The OpenID Connect provider ID. The default provider ID is "default".

The OIDC application's client ID.

A space-delimited list of response types. Valid response types are: code, token, id_token.

The response mode. It defaults to query for the authorization_code grant type flow, and to fragment for the implicit grant type flow.

The redirect URI.

The state. An opaque value that is used to maintain the state between the request and the callback.

Nonce. The string value that is used to associate a client session with an ID Token to mitigate replay attacks. This attribute is required when the response type includes id_token.

Whether the user is prompted for reauthentication. When the value is "login", the user is reauthenticated. The reauthentication applies to default Cloud Directory logins only. When the value is "none", the user is not be prompted for authentication.

Maximum authentication age. Specifies the allowable elapsed time, in seconds, since the last time the user was authenticated. This attribute applies to Cloud Directory login sessions only.

Code challenge. Required if the OIDC application is configured to require proof key for code exchange (PKCE).

Code challenge method for PKCE. Defaults to plain if not specified.

A space-delimited list of scopes that are associated with this authorization request.

The JSON that contains the claims for id_token or userinfo endpoint.

Login hint. Value to use when prompting the user for login. Optional for OIDC request. This value could be the username as a string (e.g. john@ibm.com), or a JSON (e.g. {"realm":"cloudIdentityRealm","username":"john@ibm.com"}). When using a JSON value, the realm represents the identity source realm.