GS2-Account Deploy/CDK Reference
The template format used when creating stacks with GS2-Deploy, and implementation examples of template output in various languages using CDK
Entities
Resources targeted by the Deploy operation
Namespace
Namespace
A Namespace allows multiple independent instances of the same service within a single project by separating data spaces and usage contexts. Each GS2 service is managed on a per-namespace basis. Even when using the same service, if the namespace differs, the data is treated as a completely independent data space.
Therefore, you must create a namespace before you can start using each service.
Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| name | string | ✓ | ~ 128 chars | Namespace name Namespace-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). | ||
| description | string | ~ 1024 chars | Description | |||
| transactionSetting | TransactionSetting | Transaction Setting | ||||
| changePasswordIfTakeOver | bool | false | Whether to change the password when taking over the account Specifies whether to change the password when taking over the account. This setting allows you to restrict logins from the device used before the takeover after the takeover is completed. | |||
| differentUserIdForLoginAndDataRetention | bool | false | Whether to use different user IDs for login and data retention Specifies whether to use different user IDs for login and data retention. This setting may help comply with privacy requirements defined by the platform provider with less implementation effort. *This parameter can only be set when creating a namespace. | |||
| createAccountScript | ScriptSetting | Script to run when creating an account Used to implement custom logic for creating an account. Script Trigger Reference - createAccount | ||||
| authenticationScript | ScriptSetting | Script to run when authenticated Used to implement custom logic for authentication. Script Trigger Reference - authentication | ||||
| createTakeOverScript | ScriptSetting | Script to run when creating a takeover If you want to give a reward when you register takeover information for the first time, you can use this to add custom logic to increase the GS2-Mission counter. Script Trigger Reference - createTakeOver | ||||
| doTakeOverScript | ScriptSetting | Script to run when taking over Used to implement custom logic for taking over. Script Trigger Reference - doTakeOver | ||||
| banScript | ScriptSetting | Script to run when adding Account Ban Status Script Trigger Reference - ban | ||||
| unBanScript | ScriptSetting | Script to run when removing Account Ban Status Script Trigger Reference - unBan | ||||
| logSetting | LogSetting | Log Output Setting Manages Log Output Setting. This type holds the GS2-Log namespace information used to output log data. |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | Namespace | Namespace created |
Implementation Example
Type: GS2::Account::Namespace
Properties:
Name: namespace-0001
Description: null
TransactionSetting: null
ChangePasswordIfTakeOver: false
DifferentUserIdForLoginAndDataRetention: null
CreateAccountScript: null
AuthenticationScript: null
CreateTakeOverScript: null
DoTakeOverScript: null
BanScript: null
UnBanScript: null
LogSetting:
LoggingNamespaceId: grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001import (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/account"
)
SampleStack := core.NewStack()
account.NewNamespace(
&SampleStack,
"namespace-0001",
account.NamespaceOptions{
ChangePasswordIfTakeOver: false,
LogSetting: &core.LogSetting{
LoggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001",
},
},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
new \Gs2Cdk\Account\Model\Namespace_(
stack: $this,
name: "namespace-0001",
options: new \Gs2Cdk\Account\Model\Options\NamespaceOptions(
changePasswordIfTakeOver: false,
logSetting: new \Gs2Cdk\Core\Model\LogSetting(
loggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
)
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.account.model.Namespace(
this,
"namespace-0001",
new io.gs2.cdk.account.model.options.NamespaceOptions()
.withChangePasswordIfTakeOver(false)
.withLogSetting(new io.gs2.cdk.core.model.LogSetting(
"grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
))
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Account.Model.Namespace(
stack: this,
name: "namespace-0001",
options: new Gs2Cdk.Gs2Account.Model.Options.NamespaceOptions
{
changePasswordIfTakeOver = false,
logSetting = new Gs2Cdk.Core.Model.LogSetting(
loggingNamespaceId: "grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
}
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import account from "@/gs2cdk/account";
class SampleStack extends core.Stack
{
public constructor() {
super();
new account.model.Namespace(
this,
"namespace-0001",
{
changePasswordIfTakeOver: false,
logSetting: new core.LogSetting(
"grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001"
)
}
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, account
class SampleStack(Stack):
def __init__(self):
super().__init__()
account.Namespace(
stack=self,
name='namespace-0001',
options=account.NamespaceOptions(
change_password_if_take_over=False,
log_setting=core.LogSetting(
