GS2-Account Deploy/CDK Reference
The template format used when creating stacks with GS2-Deploy, and implementation examples of template output in various languages using CDK
Entities
Resources managed by the Deploy operation
Namespace
Namespace
A Namespace allows multiple independent instances of the same service within a single project by separating data spaces and usage contexts. Each GS2 service is managed on a per-namespace basis. Even when using the same service, if the namespace differs, the data is treated as a completely independent data space.
Therefore, you must create a namespace before you can start using each service.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| name | string | ✓ |
~ 128 chars | Namespace name Namespace-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). |
||
| description | string | ~ 1024 chars | Description | |||
| transactionSetting | TransactionSetting | Transaction Setting | ||||
| changePasswordIfTakeOver | bool | false | Whether to change the password when taking over the account Specifies whether to change the password when taking over the account. This setting allows you to restrict logins from the device used before the takeover after the takeover is completed. |
|||
| differentUserIdForLoginAndDataRetention | bool | false | Whether to use different user IDs for login and data retention Specifies whether to use different user IDs for login and data retention. This setting may help comply with privacy requirements defined by the platform provider with less implementation effort. *This parameter can only be set when creating a namespace. |
|||
| createAccountScript | ScriptSetting | Script to run when creating an account Used to implement custom logic for creating an account. Script Trigger Reference - createAccount |
||||
| authenticationScript | ScriptSetting | Script to run when authenticated Used to implement custom logic for authentication. Script Trigger Reference - authentication |
||||
| createTakeOverScript | ScriptSetting | Script to run when creating a takeover If you want to give a reward when you register TakeOver Information for the first time, you can use this to add custom logic to increase the GS2-Mission counter. Script Trigger Reference - createTakeOver |
||||
| doTakeOverScript | ScriptSetting | Script to run when taking over Used to implement custom logic for taking over. Script Trigger Reference - doTakeOver |
||||
| banScript | ScriptSetting | Script to run when adding Account Ban Status Script Trigger Reference - ban |
||||
| unBanScript | ScriptSetting | Script to run when removing Account Ban Status Script Trigger Reference - unBan |
||||
| logSetting | LogSetting | Log Output Setting Manages Log Output Setting. This type holds the GS2-Log namespace information used to output log data. |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | Namespace | Namespace created |
Implementation Example
Type: GS2::Account::Namespace
Properties:
Name: namespace-0001
Description: null
TransactionSetting: null
ChangePasswordIfTakeOver: false
DifferentUserIdForLoginAndDataRetention: null
CreateAccountScript: null
AuthenticationScript: null
CreateTakeOverScript: null
DoTakeOverScript: null
BanScript: null
UnBanScript: null
LogSetting:
LoggingNamespaceId: grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/account"
)
SampleStack := core.NewStack()
account.NewNamespace(
&SampleStack,
"namespace-0001",
account.NamespaceOptions{
ChangePasswordIfTakeOver: false,
LogSetting: &core.LogSetting{
LoggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001",
},
},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Account\Model\Namespace_(
stack: $this,
name: "namespace-0001",
options: new \Gs2Cdk\Account\Model\Options\NamespaceOptions(
changePasswordIfTakeOver: false,
logSetting: new \Gs2Cdk\Core\Model\LogSetting(
loggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
)
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.account.model.Namespace(
this,
"namespace-0001",
new io.gs2.cdk.account.model.options.NamespaceOptions()
.withChangePasswordIfTakeOver(false)
.withLogSetting(new io.gs2.cdk.core.model.LogSetting(
"grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
))
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Account.Model.Namespace(
stack: this,
name: "namespace-0001",
options: new Gs2Cdk.Gs2Account.Model.Options.NamespaceOptions
{
changePasswordIfTakeOver = false,
logSetting = new Gs2Cdk.Core.Model.LogSetting(
loggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
}
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import account from "@/gs2cdk/account";
class SampleStack extends core.Stack
{
public constructor() {
super();
new account.model.Namespace(
this,
"namespace-0001",
{
changePasswordIfTakeOver: false,
logSetting: new core.LogSetting(
"grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
}
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, account
class SampleStack(Stack):
def __init__(self):
super().__init__()
account.Namespace(
stack=self,
name='namespace-0001',
options=account.NamespaceOptions(
change_password_if_take_over=False,
log_setting=core.LogSetting(
