link to open the application again. SkipNativeAppSuccessPage can be used to skip this page and open the application directly.
getter/setter pair
unknownFields → UnknownFieldSet: no setterinherited
version ↔ OIDCVersion: Version defines the OIDC version used by the application. Currently, only version 1.0 is supported. Future versions might introduce breaking changes.
getter/setter pair

Methods

addExtension(Extension extension, Object? value) → void: Adds an extension field value to a repeated field.
inherited
check() → void: Throws a StateError if the message has required fields without a value.
inherited
clear() → void: Clears all data that was set in this message.
inherited
clearAccessTokenRoleAssertion() → void
clearAccessTokenType() → void
clearApplicationType() → void
clearAuthMethodType() → void
clearBackChannelLogoutUri() → void
clearClientId() → void
clearClockSkew() → void
clearDevelopmentMode() → void
clearExtension(Extension extension) → void: Clears an extension field and also removes the extension.
inherited
clearField(int tagNumber) → void: Clears the contents of a given field.
inherited
clearIdTokenRoleAssertion() → void
clearIdTokenUserinfoAssertion() → void
clearLoginVersion() → void
clearNonCompliant() → void
clearSkipNativeAppSuccessPage() → void
clearVersion() → void
clone() → OIDCConfiguration: Creates a deep copy of the fields in this message.
copyWith(void updates(OIDCConfiguration)) → OIDCConfiguration: Apply updates to a copy of this message.
createEmptyInstance() → OIDCConfiguration: Creates an empty instance of the same message type as this.
deepCopy() → T: Available on T, provided by the GeneratedMessageGenericExtensions extension
Returns a writable deep copy of this message.
ensureClockSkew() → Duration
ensureLoginVersion() → LoginVersion
extensionsAreInitialized() → bool: inherited
freeze() → GeneratedMessage: Make this message read-only.
inherited
getDefaultForField(int tagNumber) → dynamic: Returns the default value for the given field.
inherited
getExtension(Extension extension) → dynamic: Returns the value of extension.
inherited
getField(int tagNumber) → dynamic: Returns the value of the field associated with tagNumber, or the default value if it is not set.
inherited
getFieldOrNull(int tagNumber) → dynamic: Returns the value of a field, ignoring any defaults.
inherited
getTagNumber(String fieldName) → int?: inherited
hasAccessTokenRoleAssertion() → bool
hasAccessTokenType() → bool
hasApplicationType() → bool
hasAuthMethodType() → bool
hasBackChannelLogoutUri() → bool
hasClientId() → bool
hasClockSkew() → bool
hasDevelopmentMode() → bool
hasExtension(Extension extension) → bool: Returns true if a value of extension is present.
inherited
hasField(int tagNumber) → bool: Whether this message has a field associated with tagNumber.
inherited
hasIdTokenRoleAssertion() → bool
hasIdTokenUserinfoAssertion() → bool
hasLoginVersion() → bool
hasNonCompliant() → bool
hasRequiredFields() → bool: Whether the message has required fields.
inherited
hasSkipNativeAppSuccessPage() → bool
hasVersion() → bool
isInitialized() → bool: Whether all required fields in the message and embedded messages are set.
inherited
mergeFromBuffer(List<int> input, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges serialized protocol buffer data into this message.
inherited
mergeFromCodedBufferReader(CodedBufferReader input, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Same as mergeFromBuffer, but takes a CodedBufferReader input.
inherited
mergeFromJson(String data, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges field values from data, a JSON object, encoded as described by GeneratedMessage.writeToJson.
inherited
mergeFromJsonMap(Map<String, dynamic> json, [ExtensionRegistry extensionRegistry = ExtensionRegistry.EMPTY]) → void: Merges field values from a JSON object represented as a Dart map.
inherited
mergeFromMessage(GeneratedMessage other) → void: Merges the contents of the other into this message.
inherited
mergeFromProto3Json(Object? json, {TypeRegistry typeRegistry = const TypeRegistry.empty(), bool ignoreUnknownFields = false, bool supportNamesWithUnderscores = true, bool permissiveEnums = false}) → void: Merges field values from json, a JSON object using proto3 encoding.
inherited
mergeUnknownFields(UnknownFieldSet unknownFieldSet) → void: inherited
noSuchMethod(Invocation invocation) → dynamic: Invoked when a nonexistent method or property is accessed.
inherited
rebuild(void updates(T)) → T: Available on T, provided by the GeneratedMessageGenericExtensions extension
Apply updates to a copy of this message.
setExtension(Extension extension, Object value) → void: Sets the value of a non-repeated extension field to value.
inherited
setField(int tagNumber, Object value) → void: Sets the value of a field by its tagNumber.
inherited
toBuilder() → GeneratedMessage: Creates a writable, shallow copy of this message.
inherited
toDebugString() → String: Returns a String representation of this message.
inherited
toProto3Json({TypeRegistry typeRegistry = const TypeRegistry.empty()}) → Object?: Returns an Object representing Proto3 JSON serialization of this.
inherited
toString() → String: Returns a String representation of this message.
inherited
writeToBuffer() → Uint8List: Serialize the message as the protobuf binary format.
inherited
writeToCodedBufferWriter(CodedBufferWriter output) → void: Same as writeToBuffer, but serializes to the given CodedBufferWriter.
inherited
writeToJson() → String: Returns a JSON string that encodes this message.
inherited
writeToJsonMap() → Map<String, dynamic>: Returns the JSON encoding of this message as a Dart Map.
inherited

Operators

operator ==(Object other) → bool: The equality operator.
inherited

Static Methods

create() → OIDCConfiguration
getDefault() → OIDCConfiguration

OIDCConfiguration class

Constructors

Properties

Methods

Operators

Static Methods

oidc library