-
Notifications
You must be signed in to change notification settings - Fork 0
/
tenant.yaml
197 lines (197 loc) · 4.73 KB
/
tenant.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
rules: []
rulesConfigs: []
pages: []
resourceServers:
- name: mobile
identifier: mobile
allow_offline_access: true
enforce_policies: true
signing_alg: RS256
skip_consent_for_verifiable_first_party_clients: true
token_dialect: access_token_authz
token_lifetime: 86400
token_lifetime_for_web: 7200
clients:
- name: Native App
allowed_clients: []
allowed_logout_urls: '@@NATIVE_APP_LOGOUT_URLS@@'
app_type: native
callbacks: '@@NATIVE_APP_CALLBACK_URLS@@'
client_aliases: []
cross_origin_auth: false
custom_login_page_on: true
grant_types:
- authorization_code
- implicit
- refresh_token
is_first_party: true
is_token_endpoint_ip_header_trusted: false
jwt_configuration:
alg: RS256
lifetime_in_seconds: 36000
secret_encoded: false
native_social_login:
apple:
enabled: false
facebook:
enabled: false
oidc_conformant: true
organization_require_behavior: no_prompt
refresh_token:
expiration_type: non-expiring
leeway: 0
infinite_token_lifetime: true
infinite_idle_token_lifetime: true
token_lifetime: 2592000
idle_token_lifetime: 1296000
rotation_type: non-rotating
sso_disabled: false
token_endpoint_auth_method: none
- name: deploy-cli
app_type: non_interactive
cross_origin_auth: false
custom_login_page_on: true
grant_types:
- client_credentials
is_first_party: true
is_token_endpoint_ip_header_trusted: false
jwt_configuration:
alg: RS256
lifetime_in_seconds: 36000
secret_encoded: false
oidc_conformant: true
refresh_token:
expiration_type: non-expiring
leeway: 0
infinite_token_lifetime: true
infinite_idle_token_lifetime: true
token_lifetime: 31557600
idle_token_lifetime: 2592000
rotation_type: non-rotating
sso_disabled: false
token_endpoint_auth_method: client_secret_post
databases:
- name: Username-Password-Authentication
strategy: auth0
enabled_clients:
- deploy-cli
- Native App
is_domain_connection: false
options:
mfa:
active: true
return_enroll_settings: true
passwordPolicy: good
passkey_options:
challenge_ui: both
local_enrollment_enabled: true
progressive_enrollment_enabled: true
strategy_version: 2
authentication_methods:
passkey:
enabled: false
password:
enabled: true
brute_force_protection: true
realms:
- Username-Password-Authentication
connections: []
tenant:
default_audience: ''
default_directory: ''
enabled_locales:
- en
flags:
revoke_refresh_token_grant: false
disable_clickjack_protection_headers: false
oidc_logout:
rp_logout_end_session_endpoint_discovery: true
sandbox_version: '18'
emailProvider: {}
emailTemplates: []
clientGrants: []
guardianFactors:
- name: duo
enabled: false
- name: email
enabled: false
- name: otp
enabled: false
- name: push-notification
enabled: false
- name: recovery-code
enabled: false
- name: sms
enabled: false
- name: webauthn-platform
enabled: false
- name: webauthn-roaming
enabled: false
guardianFactorProviders: []
guardianFactorTemplates: []
guardianPolicies:
policies: []
guardianPhoneFactorSelectedProvider:
provider: auth0
guardianPhoneFactorMessageTypes:
message_types: []
roles: []
branding:
templates: []
prompts:
customText: {}
partials: {}
universal_login_experience: new
migrations: {}
actions:
- name: Hasura User Sync and JWT Claims
code: ./actions/Hasura User Sync and JWT Claims/code.js
dependencies:
- name: node-fetch
version: 2.7.0
deployed: true
runtime: node18-actions
secrets:
- name: HASURA_GRAPHQL_ENDPOINT
- name: HASURA_GRAPHQL_ADMIN_SECRET
status: built
supported_triggers:
- id: post-login
version: v3
triggers:
post-login:
- action_name: Hasura User Sync and JWT Claims
display_name: Hasura User Sync and JWT Claims
organizations: []
attackProtection:
breachedPasswordDetection:
enabled: false
shields: []
admin_notification_frequency: []
method: standard
stage:
pre-user-registration:
shields: []
bruteForceProtection:
enabled: true
shields:
- block
- user_notification
mode: count_per_identifier_and_ip
allowlist: []
max_attempts: 10
suspiciousIpThrottling:
enabled: true
shields:
- admin_notification
- block
allowlist: []
stage:
pre-login:
max_attempts: 100
rate: 864000
pre-user-registration:
max_attempts: 50
rate: 1200
logStreams: []
themes: []