Oauth config template for Galaxy #

<?xml version="1.0" encoding="utf-8"?>
<pluginOAuthConfig>
    <!-- dbclass must be trino_jdbc -->
    <dbclass>trino_jdbc</dbclass>
    <!-- oauthConfigId must starts with custom_ and contain only letters,
        numbers and underscores -->
    <oauthConfigId>custom_galaxy</oauthConfigId>

    <!-- client_id can be found at Galaxy / Access Control / OAuth clients -->
    <clientIdDesktop>client_id</clientIdDesktop>
    <clientSecretDesktop></clientSecretDesktop>

    <!-- Omit redirectUrisDesktop to use dynamic port -->
    <!-- <redirectUrisDesktop>http://localhost:55555/Callback</redirectUrisDesktop> -->

    <!-- Authorization endpoint URI (required) and Token endpoint URI
        (required) for Tableau Desktop and Server -->
    <authUri>https://my_account.galaxy.starburst.io/oauth/v2/authorize</authUri>
    <tokenUri>https://my_account.galaxy.starburst.io/oauth/v2/token</tokenUri>
    <userInfoUri></userInfoUri>

    <scopes>openid</scopes>
    <scopes>email</scopes>

    <capabilities>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_STATE</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_CUSTOM_DOMAIN</key>
            <value>false</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_PKCE_REQUIRES_CODE_CHALLENGE_METHOD</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_REQUIRE_PKCE</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_FIXED_PORT_IN_CALLBACK_URL</key>
            <value>false</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_CLIENT_SECRET_IN_URL_QUERY_PARAM</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_SUPPORTS_GET_USERINFO_FROM_ID_TOKEN</key>
            <value>true</value>
        </entry>
        <entry>
            <key>OAUTH_CAP_GET_USERNAME_USES_POST_REQUEST</key>
            <value>false</value>
        </entry>
    </capabilities>
    <accessTokenResponseMaps>
        <entry>
            <key>ACCESSTOKEN</key>
            <value>access_token</value>
        </entry>
        <entry>
            <key>REFRESHTOKEN</key>
            <value>refresh_token</value>
        </entry>
        <entry>
            <key>access-token-expires-in</key>
            <value>expires_in</value>
        </entry>
        <entry>
            <key>id-token</key>
            <value>id_token</value>
        </entry>
        <entry>
            <key>username</key>
            <value>email</value>
        </entry>
    </accessTokenResponseMaps>
</pluginOAuthConfig>