logging_namespace_id='grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001',
),
),
)
print(SampleStack().yaml()) # Generate TemplateTransactionSetting
Transaction Setting
Transaction Setting controls execution methods, consistency, asynchronous processing, and conflict avoidance mechanisms of transactions. Combining features like AutoRun, AtomicCommit, asynchronous execution using GS2-Distributor, batch application of script results, and asynchronous processing of Acquire Actions via GS2-JobQueue enables robust transaction management tailored to game logic.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| enableAutoRun | bool | false | Whether to automatically execute issued transactions on the server side | |||
| enableAtomicCommit | bool | {enableAutoRun} == true | false | Whether to commit the execution of transactions atomically * Enabled only if enableAutoRun is true |
||
| transactionUseDistributor | bool | {enableAtomicCommit} == true | false | Whether to execute transactions asynchronously * Enabled only if enableAtomicCommit is true |
||
| commitScriptResultInUseDistributor | bool | {transactionUseDistributor} == true | false | Whether to execute the commit processing of the script result asynchronously * Enabled only if transactionUseDistributor is true |
||
| acquireActionUseJobQueue | bool | {enableAtomicCommit} == true | false | Whether to use GS2-JobQueue to execute the acquire action * Enabled only if enableAtomicCommit is true |
||
| distributorNamespaceId | string | “grn:gs2:{region}:{ownerId}:distributor:default” | ~ 1024 chars | GS2-Distributor Namespace GRN used to execute transactions | ||
| queueNamespaceId | string | “grn:gs2:{region}:{ownerId}:queue:default” | ~ 1024 chars | GS2-JobQueue Namespace GRN used to execute transactions |
ScriptSetting
Script Setting
In GS2, you can associate custom scripts with microservice events and execute them. This model holds the settings for triggering script execution.
There are two main ways to execute a script: synchronous execution and asynchronous execution. Because synchronous execution blocks processing until the script finishes executing, you can use the script result to stop the API execution or control the API response.
In contrast, asynchronous execution does not block processing until the script has finished executing. However, because the script result cannot be used to stop the API execution or modify the API response, asynchronous execution does not affect the API response flow and is generally recommended.
There are two types of asynchronous execution methods: GS2-Script and Amazon EventBridge. By using Amazon EventBridge, you can write processing in languages other than Lua.
| Type | Condition | Required | Default | Value Limits | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| triggerScriptId | string | ~ 1024 chars | GS2-Script script
GRN
executed synchronously when the API is executed Must be specified in GRN format starting with “grn:gs2:”. |
|||||||||||
| doneTriggerTargetType | string (enum) enum { “none”, “gs2_script”, “aws” } |
“none” | How to execute asynchronous scripts Specifies the type of script to use for asynchronous execution. You can choose from “Do not use asynchronous execution (none)”, “Use GS2-Script (gs2_script)”, and “Use Amazon EventBridge (aws)”.
|
|||||||||||
| doneTriggerScriptId | string | {doneTriggerTargetType} == “gs2_script” | ~ 1024 chars | GS2-Script script
GRN
for asynchronous execution Must be specified in GRN format starting with “grn:gs2:”. * Enabled only if doneTriggerTargetType is “gs2_script” |
||||||||||
| doneTriggerQueueNamespaceId | string | {doneTriggerTargetType} == “gs2_script” | ~ 1024 chars | GS2-JobQueue namespace
GRN
to execute asynchronous execution scripts If you want to execute asynchronous execution scripts via GS2-JobQueue instead of executing them directly, specify the GS2-JobQueue namespace GRN. There are not many cases where GS2-JobQueue is required, so you generally do not need to specify it unless you have a specific reason. * Enabled only if doneTriggerTargetType is “gs2_script” |
LogSetting
Log Output Setting
Log Output Setting defines how log data is exported. This type holds the GS2-Log namespace identifier (Namespace ID), which is used to export log data. Specify the GS2-Log namespace where log data is collected and stored in the GRN format for the Log Namespace ID (loggingNamespaceId). Configuring this setting ensures that log data for API requests and responses occurring within the specified namespace is output to the target GS2-Log namespace. GS2-Log provides real-time logs that can be used for system monitoring, analysis, debugging, and other operational purposes.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| loggingNamespaceId | string | ✓ |
~ 1024 chars | GS2-Log namespace
GRN
to output logs Must be specified in GRN format starting with “grn:gs2:”. |
CurrentModelMaster
Master data of the currently active TakeOver Type Model
This master data defines the TakeOver Type Models currently active within the namespace. GS2 uses JSON format files for managing master data. By uploading these files, the master data are updated on the server.
