# encoding: utf-8
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is
# regenerated.
module Azure::Web::Mgmt::V2020_09_01
module Models
#
# Configuration settings for the Azure App Service Authentication /
# Authorization feature.
#
class SiteAuthSettings < ProxyOnlyResource
include MsRestAzure
# @return [Boolean] true if the Authentication /
# Authorization feature is enabled for the current app; otherwise,
# false.
attr_accessor :enabled
# @return [String] The RuntimeVersion of the Authentication /
# Authorization feature in use for the current app.
# The setting in this value can control the behavior of certain features
# in the Authentication / Authorization module.
attr_accessor :runtime_version
# @return [UnauthenticatedClientAction] The action to take when an
# unauthenticated client attempts to access the app. Possible values
# include: 'RedirectToLoginPage', 'AllowAnonymous'
attr_accessor :unauthenticated_client_action
# @return [Boolean] true to durably store platform-specific
# security tokens that are obtained during login flows; otherwise,
# false.
# The default is false.
attr_accessor :token_store_enabled
# @return [Array] External URLs that can be redirected to as part
# of logging in or logging out of the app. Note that the query string
# part of the URL is ignored.
# This is an advanced setting typically only needed by Windows Store
# application backends.
# Note that URLs within the current domain are always implicitly allowed.
attr_accessor :allowed_external_redirect_urls
# @return [BuiltInAuthenticationProvider] The default authentication
# provider to use when multiple providers are configured.
# This setting is only needed if multiple providers are configured and
# the unauthenticated client
# action is set to "RedirectToLoginPage". Possible values include:
# 'AzureActiveDirectory', 'Facebook', 'Google', 'MicrosoftAccount',
# 'Twitter', 'Github'
attr_accessor :default_provider
# @return [Float] The number of hours after session token expiration that
# a session token can be used to
# call the token refresh API. The default is 72 hours.
attr_accessor :token_refresh_extension_hours
# @return [String] The Client ID of this relying party application, known
# as the client_id.
# This setting is required for enabling OpenID Connection authentication
# with Azure Active Directory or
# other 3rd party OpenID Connect providers.
# More information on OpenID Connect:
# http://openid.net/specs/openid-connect-core-1_0.html
attr_accessor :client_id
# @return [String] The Client Secret of this relying party application
# (in Azure Active Directory, this is also referred to as the Key).
# This setting is optional. If no client secret is configured, the OpenID
# Connect implicit auth flow is used to authenticate end users.
# Otherwise, the OpenID Connect Authorization Code Flow is used to
# authenticate end users.
# More information on OpenID Connect:
# http://openid.net/specs/openid-connect-core-1_0.html
attr_accessor :client_secret
# @return [String] The app setting name that contains the client secret
# of the relying party application.
attr_accessor :client_secret_setting_name
# @return [String] An alternative to the client secret, that is the
# thumbprint of a certificate used for signing purposes. This property
# acts as
# a replacement for the Client Secret. It is also optional.
attr_accessor :client_secret_certificate_thumbprint
# @return [String] The OpenID Connect Issuer URI that represents the
# entity which issues access tokens for this application.
# When using Azure Active Directory, this value is the URI of the
# directory tenant, e.g. https://sts.windows.net/{tenant-guid}/.
# This URI is a case-sensitive identifier for the token issuer.
# More information on OpenID Connect Discovery:
# http://openid.net/specs/openid-connect-discovery-1_0.html
attr_accessor :issuer
# @return [Boolean] Gets a value indicating whether the issuer should be
# a valid HTTPS url and be validated as such.
attr_accessor :validate_issuer
# @return [Array] Allowed audience values to consider when
# validating JWTs issued by
# Azure Active Directory. Note that the ClientID value is
# always considered an
# allowed audience, regardless of this setting.
attr_accessor :allowed_audiences
# @return [Array] Login parameters to send to the OpenID Connect
# authorization endpoint when
# a user logs in. Each parameter must be in the form "key=value".
attr_accessor :additional_login_params
# @return [String] Gets a JSON string containing the Azure AD Acl
# settings.
attr_accessor :aad_claims_authorization
# @return [String] The OpenID Connect Client ID for the Google web
# application.
# This setting is required for enabling Google Sign-In.
# Google Sign-In documentation:
# https://developers.google.com/identity/sign-in/web/
attr_accessor :google_client_id
# @return [String] The client secret associated with the Google web
# application.
# This setting is required for enabling Google Sign-In.
# Google Sign-In documentation:
# https://developers.google.com/identity/sign-in/web/
attr_accessor :google_client_secret
# @return [String] The app setting name that contains the client secret
# associated with
# the Google web application.
attr_accessor :google_client_secret_setting_name