logging_namespace_id='grn:gs2:ap-northeast-1:YourOwnerId:log:namespace-0001',
),
),
)
print(SampleStack().yaml()) # Generate TemplateTransactionSetting
Transaction Setting
Transaction Setting controls how transactions are executed, including their consistency, asynchronous processing, and conflict avoidance mechanisms. Combining features like AutoRun, AtomicCommit, asynchronous execution using GS2-Distributor, batch application of script results, and asynchronous Acquire Actions via GS2-JobQueue enables robust transaction management tailored to game logic.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| enableAutoRun | bool | false | Whether to automatically execute issued transactions on the server side | |||
| enableAtomicCommit | bool | {enableAutoRun} == true | false | Whether to commit the execution of transactions atomically * Applicable only if enableAutoRun is true | ||
| transactionUseDistributor | bool | {enableAtomicCommit} == true | false | Whether to execute transactions asynchronously * Applicable only if enableAtomicCommit is true | ||
| commitScriptResultInUseDistributor | bool | {transactionUseDistributor} == true | false | Whether to execute the commit processing of the script result asynchronously * Applicable only if transactionUseDistributor is true | ||
| acquireActionUseJobQueue | bool | {enableAtomicCommit} == true | false | Whether to use GS2-JobQueue to execute the acquire action * Applicable only if enableAtomicCommit is true | ||
| distributorNamespaceId | string | “grn:gs2:{region}:{ownerId}:distributor:default” | ~ 1024 chars | GS2-Distributor Namespace GRN used to execute transactions | ||
| queueNamespaceId | string | “grn:gs2:{region}:{ownerId}:queue:default” | ~ 1024 chars | GS2-JobQueue Namespace GRN used to execute transactions |
ScriptSetting
Script Setting
In GS2, you can associate custom scripts with microservice events and execute them. This model holds the settings for triggering script execution.
There are two main ways to execute a script: synchronous execution and asynchronous execution. Synchronous execution blocks processing until the script has finished executing. Instead, you can use the script’s execution results to halt API execution or control the API’s response content.
In contrast, asynchronous execution does not block processing until the script has finished executing. However, because the script result cannot be used to stop the API execution or modify the API response, asynchronous execution does not affect the API response flow and is generally recommended.
There are two types of asynchronous execution methods: GS2-Script and Amazon EventBridge. By using Amazon EventBridge, you can write processing in languages other than Lua.
| Type | Condition | Required | Default | Value Limits | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| triggerScriptId | string | ~ 1024 chars | GS2-Script script GRN
executed synchronously when the API is executed Must be specified in GRN format starting with “grn:gs2:”. | |||||||||||
| doneTriggerTargetType | String Enum enum { “none”, “gs2_script”, “aws” } | “none” | How to execute asynchronous scripts Specifies the type of script to use for asynchronous execution. You can choose from “Do not use asynchronous execution (none)”, “Use GS2-Script (gs2_script)”, and “Use Amazon EventBridge (aws)”.
| |||||||||||
| doneTriggerScriptId | string | {doneTriggerTargetType} == “gs2_script” | ~ 1024 chars | GS2-Script script GRN
for asynchronous execution Must be specified in GRN format starting with “grn:gs2:”. * Applicable only if doneTriggerTargetType is “gs2_script” | ||||||||||
| doneTriggerQueueNamespaceId | string | {doneTriggerTargetType} == “gs2_script” | ~ 1024 chars | GS2-JobQueue namespace GRN
to execute asynchronous execution scripts If you want to execute asynchronous execution scripts via GS2-JobQueue instead of executing them directly, specify the GS2-JobQueue namespace GRN. There are not many cases where GS2-JobQueue is required, so you generally do not need to specify it unless you have a specific reason. * Applicable only if doneTriggerTargetType is “gs2_script” |
LogSetting
Log Output Setting
Log Output Setting defines how log data is exported. This type holds the GS2-Log namespace identifier (Namespace ID) used to export log data. Specify the GS2-Log namespace where log data is collected and stored in the GRN format for the Log Namespace ID (loggingNamespaceId). Configuring this setting ensures that log data for API requests and responses occurring within the specified namespace is output to the target GS2-Log namespace. GS2-Log provides real-time logs that can be used for system monitoring, analysis, debugging, and other operational purposes.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| loggingNamespaceId | string | ✓ | ~ 1024 chars | GS2-Log namespace GRN
to output logs Must be specified in GRN format starting with “grn:gs2:”. |
CurrentModelMaster
Master data of the currently active Takeover Type Model
This master data describes the definitions of Takeover Type Models currently active within the namespace. GS2 uses JSON format files for managing master data. By uploading these files, the master data settings are updated on the server.