To create JSON files, GS2 provides a master data editor within the management console. Additionally, you can create tools better suited for game operations and export JSON files in the appropriate format.
Note
Please refer to GS2-Account Master Data Reference for the JSON file format.Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| namespaceName | string | ✓ |
~ 128 chars | Namespace name Namespace-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). |
||||||||
| mode | string (enum) enum { “direct”, “preUpload” } |
“direct” | Update mode
|
|||||||||
| settings | string | {mode} == “direct” | ✓* |
~ 5242880 chars | Master Data * Required if mode is “direct” |
|||||||
| uploadToken | string | {mode} == “preUpload” | ✓* |
~ 1024 chars | Token obtained by pre-upload Used to apply the uploaded master data. * Required if mode is “preUpload” |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | CurrentModelMaster | Updated master data of the currently active TakeOver Type Model |
Implementation Example
Type: GS2::Account::CurrentModelMaster
Properties:
NamespaceName: namespace-0001
Mode: direct
Settings: {
"version": "2024-07-30",
"takeOverTypeModels": [
{
"type": 0,
"openIdConnectSetting":
{
"configurationPath": "https://accounts.google.com/.well-known/openid-configuration",
"clientId": "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
"clientSecret": "secret"
},
"metadata": "Google"
},
{
"type": 1,
"openIdConnectSetting":
{
"configurationPath": "https://appleid.apple.com/.well-known/openid-configuration",
"clientId": "io.gs2.sample.auth",
"appleTeamId": "9LX9LA85H8",
"appleKeyId": "P937MLY6Z7",
"applePrivateKeyPem": "-----BEGIN PRIVATE KEY-----\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n-----END PRIVATE KEY-----"
},
"metadata": "Apple"
}
]
}
UploadToken: nullimport (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/account"
"github.com/openlyinc/pointy"
)
SampleStack := core.NewStack()
account.NewNamespace(
&SampleStack,
"namespace-0001",
account.NamespaceOptions{},
).MasterData(
[]account.TakeOverTypeModel{
account.NewTakeOverTypeModel(
0,
account.NewOpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
account.OpenIdConnectSettingOptions{
ClientSecret: pointy.String("secret"),
},
),
account.TakeOverTypeModelOptions{
Metadata: pointy.String("Google"),
},
),
account.NewTakeOverTypeModel(
1,
account.NewOpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
account.OpenIdConnectSettingOptions{
AppleTeamId: pointy.String("9LX9LA85H8"),
AppleKeyId: pointy.String("P937MLY6Z7"),
ApplePrivateKeyPem: pointy.String("-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"),
},
),
account.TakeOverTypeModelOptions{
Metadata: pointy.String("Apple"),
},
),
},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
(new \Gs2Cdk\Account\Model\Namespace_(
stack: $this,
name: "namespace-0001"
))->masterData(
[
new \Gs2Cdk\Account\Model\TakeOverTypeModel(
type:0,
openIdConnectSetting:new \Gs2Cdk\Account\Model\OpenIdConnectSetting(
configurationPath: "https://accounts.google.com/.well-known/openid-configuration",
clientId: "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
options: new \Gs2Cdk\Account\Model\Options\OpenIdConnectSettingOptions(
clientSecret: "secret",
),
),
options: new \Gs2Cdk\Account\Model\Options\TakeOverTypeModelOptions(
metadata:"Google"
)
),
new \Gs2Cdk\Account\Model\TakeOverTypeModel(
type:1,
openIdConnectSetting:new \Gs2Cdk\Account\Model\OpenIdConnectSetting(
configurationPath: "https://appleid.apple.com/.well-known/openid-configuration",
clientId: "io.gs2.sample.auth",
options: new \Gs2Cdk\Account\Model\Options\OpenIdConnectSettingOptions(
appleTeamId: "9LX9LA85H8",
appleKeyId: "P937MLY6Z7",
applePrivateKeyPem: "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----",
),
),
options: new \Gs2Cdk\Account\Model\Options\TakeOverTypeModelOptions(
metadata:"Apple"
)
)
]
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.account.model.Namespace(
