Merge branch '17335-oidc-auth-params'

[arvados.git] / lib / config / config.default.yml

diff --git a/lib/config/config.default.yml b/lib/config/config.default.yml
index db0b363582d69b9a0ad43dead14b1825a1834f21..68e518732d6f85b8ef377a4f22ea1efebf16af46 100644 (file)
--- a/lib/config/config.default.yml
+++ b/lib/config/config.default.yml
@@ -567,6 +567,17 @@ Clusters:
         # work. If false, only the primary email address will be used.
         AlternateEmailAddresses: true
 
+        # Send additional parameters with authentication requests. See
+        # https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters
+        # for a list of supported parameters.
+        AuthenticationRequestParameters:
+          # Show the "choose which Google account" page, even if the
+          # client is currently logged in to exactly one Google
+          # account.
+          prompt: select_account
+
+          SAMPLE: ""
+
       OpenIDConnect:
         # Authenticate with an OpenID Connect provider.
         Enable: false
@@ -601,6 +612,14 @@ Clusters:
         # address.
         UsernameClaim: ""
 
+        # Send additional parameters with authentication requests,
+        # like {display: page, prompt: consent}. See
+        # https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+        # and refer to your provider's documentation for supported
+        # parameters.
+        AuthenticationRequestParameters:
+          SAMPLE: ""
+
       PAM:
         # (Experimental) Use PAM to authenticate users.
         Enable: false