Google (Section)#
Path: /profiles/profile{id, type}/settings/authentication-service/authenticators/authenticator{id}/google
Google OpenID Connect methods
Parameters#
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| configuration-url | uri | optional | https://accounts.google.com/.well-known/openid-configuration | The url to the openid-configuration document at Google |
| client-id | string | required | The client-id, registered at Google | |
| client-secret | non-empty-string | optional | The client-secret, registered at Google | |
| scope | string | optional | openid profile email | Scope to ask Google for, space separated, note that if using google apps with custom domains the openid, profile and email scopes need to be present. |
| clock-skew | uint32 | optional | 60 | The allowed clock-skew in seconds when validating the JWT from the OpenID Server |
| authentication-context-class-reference | non-empty-string | optional | The Authentication Context Class Reference (ACR) or authentication method that the OpenID Server should require | |
| http-client | leafref | optional | A reference to the Http Client to use. If not defined, the default HTTP client is used | |
| map-to-subject | string | optional | The claim to use as subject | |
| hosted-domain | string | optional | This can be set to a google apps domain, such as your-company.com it will then only accept authentications done with an account in that domain | |
| prompt-select-account | enumeration | optional | Force google to show the select account screen. |