this,
"namespace-0001"
).masterData(
Arrays.asList(
new io.gs2.cdk.account.model.TakeOverTypeModel(
0,
new io.gs2.cdk.account.model.OpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
new io.gs2.cdk.account.model.options.OpenIdConnectSettingOptions()
.withClientSecret("secret")
),
new io.gs2.cdk.account.model.options.TakeOverTypeModelOptions()
.withMetadata("Google")
),
new io.gs2.cdk.account.model.TakeOverTypeModel(
1,
new io.gs2.cdk.account.model.OpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
new io.gs2.cdk.account.model.options.OpenIdConnectSettingOptions()
.withAppleTeamId("9LX9LA85H8")
.withAppleKeyId("P937MLY6Z7")
.withApplePrivateKeyPem("-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----")
),
new io.gs2.cdk.account.model.options.TakeOverTypeModelOptions()
.withMetadata("Apple")
)
)
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Account.Model.Namespace(
stack: this,
name: "namespace-0001"
).MasterData(
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel[] {
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel(
type: 0,
openIdConnectSetting: new Gs2Cdk.Gs2Account.Model.OpenIdConnectSetting(
configurationPath: "https://accounts.google.com/.well-known/openid-configuration",
clientId: "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
options: new Gs2Cdk.Gs2Account.Model.Options.OpenIdConnectSettingOptions
{
clientSecret = "secret"
}
),
options: new Gs2Cdk.Gs2Account.Model.Options.TakeOverTypeModelOptions
{
metadata = "Google"
}
),
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel(
type: 1,
openIdConnectSetting: new Gs2Cdk.Gs2Account.Model.OpenIdConnectSetting(
configurationPath: "https://appleid.apple.com/.well-known/openid-configuration",
clientId: "io.gs2.sample.auth",
options: new Gs2Cdk.Gs2Account.Model.Options.OpenIdConnectSettingOptions
{
appleTeamId = "9LX9LA85H8",
appleKeyId = "P937MLY6Z7",
applePrivateKeyPem = "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"
}
),
options: new Gs2Cdk.Gs2Account.Model.Options.TakeOverTypeModelOptions
{
metadata = "Apple"
}
)
}
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import account from "@/gs2cdk/account";
class SampleStack extends core.Stack
{
public constructor() {
super();
new account.model.Namespace(
this,
"namespace-0001",
).masterData(
[
new account.model.TakeOverTypeModel(
0,
new account.model.OpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
{
clientSecret: "secret"
}
),
{
metadata: "Google"
}
),
new account.model.TakeOverTypeModel(
1,
new account.model.OpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
{
appleTeamId: "9LX9LA85H8",
appleKeyId: "P937MLY6Z7",
applePrivateKeyPem: "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"
}
),
{
metadata: "Apple"
}
)
]
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, account
class SampleStack(Stack):
def __init__(self):
super().__init__()
account.Namespace(
stack=self,
name="namespace-0001",
).master_data(
take_over_type_models=[
account.TakeOverTypeModel(
type=0,
open_id_connect_setting=account.OpenIdConnectSetting(
configuration_path='https://accounts.google.com/.well-known/openid-configuration',
client_id='695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com',
options=account.OpenIdConnectSettingOptions(
client_secret='secret',
),
),
options=account.TakeOverTypeModelOptions(
metadata = 'Google'
),
),
account.TakeOverTypeModel(
type=1,
open_id_connect_setting=account.OpenIdConnectSetting(
configuration_path='https://appleid.apple.com/.well-known/openid-configuration',
client_id='io.gs2.sample.auth',
options=account.OpenIdConnectSettingOptions(
apple_team_id='9LX9LA85H8',
apple_key_id='P937MLY6Z7',
apple_private_key_pem='-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----',
),
),
options=account.TakeOverTypeModelOptions(
metadata = 'Apple'
),
),
],
)
print(SampleStack().yaml()) # Generate TemplateTakeOverTypeModel
TakeOver Type Model
This model defines TakeOver Information.