To create JSON files, GS2 provides a master data editor within the management console. Additionally, you can create tools better suited for game operations and export JSON files in the appropriate format.
Note
Please refer to Master Data Reference of GS2-Account for the JSON file format.Request
Resource creation and update requests
| Type | Condition | Required | Default | Value Limits | Description | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| namespaceName | string | ✓ | ~ 128 chars | Namespace name Namespace-specific name. Specified using alphanumeric characters, hyphens (-), underscores (_), and periods (.). | ||||||||
| mode | String Enum enum { “direct”, “preUpload” } | “direct” | Update mode
| |||||||||
| settings | string | {mode} == “direct” | ✓* | ~ 5242880 chars | Master Data * Required if mode is “direct” | |||||||
| uploadToken | string | {mode} == “preUpload” | ✓* | ~ 1024 chars | Token obtained by pre-upload Used to apply the uploaded master data. * Required if mode is “preUpload” |
GetAttr
Resource creation results that can be retrieved using the !GetAttr tag
| Type | Description | |
|---|---|---|
| Item | CurrentModelMaster | Updated master data of the currently active Takeover Type Model |
Implementation Example
Type: GS2::Account::CurrentModelMaster
Properties:
NamespaceName: namespace-0001
Mode: direct
Settings: {
"version": "2024-07-30",
"takeOverTypeModels": [
{
"type": 0,
"openIdConnectSetting":
{
"configurationPath": "https://accounts.google.com/.well-known/openid-configuration",
"clientId": "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
"clientSecret": "secret"
},
"metadata": "Google"
},
{
"type": 1,
"openIdConnectSetting":
{
"configurationPath": "https://appleid.apple.com/.well-known/openid-configuration",
"clientId": "io.gs2.sample.auth",
"appleTeamId": "9LX9LA85H8",
"appleKeyId": "P937MLY6Z7",
"applePrivateKeyPem": "-----BEGIN PRIVATE KEY-----\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n-----END PRIVATE KEY-----"
},
"metadata": "Apple"
}
]
}
UploadToken: nullimport (
"github.com/gs2io/gs2-golang-cdk/core"
"github.com/gs2io/gs2-golang-cdk/account"
"github.com/openlyinc/pointy"
)
SampleStack := core.NewStack()
account.NewNamespace(
&SampleStack,
"namespace-0001",
account.NamespaceOptions{},
).MasterData(
[]account.TakeOverTypeModel{
account.NewTakeOverTypeModel(
0,
account.NewOpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
account.OpenIdConnectSettingOptions{
ClientSecret: pointy.String("secret"),
},
),
account.TakeOverTypeModelOptions{
Metadata: pointy.String("Google"),
},
),
account.NewTakeOverTypeModel(
1,
account.NewOpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
account.OpenIdConnectSettingOptions{
AppleTeamId: pointy.String("9LX9LA85H8"),
AppleKeyId: pointy.String("P937MLY6Z7"),
ApplePrivateKeyPem: pointy.String("-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"),
},
),
account.TakeOverTypeModelOptions{
Metadata: pointy.String("Apple"),
},
),
},
)
println(SampleStack.Yaml()) // Generate Templateclass SampleStack extends \Gs2Cdk\Core\Model\Stack
{
function __construct() {
parent::__construct();
(new \Gs2Cdk\Account\Model\Namespace_(
stack: $this,
name: "namespace-0001"
))->masterData(
[
new \Gs2Cdk\Account\Model\TakeOverTypeModel(
type:0,
openIdConnectSetting:new \Gs2Cdk\Account\Model\OpenIdConnectSetting(
configurationPath: "https://accounts.google.com/.well-known/openid-configuration",
clientId: "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
options: new \Gs2Cdk\Account\Model\Options\OpenIdConnectSettingOptions(
clientSecret: "secret",
)
),
options: new \Gs2Cdk\Account\Model\Options\TakeOverTypeModelOptions(
metadata:"Google"
)
),
new \Gs2Cdk\Account\Model\TakeOverTypeModel(
type:1,
openIdConnectSetting:new \Gs2Cdk\Account\Model\OpenIdConnectSetting(
configurationPath: "https://appleid.apple.com/.well-known/openid-configuration",
clientId: "io.gs2.sample.auth",
options: new \Gs2Cdk\Account\Model\Options\OpenIdConnectSettingOptions(
appleTeamId: "9LX9LA85H8",
appleKeyId: "P937MLY6Z7",
applePrivateKeyPem: "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----",
)
),
options: new \Gs2Cdk\Account\Model\Options\TakeOverTypeModelOptions(
metadata:"Apple"
)
)
]
);
}
}
print((new SampleStack())->yaml()); // Generate Templateclass SampleStack extends io.gs2.cdk.core.model.Stack
{
public SampleStack() {
super();
