-
Notifications
You must be signed in to change notification settings - Fork 0
/
setup-ios-no-attestation-validation-passkeys.xml
103 lines (103 loc) · 5 KB
/
setup-ios-no-attestation-validation-passkeys.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
<?xml version="1.0"?>
<conf-spec xmlns="https://curity.se/ns/conf-spec">
<metadata>
<purpose>configuration-bundle</purpose>
<name>React Native HAAPI iOS Client</name>
<description>Create configuration for using HAAPI on a iOS mobile simulator. Attestation is disabled.
</description>
</metadata>
<variable-definitions>
<variable-definition>
<name>TOKEN_PROFILE</name>
<tagpath>/profiles/profile/id</tagpath>
<description>The profile where to add the clients</description>
<type-hint>profile</type-hint>
</variable-definition>
<variable-definition>
<name>IOS_HAAPI_CLIENT</name>
<tagpath/>
<description>The ID of the client to add for iOS. Attestation will be enabled for the client, but validation will be turned off.
</description>
<type-hint>string</type-hint>
</variable-definition>
<variable-definition>
<name>IOS_APP_ID</name>
<tagpath/>
<description>The App ID of the iOS client. Used for the app association filed created for passkey support
</description>
<type-hint>string</type-hint>
</variable-definition>
</variable-definitions>
<actions/>
<merge-config>
<config xmlns="http://tail-f.com/ns/config/1.0">
<profiles xmlns="https://curity.se/ns/conf/base">
<profile>
<id>#{TOKEN_PROFILE}</id>
<type xmlns:as="https://curity.se/ns/conf/profile/oauth">as:oauth-service</type>
<settings>
<authorization-server xmlns="https://curity.se/ns/conf/profile/oauth">
<client-store>
<config-backed>
<client>
<id>#{IOS_HAAPI_CLIENT}</id>
<no-authentication>true</no-authentication>
<redirect-uris>app:start</redirect-uris>
<proof-key>
<require-proof-key>false</require-proof-key>
</proof-key>
<refresh-token-ttl>3600</refresh-token-ttl>
<scope>openid</scope>
<user-authentication/>
<capabilities>
<code/>
<haapi>
<use-legacy-dpop>false</use-legacy-dpop>
<issue-token-bound-authorization-code>true
</issue-token-bound-authorization-code>
</haapi>
</capabilities>
<attestation>
<ios>
<app-id>#{IOS_APP_ID}</app-id>
</ios>
<disable-attestation-validation>true</disable-attestation-validation>
</attestation>
</client>
</config-backed>
</client-store>
</authorization-server>
</settings>
</profile>
</profiles>
<environments xmlns="https://curity.se/ns/conf/base">
<environment>
<services>
<zones>
<default-zone>
<mobile-app-association>
<ios-app-configuration>
<app-id>#{IOS_APP_ID}</app-id>
</ios-app-configuration>
</mobile-app-association>
</default-zone>
</zones>
</services>
</environment>
</environments>
</config>
</merge-config>
<conditions>
<must-exist>
<path>/profiles/profile{#{TOKEN_PROFILE} oauth-service}/id</path>
<error-description>The provided profile does not exist or is not a token profile.</error-description>
</must-exist>
<must-not-exist>
<path>/profiles/profile{#{TOKEN_PROFILE}
oauth-service}/settings/authorization-server/client-store/config-backed/client{#{IOS_HAAPI_CLIENT}}
</path>
<error-description>A client with ID ${IOS_HAAPI_CLIENT} already exist. Please select a new ID.
</error-description>
</must-not-exist>
</conditions>
</conf-spec>