# @return [Array] The OAuth 2.0 scopes that will be requested as
# part of Google Sign-In authentication.
# This setting is optional. If not specified, "openid", "profile", and
# "email" are used as default scopes.
# Google Sign-In documentation:
# https://developers.google.com/identity/sign-in/web/
attr_accessor :google_oauth_scopes
# @return [String] The App ID of the Facebook app used for login.
# This setting is required for enabling Facebook Login.
# Facebook Login documentation:
# https://developers.facebook.com/docs/facebook-login
attr_accessor :facebook_app_id
# @return [String] The App Secret of the Facebook app used for Facebook
# Login.
# This setting is required for enabling Facebook Login.
# Facebook Login documentation:
# https://developers.facebook.com/docs/facebook-login
attr_accessor :facebook_app_secret
# @return [String] The app setting name that contains the app secret used
# for Facebook Login.
attr_accessor :facebook_app_secret_setting_name
# @return [Array] The OAuth 2.0 scopes that will be requested as
# part of Facebook Login authentication.
# This setting is optional.
# Facebook Login documentation:
# https://developers.facebook.com/docs/facebook-login
attr_accessor :facebook_oauth_scopes
# @return [String] The Client Id of the GitHub app used for login.
# This setting is required for enabling Github login
attr_accessor :git_hub_client_id
# @return [String] The Client Secret of the GitHub app used for Github
# Login.
# This setting is required for enabling Github login.
attr_accessor :git_hub_client_secret
# @return [String] The app setting name that contains the client secret
# of the Github
# app used for GitHub Login.
attr_accessor :git_hub_client_secret_setting_name
# @return [Array] The OAuth 2.0 scopes that will be requested as
# part of GitHub Login authentication.
# This setting is optional
attr_accessor :git_hub_oauth_scopes
# @return [String] The OAuth 1.0a consumer key of the Twitter application
# used for sign-in.
# This setting is required for enabling Twitter Sign-In.
# Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in
attr_accessor :twitter_consumer_key
# @return [String] The OAuth 1.0a consumer secret of the Twitter
# application used for sign-in.
# This setting is required for enabling Twitter Sign-In.
# Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in
attr_accessor :twitter_consumer_secret
# @return [String] The app setting name that contains the OAuth 1.0a
# consumer secret of the Twitter
# application used for sign-in.
attr_accessor :twitter_consumer_secret_setting_name
# @return [String] The OAuth 2.0 client ID that was created for the app
# used for authentication.
# This setting is required for enabling Microsoft Account authentication.
# Microsoft Account OAuth documentation:
# https://dev.onedrive.com/auth/msa_oauth.htm
attr_accessor :microsoft_account_client_id
# @return [String] The OAuth 2.0 client secret that was created for the
# app used for authentication.
# This setting is required for enabling Microsoft Account authentication.
# Microsoft Account OAuth documentation:
# https://dev.onedrive.com/auth/msa_oauth.htm
attr_accessor :microsoft_account_client_secret
# @return [String] The app setting name containing the OAuth 2.0 client
# secret that was created for the
# app used for authentication.
attr_accessor :microsoft_account_client_secret_setting_name
# @return [Array] The OAuth 2.0 scopes that will be requested as
# part of Microsoft Account authentication.
# This setting is optional. If not specified, "wl.basic" is used as the
# default scope.
# Microsoft Account Scopes and permissions documentation:
# https://msdn.microsoft.com/en-us/library/dn631845.aspx
attr_accessor :microsoft_account_oauth_scopes
# @return [String] "true" if the auth config settings should be read from
# a file,
# "false" otherwise
attr_accessor :is_auth_from_file
# @return [String] The path of the config file containing auth settings.
# If the path is relative, base will the site's root directory.
attr_accessor :auth_file_path
#
# Mapper for SiteAuthSettings class as Ruby Hash.
# This will be used for serialization/deserialization.
#
def self.mapper()
{
client_side_validation: true,
required: false,
serialized_name: 'SiteAuthSettings',
type: {
name: 'Composite',
class_name: 'SiteAuthSettings',
model_properties: {
id: {
client_side_validation: true,
required: false,
read_only: true,
serialized_name: 'id',
type: {
name: 'String'
}
},
name: {
client_side_validation: true,
required: false,
read_only: true,
serialized_name: 'name',
type: {
name: 'String'
}
},
kind: {
client_side_validation: true,
required: false,
serialized_name: 'kind',
type: {
name: 'String'
}
},
type: {
client_side_validation: true,
required: false,
read_only: true,
serialized_name: 'type',
type: {
name: 'String'
}
},
system_data: {
client_side_validation: true,
required: false,
serialized_name: 'systemData',
type: {
name: 'Composite',
class_name: 'SystemData'
}
},
enabled: {
client_side_validation: true,
required: false,
serialized_name: 'properties.enabled',
type: {
name: 'Boolean'
}
},
runtime_version: {
client_side_validation: true,
required: false,
serialized_name: 'properties.runtimeVersion',
type: {
name: 'String'
}
},
unauthenticated_client_action: {
client_side_validation: true,
required: false,
