issuer https://{orgDomain}/oauth2/default clientId {clientId} scopes openid profile offline_access device_sso redirectUri {appScheme}:/callback logoutRedirectUri {appScheme}:/