new io.gs2.cdk.account.model.Namespace(
this,
"namespace-0001"
).masterData(
Arrays.asList(
new io.gs2.cdk.account.model.TakeOverTypeModel(
0,
new io.gs2.cdk.account.model.OpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
new io.gs2.cdk.account.model.options.OpenIdConnectSettingOptions()
.withClientSecret("secret")
),
new io.gs2.cdk.account.model.options.TakeOverTypeModelOptions()
.withMetadata("Google")
),
new io.gs2.cdk.account.model.TakeOverTypeModel(
1,
new io.gs2.cdk.account.model.OpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
new io.gs2.cdk.account.model.options.OpenIdConnectSettingOptions()
.withAppleTeamId("9LX9LA85H8")
.withAppleKeyId("P937MLY6Z7")
.withApplePrivateKeyPem("-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----")
),
new io.gs2.cdk.account.model.options.TakeOverTypeModelOptions()
.withMetadata("Apple")
)
)
);
}
}
System.out.println(new SampleStack().yaml()); // Generate Templatepublic class SampleStack : Gs2Cdk.Core.Model.Stack
{
public SampleStack() {
new Gs2Cdk.Gs2Account.Model.Namespace(
stack: this,
name: "namespace-0001"
).MasterData(
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel[] {
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel(
type: 0,
openIdConnectSetting: new Gs2Cdk.Gs2Account.Model.OpenIdConnectSetting(
configurationPath: "https://accounts.google.com/.well-known/openid-configuration",
clientId: "695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
options: new Gs2Cdk.Gs2Account.Model.Options.OpenIdConnectSettingOptions
{
clientSecret = "secret"
}
),
options: new Gs2Cdk.Gs2Account.Model.Options.TakeOverTypeModelOptions
{
metadata = "Google"
}
),
new Gs2Cdk.Gs2Account.Model.TakeOverTypeModel(
type: 1,
openIdConnectSetting: new Gs2Cdk.Gs2Account.Model.OpenIdConnectSetting(
configurationPath: "https://appleid.apple.com/.well-known/openid-configuration",
clientId: "io.gs2.sample.auth",
options: new Gs2Cdk.Gs2Account.Model.Options.OpenIdConnectSettingOptions
{
appleTeamId = "9LX9LA85H8",
appleKeyId = "P937MLY6Z7",
applePrivateKeyPem = "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"
}
),
options: new Gs2Cdk.Gs2Account.Model.Options.TakeOverTypeModelOptions
{
metadata = "Apple"
}
)
}
);
}
}
Debug.Log(new SampleStack().Yaml()); // Generate Templateimport core from "@/gs2cdk/core";
import account from "@/gs2cdk/account";
class SampleStack extends core.Stack
{
public constructor() {
super();
new account.model.Namespace(
this,
"namespace-0001",
).masterData(
[
new account.model.TakeOverTypeModel(
0,
new account.model.OpenIdConnectSetting(
"https://accounts.google.com/.well-known/openid-configuration",
"695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com",
{
clientSecret: "secret"
}
),
{
metadata: "Google"
}
),
new account.model.TakeOverTypeModel(
1,
new account.model.OpenIdConnectSetting(
"https://appleid.apple.com/.well-known/openid-configuration",
"io.gs2.sample.auth",
{
appleTeamId: "9LX9LA85H8",
appleKeyId: "P937MLY6Z7",
applePrivateKeyPem: "-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----"
}
),
{
metadata: "Apple"
}
)
]
);
}
}
console.log(new SampleStack().yaml()); // Generate Templatefrom gs2_cdk import Stack, core, account
class SampleStack(Stack):
def __init__(self):
super().__init__()
account.Namespace(
stack=self,
name="namespace-0001",
).master_data(
take_over_type_models=[
account.TakeOverTypeModel(
type=0,
open_id_connect_setting=account.OpenIdConnectSetting(
configuration_path='https://accounts.google.com/.well-known/openid-configuration',
client_id='695893071400-qelt0dsu8tkotl13psnq5d1ko7kki4sl.apps.googleusercontent.com',
options=account.OpenIdConnectSettingOptions(
client_secret='secret',
),
),
options=account.TakeOverTypeModelOptions(
metadata = 'Google'
),
),
account.TakeOverTypeModel(
type=1,
open_id_connect_setting=account.OpenIdConnectSetting(
configuration_path='https://appleid.apple.com/.well-known/openid-configuration',
client_id='io.gs2.sample.auth',
options=account.OpenIdConnectSettingOptions(
apple_team_id='9LX9LA85H8',
apple_key_id='P937MLY6Z7',
apple_private_key_pem='-----BEGIN PRIVATE KEY-----\\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\n-----END PRIVATE KEY-----',
),
),
options=account.TakeOverTypeModelOptions(
metadata = 'Apple'
),
),
],
)
print(SampleStack().yaml()) # Generate TemplateTakeOverTypeModel
Takeover Type Model
This model defines Takeover Information.
