OAuth2.0 Client is used to issuing an authorization code used by the Onboarding Tool during the device provisioning which is then exchanged for an access token during the SignUp operation.
Property
Type
Description
Default
apis.coap.authorization.ownerClaim
string
Claim used to identify owner of the device. Combination of ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials.
"sub"
apis.coap.authorization.deviceIDClaim
string
Claim used to identify device id of the device. Empty means that JWT doesn't contain it.
""
apis.coap.authorization.providers[].name
string
Provider name, the register request of the device must contain one of the names of providers.
""
apis.coap.authorization.providers[].clientID
string
Client ID to exchange an authorization code for an access token.
File path to client secret required to exchange an authorization code for an access token.
""
apis.coap.authorization.providers[].grantType
string
A grant type of OAuth provider specifies how the device signing up process is authorized. Combination of apis.coap.authorization.ownerClaim set to sub is not compatible if at least one authorization provider uses grant type clientCredentials. Supported values: authorizationCode, clientCredentials
"authorizationCode"
apis.coap.authorization.providers[].scopes
string array
List of required scopes.
""
apis.coap.authorization.providers[].authority
string
Authority is the address of the token-issuing authentication server. Services will use this URI to find and retrieve the public key that can be used to validate the token’s signature.
It optionally limits the total number of connections per host, including connections in the dialing, active, and idle states. On limit violation, dials will block. Zero means no limit.
You might have one client, but multiple APIs in the OAuth system. What you want to prevent is to be able to contact all the APIs of your system with one token. This audience allows you to request the token for a specific API. If you configure it to myplgdc2c.api in the Auth0, you have to set it here if you want to also validate it.
Client configurations to internally connect to Identity Store service.
Property
Type
Description
Default
clients.identityStore.grpc.address
string
Identity Store service address.
"127.0.0.1:9100"
clients.identityStore.grpc.tls.caPool
[]string
File paths to the root certificates in PEM format. The file may contain multiple certificates.
[]
clients.identityStore.grpc.tls.keyFile
string
File path to private key in PEM format.
""
clients.identityStore.grpc.tls.certFile
string
File path to certificate in PEM format.
""
clients.identityStore.grpc.tls.useSystemCAPool
bool
If true, use system certification pool.
false
clients.identityStore.grpc.keepAlive.time
string
After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.
10s
clients.identityStore.grpc.keepAlive.timeout
string
After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.
If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.
After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.
10s
clients.resourceAggregate.grpc.keepAlive.timeout
string
After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.
If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.
After a duration of this time if the client doesn't see any activity it pings the server to see if the transport is still alive.
10s
clients.resourceDirectory.grpc.keepAlive.timeout
string
After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.
If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.
After having pinged for keepalive check, the client waits for a duration of Timeout and if no activity is seen even after that the connection is closed.
If true, client sends keepalive pings even with no active RPCs. If false, when there are no active RPCs, Time and Timeout will be ignored and no keepalive pings will be sent.
true
clients.openTelemetryCollector.grpc.tls.caPool
string
File path to the root certificate in PEM format which might contain multiple certificates in a single file.
Sets the initial validity duration of the coap-gateway instance in the database, with a minimum value of 1 second. This validity is periodically extended until the coap-gateway ends.
1m
Note
Note that the string type related to time (i.e. timeout, idleConnTimeout, expirationTime) is decimal numbers, each with optional fraction and a unit suffix, such as “300ms”, “1.5h” or “2h45m”. Valid time units are “ns”, “us”, “ms”, “s”, “m”, “h”.