{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "id": "https://schema.entrecode.de/schema-data/dm-client",
  "type": "object",
  "properties": {
    "clientID": {
      "type": "string",
      "pattern": "^[0-9a-z\\-_]+$"
    },
    "callbackURL": {
      "oneOf": [
        {
          "type": "null"
        },
        {
          "type": "string",
          "format": "uri"
        }
      ]
    },
    "tokenMethod": {
      "type": "array",
      "items": {
        "enum": ["query", "cookie", "body"]
      },
      "minItems": 1,
      "uniqueItems": true
    },
    "grantTypes": {
      "type": "array",
      "items": {
        "enum": ["authorization_code", "implicit", "password", "client_credentials", "refresh_token"]
      },
      "uniqueItems": true
    },
    "disableStrategies": {
      "type": "array",
      "items": {
        "type": ["string"]
      },
      "deprecated": true
    },
    "hexColor": {
      "type": "string",
      "pattern": "^#[A-Fa-f0-9]{6}$"
    },
    "federatedOIDC": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "uri": {
            "type": "string",
            "format": "uri",
            "description": "The URI to the provider's OpenID Connect configuration (/.well-known/openid-configuration)",
            "example": "https://accounts.google.com/.well-known/openid-configuration"
          },
          "button": {
            "type": "string",
            "description": "The text to display on the button",
            "example": "Login with Google"
          },
          "clientID": {
            "type": "string",
            "description": "The client ID as configured in the provider's client registration"
          },
          "clientSecret": {
            "type": "string",
            "description": "The client secret as configured in the provider's client registration. Optional if secret is generated on the fly (e.g. for Apple)"
          },
          "scope": {
            "type": "string",
            "description": "The scope(s) to request from the provider. May be required for the provider to return a valid email address in the id token response."
          },
          "responseType": {
            "type": "string",
            "description": "The response type to use for the authorization code. Defaults to 'code' if not specified."
          },
          "responseMode": {
            "type": "string",
            "enum": ["form_post", "fragment", "query"],
            "description": "The response mode to use for the authorization code. Defaults to 'query' if not specified. 'form_post' is recommended for Apple."
          },
          "appleTeamID": {
            "type": "string",
            "description": "The Apple team ID. Required for Apple to generate client secret on the fly."
          },
          "appleKeyID": {
            "type": "string",
            "description": "The Apple key ID. Required for Apple to generate client secret on the fly."
          },
          "appleKey": {
            "type": "string",
            "description": "The Apple private key. Required for Apple to generate client secret on the fly."
          }
        },
        "required": ["uri", "button", "clientID"],
        "additionalProperties": false
      }
    }
  },
  "required": ["clientID"]
}