Takeover Information is used when changing devices or moving/sharing an account across platforms. It consists of a unique string that identifies an individual and a password; by entering the correct combination, an Account (GS2 anonymous account) can be retrieved.
Multiple sets of Takeover Information can be configured for a single Account. To configure multiple sets, you must assign each one to a different slot. Slots can be specified from 0 to 1024, allowing for up to 1,025 types of Takeover Information to be set.
A typical example would be to store the account information for “Sign in with Apple” in slot 0 and the information for a Google account in slot 1. It should be noted that this Takeover Information serves only as a data holder; the authentication mechanism for social accounts must be prepared separately.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| takeOverTypeModelId | string | * | ~ 1024 chars | Takeover Type Model GRN * Set automatically by the server | ||
| type | int | ✓ | 0 ~ 1024 | Slot Number Specified in the range of 0 to 1024 to distinguish different types of takeover information. | ||
| metadata | string | ~ 2048 chars | Metadata Arbitrary values can be set in the metadata. Since they do not affect GS2’s behavior, they can be used to store information used in the game. | |||
| openIdConnectSetting | OpenIdConnectSetting | ✓ | OpenID Connect Configuration Configuration for integrating with an OpenID Connect-compliant Identity Provider (IdP). Includes the discovery URL, client credentials, and platform-specific settings such as Apple Sign In parameters. |
OpenIdConnectSetting
OpenID Connect Configuration
By registering the settings of an OpenID Connect-compliant IdP, IdP integration can be configured and used as Takeover Information.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| configurationPath | string | ✓ | ~ 1024 chars | OpenID Connect Configuration URL The discovery endpoint URL of the OpenID Connect provider. Must follow the well-known format (e.g., https://example.com/.well-known/openid-configuration). | ||
| clientId | string | ✓ | ~ 1024 chars | Client ID The client ID of the application registered with the IdP. | ||
| clientSecret | string | {configurationPath} != “https://appleid.apple.com/.well-known/openid-configuration” | ✓* | ~ 1024 chars | Client Secret * clientSecret is required when the configurationPath is not “https://appleid.apple.com/.well-known/openid-configuration”, i.e., for other IdP integrations. | |
| appleTeamId | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* | ~ 1024 chars | Team ID of Apple Developer The team ID from the Apple Developer account. Required for Apple Sign In authentication. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” | |
| appleKeyId | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* | ~ 1024 chars | Key ID registered with Apple The key ID registered in the Apple Developer account for Sign in with Apple. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” | |
| applePrivateKeyPem | string | {configurationPath} == “https://appleid.apple.com/.well-known/openid-configuration” | ✓* | ~ 10240 chars | Private Key received from Apple The private key in PEM format downloaded from the Apple Developer portal. Required for Apple Sign In authentication. * Required if configurationPath is “https://appleid.apple.com/.well-known/openid-configuration” | |
| doneEndpointUrl | string | ~ 1024 chars | URL to transition to when authentication is complete If not specified, it will transition to /authorization/done. id_token is attached to the Query String. | |||
| additionalScopeValues | List<ScopeValue> | [] | 0 ~ 10 items | Additional scopes obtained with OpenID Connect Additional OAuth scopes to request from the IdP beyond the default OpenID Connect scopes. Allows retrieving extra user information during authentication. | ||
| additionalReturnValues | List<string> | [] | 0 ~ 10 items | Additional return values obtained with OpenID Connect Additional claim names from the ID token or UserInfo response to include in the return values. Specified claims are extracted and returned alongside the standard authentication result. |
ScopeValue
Scope Value
A key-value pair representing an additional OAuth scope value obtained during OpenID Connect authentication. Used to store extra data retrieved from the IdP beyond the standard OpenID Connect claims.
| Type | Condition | Required | Default | Value Limits | Description | |
|---|---|---|---|---|---|---|
| key | string | ✓ | ~ 64 chars | Name The scope name that was requested from the IdP during authentication. | ||
| value | string | ~ 51200 chars | Value The value returned by the IdP for the corresponding scope. |