Parameter
|
Description
|
Value
|
||
---|---|---|---|---|
tokenUsernameAttribute
|
Optional: The claim name that holds the username for the resource request.
|
Default value: “unique_name”
|
||
tokenPublicKeyUrl
|
Mandatory: The AD FS public key endpoint (used to validate the access tokens).
|
The value is constructed as follows:
https://<ADFS host FQDN>adfs/discovery/keys
|
||
administratorAlias
|
Optional.
Mandatory only if you want to access RP with ThingWorx administrator.
|
The administrator username as it is configured in AD FS.
|
||
administratorInternalName
|
Optional: The administrator username as it is configured in ThingWorx.
|
Administrator
|
||
tokenValidationType
|
Mandatory: The property point that the access token (JWT) validation done locally.
|
local
|
||
issuer
|
Optional: Issuer value for additional token validation check.
|
The issuer value as it appears in the ISS claim in the token.
|
||
tokenClientIDAttribute
|
Required for the M2M (Client Credential) flow. The claim name that holds the SP clientID for the resource request.
|
appid
|
Parameter
|
Description
|
Value
|
---|---|---|
globalScopes
|
List of comma-separated global scopes. accessToken should contain at least one of them to access any resource. If the parameter is missing or empty, THINGWORX is a default global scope.
|
"globalScopes": "THINGWORX
"globalScopes": "THINGWORX_APP1,THINGWORX_APP2" |
Parameter
|
Description
|
Value
|
||
---|---|---|---|---|
uri
|
URI pattern. Defines the resource or resource group that requires additional scope(s) to the global scope(s).
|
Thingworx/Things/** - control all Things
Thingworx/Things/Thing1 – control Thing1
|
||
scopes
|
Comma-delimited list of additional scopes. Only the user that has grants to all listed scopes (including global) is allowed to get resource.
|
|||
method
|
Optional. Defines the URI method that the scope will be applied to.
|
Possible values are any methods allowed in REST protocol, such as GET or POST.
|