OptionalaudienceThe endpoint the Identity Provider asks you to send users to log in, or authorize your application.
This is the Client ID of your application, provided to you by the Identity Provider you're using to authenticate users.
This is the Client Secret of your application, provided to you by the Identity Provider you're using to authenticate users.
OptionalcodeThe code challenge method to use when sending the authorization request. This is used when the Identity Provider requires a code challenge to be sent with the authorization request.
OptionalcookieThe name of the cookie used to keep state and code verifier around.
The OAuth2 flow requires generating a random state and code verifier, and then checking that the state matches when the user is redirected back to the application. This is done to prevent CSRF attacks.
The state and code verifier are stored in a cookie, and this option allows you to customize the name of that cookie if needed.
The URL of your application where the Identity Provider will redirect the user after they've logged in or authorized your application.
OptionalscopesThe scopes you want to request from the Identity Provider, this is a list of strings that represent the permissions you want to request from the user.
The endpoint the Identity Provider uses to let's you exchange an access code for an access and refresh token.
OptionaltokenThe endpoint the Identity Provider uses to revoke an access or refresh token, this can be useful to log out the user.
The audience of the token to request from the Identity Provider. This is used when the Identity Provider requires a specific audience to be set on the token.
This can be a string or an array of strings.