X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/38a0f5e77f2190487d03d6538337d3b7055fd1e8..1118101f84c013e4a9f8d33d1f2f9c072c6ff4aa:/lib/config/generated_config.go

diff --git a/lib/config/generated_config.go b/lib/config/generated_config.go
index df4b028622..6135e2a3c6 100644
--- a/lib/config/generated_config.go
+++ b/lib/config/generated_config.go
@@ -164,6 +164,13 @@ Clusters:
         dbname: ""
         SAMPLE: ""
     API:
+      # Limits for how long a client token created by regular users can be valid,
+      # and also is used as a default expiration policy when no expiration date is
+      # specified.
+      # Default value zero menans token expirations don't get clamped and no
+      # default expiration is set.
+      MaxTokenLifetime: 0s
+
       # Maximum size (in bytes) allowed for a single API request.  This
       # limit is published in the discovery document for use by clients.
       # Note: You must separately configure the upstream web server or
@@ -203,7 +210,7 @@ Clusters:
       # * 1.1) fits comfortably in memory. On a host dedicated to running
       # Keepstore, divide total memory by 88MiB to suggest a suitable value.
       # For example, if grep MemTotal /proc/meminfo reports MemTotal: 7125440
-      # kB, compute 7125440 / (88 * 1024)=79 and configure MaxBuffers: 79
+      # kB, compute 7125440 / (88 * 1024)=79 and set MaxKeepBlobBuffers: 79
       MaxKeepBlobBuffers: 128
 
       # API methods to disable. Disabled methods are not listed in the
@@ -573,6 +580,17 @@ Clusters:
         # work. If false, only the primary email address will be used.
         AlternateEmailAddresses: true
 
+        # Send additional parameters with authentication requests. See
+        # https://developers.google.com/identity/protocols/oauth2/openid-connect#authenticationuriparameters
+        # for a list of supported parameters.
+        AuthenticationRequestParameters:
+          # Show the "choose which Google account" page, even if the
+          # client is currently logged in to exactly one Google
+          # account.
+          prompt: select_account
+
+          SAMPLE: ""
+
       OpenIDConnect:
         # Authenticate with an OpenID Connect provider.
         Enable: false
@@ -607,6 +625,14 @@ Clusters:
         # address.
         UsernameClaim: ""
 
+        # Send additional parameters with authentication requests,
+        # like {display: page, prompt: consent}. See
+        # https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+        # and refer to your provider's documentation for supported
+        # parameters.
+        AuthenticationRequestParameters:
+          SAMPLE: ""
+
       PAM:
         # (Experimental) Use PAM to authenticate users.
         Enable: false