Command

Keyword

Value

Developer notes

SET

CLIENT.ID

Value

The client_id is a public identifier for apps. Even though it’s public, it is best that it is not guessable by third parties, so many implementations use something like a 32-character hex string.
Ex- Foursquare: ZYDPLLBWSK3MVQJSIYHB1OR2JXCY0X2C5UJ2QAR2MAAIT5Q

CLIENT.SECRET

Value

The client_secret is a secret known only to the application and the authorization server. It is essential the application’s own password. It must be sufficiently random to not be guessable, which means you should avoid using common UUID libraries which often take into account the timestamp or MAC address of the server generating it.
Ex - A great way to generate a secure secret is to use a cryptographically-secure library to generate a 256-bit value and then convert it to a hexadecimal representation.
In PHP, you can use the random_bytes function and convert to a hex string:
bin2hex(random_bytes(32));
Lq08Q~EtgN-BpoINX6msRD9GL_cCx

AUTH.TOKEN.ENDPOINT

Value

Token endpoint is used by the application in order to get an access token or a refresh token. It is used by all flows except for the Implicit Flow because in that case an access token is issued directly.
Ex -https://login.microsoftonline.com/5c951c05-0f75-44ef-6223f150a449/oauth2/v2.0/token

AUTH.SCOPE

Value

Scope is a way to limit an app’s access to a user’s data. Rather than granting complete access to a user’s account, it is often useful to give apps a way to request a more limited scope of what they are allowed to do on behalf of a user.
Ex- https://outlook.office365.com/.default

TOKEN.CACHE

Value

This is a boolean parameter to save the token at the mentioned directory. It can have two values- true or false.
Ex - Token.cache = true
In this case generated token will be saved at the path mentioned in
Token.cache.dir parameter.

TOKEN.CACHE.DIR

Value

It is a directory where user wants to save the token while caching.
Ex- C:\Program Files (x86)\LANSA\dummy