serialized_name: 'properties.unauthenticatedClientAction',
type: {
name: 'Enum',
module: 'UnauthenticatedClientAction'
}
},
token_store_enabled: {
client_side_validation: true,
required: false,
serialized_name: 'properties.tokenStoreEnabled',
type: {
name: 'Boolean'
}
},
allowed_external_redirect_urls: {
client_side_validation: true,
required: false,
serialized_name: 'properties.allowedExternalRedirectUrls',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
default_provider: {
client_side_validation: true,
required: false,
serialized_name: 'properties.defaultProvider',
type: {
name: 'Enum',
module: 'BuiltInAuthenticationProvider'
}
},
token_refresh_extension_hours: {
client_side_validation: true,
required: false,
serialized_name: 'properties.tokenRefreshExtensionHours',
type: {
name: 'Double'
}
},
client_id: {
client_side_validation: true,
required: false,
serialized_name: 'properties.clientId',
type: {
name: 'String'
}
},
client_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.clientSecret',
type: {
name: 'String'
}
},
client_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.clientSecretSettingName',
type: {
name: 'String'
}
},
client_secret_certificate_thumbprint: {
client_side_validation: true,
required: false,
serialized_name: 'properties.clientSecretCertificateThumbprint',
type: {
name: 'String'
}
},
issuer: {
client_side_validation: true,
required: false,
serialized_name: 'properties.issuer',
type: {
name: 'String'
}
},
validate_issuer: {
client_side_validation: true,
required: false,
serialized_name: 'properties.validateIssuer',
type: {
name: 'Boolean'
}
},
allowed_audiences: {
client_side_validation: true,
required: false,
serialized_name: 'properties.allowedAudiences',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
additional_login_params: {
client_side_validation: true,
required: false,
serialized_name: 'properties.additionalLoginParams',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
aad_claims_authorization: {
client_side_validation: true,
required: false,
serialized_name: 'properties.aadClaimsAuthorization',
type: {
name: 'String'
}
},
google_client_id: {
client_side_validation: true,
required: false,
serialized_name: 'properties.googleClientId',
type: {
name: 'String'
}
},
google_client_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.googleClientSecret',
type: {
name: 'String'
}
},
google_client_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.googleClientSecretSettingName',
type: {
name: 'String'
}
},
google_oauth_scopes: {
client_side_validation: true,
required: false,
serialized_name: 'properties.googleOAuthScopes',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
facebook_app_id: {
client_side_validation: true,
required: false,
serialized_name: 'properties.facebookAppId',
type: {
name: 'String'
}
},
facebook_app_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.facebookAppSecret',
type: {
name: 'String'
}
},
facebook_app_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.facebookAppSecretSettingName',
type: {
name: 'String'
}
},
facebook_oauth_scopes: {
client_side_validation: true,
required: false,
serialized_name: 'properties.facebookOAuthScopes',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
git_hub_client_id: {
client_side_validation: true,
required: false,
serialized_name: 'properties.gitHubClientId',
type: {
name: 'String'
}
},
git_hub_client_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.gitHubClientSecret',
type: {
name: 'String'
}
},
git_hub_client_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.gitHubClientSecretSettingName',
type: {
name: 'String'
}
},
git_hub_oauth_scopes: {
client_side_validation: true,
required: false,
serialized_name: 'properties.gitHubOAuthScopes',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
twitter_consumer_key: {
client_side_validation: true,
required: false,
serialized_name: 'properties.twitterConsumerKey',
type: {
name: 'String'
}
},
twitter_consumer_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.twitterConsumerSecret',
type: {
name: 'String'
}
},
twitter_consumer_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.twitterConsumerSecretSettingName',
type: {
name: 'String'
}
},
microsoft_account_client_id: {
client_side_validation: true,
required: false,
serialized_name: 'properties.microsoftAccountClientId',
type: {
name: 'String'
}
},
microsoft_account_client_secret: {
client_side_validation: true,
required: false,
serialized_name: 'properties.microsoftAccountClientSecret',
type: {
name: 'String'
}
},
microsoft_account_client_secret_setting_name: {
client_side_validation: true,
required: false,
serialized_name: 'properties.microsoftAccountClientSecretSettingName',
type: {
name: 'String'
}
},
microsoft_account_oauth_scopes: {
client_side_validation: true,
required: false,
serialized_name: 'properties.microsoftAccountOAuthScopes',
type: {
name: 'Sequence',
element: {
client_side_validation: true,
required: false,
serialized_name: 'StringElementType',
type: {
name: 'String'
}
}
}
},
is_auth_from_file: {
client_side_validation: true,
required: false,
serialized_name: 'properties.isAuthFromFile',
type: {
name: 'String'
}
},
auth_file_path: {
client_side_validation: true,
required: false,
serialized_name: 'properties.authFilePath',
type: {
name: 'String'
}
}
}
}
}
end
end
end
end