TakeOver Information is used when changing devices or moving/sharing an account across platforms. It consists of a unique string that identifies an individual and a password; by entering the correct combination, an Account (GS2 anonymous account) can be retrieved.
Multiple sets of TakeOver Information can be configured for a single Account. To configure multiple sets, you must assign each one to a different slot. Slots can be specified from 0 to 1024, allowing for up to 1,025 types of TakeOver Information to be set.
A typical example would be to store the account information for “Sign in with Apple” in slot 0 and the information for a Google account in slot 1. It should be noted that this TakeOver Information serves only as a container for data; the authentication mechanism for social accounts must be prepared separately.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| takeOverTypeModelId | string | * |
~ 1024 chars | Takeover Type Model
GRN
* Set automatically by the server |
||
| type | int | ✓ |
0 ~ 1024 | Slot Number Specified in the range of 0 to 1024 to distinguish different types of TakeOver Information. |
||
| metadata | string | ~ 2048 chars | Metadata Arbitrary values can be set in the metadata. Since they do not affect GS2’s behavior, they can be used to store information used in the game. |
|||
| openIdConnectSetting | OpenIdConnectSetting | ✓ |
OpenID Connect Configuration Configuration for integrating with an OpenID Connect-compliant Identity Provider (IdP). Includes the discovery URL, client credentials, and platform-specific settings such as Apple Sign In parameters. |
OpenIdConnectSetting
OpenID Connect Configuration
By registering the settings of an OpenID Connect-compliant IdP, IdP integration can be configured and used as TakeOver Information.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| configurationPath | string | ✓ |
~ 1024 chars | OpenID Connect Configuration URL The discovery endpoint URL of the OpenID Connect provider. Must follow the well-known format (e.g., https://example.com/.well-known/openid-configuration). |
||
| clientId | string | ✓ |
~ 1024 chars | Client ID The client ID of the application registered with the IdP. |
||
| clientSecret | string | {configurationPath} != “https://appleid.apple.com/.well-known/openid-configuration” | ✓* |
~ 1024 chars | Client Secret * clientSecret is required when the configurationPath is not “https://appleid.apple.com/.well-known/openid-configuration”, i.e., for other IdP integrations. |
|
| appleTeamId | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* |
~ 1024 chars | Team ID of Apple Developer The team ID from the Apple Developer account. Required for Apple Sign In authentication. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” |
|
| appleKeyId | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* |
~ 1024 chars | Key ID registered with Apple The key ID registered in the Apple Developer account for Sign in with Apple. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” |
|
| applePrivateKeyPem | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* |
~ 10240 chars | Private Key received from Apple The private key in PEM format downloaded from the Apple Developer portal. Required for Apple Sign In authentication. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” |
|
| doneEndpointUrl | string | ~ 1024 chars | Redirect URL after authentication is completed If not specified, it will transition to /authorization/done. id_token is attached to the Query String. |
|||
| additionalScopeValues | List<ScopeValue> | [] | 0 ~ 10 items | Additional scopes obtained with OpenID Connect Additional OAuth scopes to request from the IdP beyond the default OpenID Connect scopes. Allows retrieving extra user information during authentication. |
||
| additionalReturnValues | List<string> | [] | 0 ~ 10 items | Additional values returned from OpenID Connect Additional claim names from the ID token or UserInfo response to include in the return values. Specified claims are extracted and returned alongside the standard authentication result. |
ScopeValue
Scope Value
A key-value pair representing an additional OAuth scope value obtained during OpenID Connect authentication. Used to store extra data retrieved from the IdP beyond the standard OpenID Connect claims.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| key | string | ✓ |
~ 64 chars | Name The scope name that was requested from the IdP during authentication. |
||
| value | string | ~ 51200 chars | Value The value returned by the IdP for the corresponding scope. |