# Secret-store to retrieve and maintain tokens from various OAuth2 services
[[secretstores.oauth2]]
  ## Unique identifier for the secret-store.
  ## This id can later be used in plugins to reference the secrets
  ## in this secret-store via @{<id>:<secret_key>} (mandatory)
  id = "secretstore"

  ## Service to retrieve the token(s) from
  ## Currently supported services are "custom", "auth0" and "AzureAD"
  # service = "custom"

  ## Setting to overwrite the queried token-endpoint
  ## This setting is optional for some services but mandatory for others such
  ## as "custom" or "auth0". Please check the documentation at
  ## https://github.com/influxdata/telegraf/blob/master/plugins/secretstores/oauth2/README.md
  # token_endpoint = ""

  ## Tenant ID for the AzureAD service
  # tenant_id = ""

  ## Minimal remaining time until the token expires
  ## If a token expires less than the set duration in the future, the token is
  ## renewed. This is useful to avoid race-condition issues where a token is
  ## still valid, but isn't when the request reaches the API endpoint of
  ## your service using the token.
  # token_expiry_margin = "1s"

  ## Section for defining a token secret
  [[secretstores.oauth2.token]]
    ## Unique secret-key used for referencing the token via @{<id>:<secret_key>}
    key = ""
    ## Client-ID and secret for the 2-legged OAuth flow
    client_id = ""
    client_secret = ""
    ## Scopes to send in the request
    # scopes = []

    ## Additional (optional) parameters to include in the token request
    ## This might for example include the "audience" parameter required for
    ## auth0.
    # [secretstores.oauth2.token.parameters]
    #     audience = ""