# Function Auth Auth definitions can be used to define authentication information that should be applied to function definitions. It can be used for both the retrieval of the function's resource (as defined by the `operation` property) and for the function's invocation. | Parameter | Description | Type | Required | | ---------- | -------------------------------------------------------------------------------------------------------------------------------------- | ------ | -------- | | name | Unique auth definition name. Must follow the Serverless Workflow Naming Convention | string | yes | | name | Unique auth definition name. Must follow the Serverless Workflow Naming Convention | string | yes | | scheme | Auth scheme, can be "basic", "bearer", or "oauth2". Default is "basic" | enum | no | | properties | Auth scheme properties. Can be one of "Basic properties definition", "Bearer properties definition", or "OAuth2 properties definition" | object | yes | The `name` property defines the unique auth definition name. The `scheme` property defines the auth scheme to be used. Can be "bearer", "basic" or "oauth2". The `properties` property defines the auth scheme properties information. Can be one of "Basic properties definition", "Bearer properties definition", or "OAuth2 properties definition" **Basic Properties Definition** See [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#basic_authentication_scheme) for more information about Basic Authentication scheme. The Basic properties definition can have two types, either `string` or `object`. If `string` type, it defines a workflow expression that contains all needed Basic auth information. If `object` type, it has the following properties: | Parameter | Description | Type | Required | | --------- | ----------------------------------------------------------- | ------ | -------- | | username | String or a workflow expression. Contains the user name | string | yes | | password | String or a workflow expression. Contains the user password | string | yes | | metadata | Metadata information | object | no | **Bearer Properties Definition** See [here](https://datatracker.ietf.org/doc/html/rfc6750) for more information about Bearer Authentication scheme. | Parameter | Description | Type | Required | | --------- | --------------------------------------------------------------- | ------ | -------- | | token | String or a workflow expression. Contains the token information | string | yes | | metadata | Metadata information | object | no | **OAuth2 Properties Definition** See [here](https://oauth.net/2/) for more information about OAuth2 Authentication scheme. | Parameter | Description | Type | Required | | ---------------- | ------------------------------------------------------------------------------------------------------ | ------ | -------- | | authority | String or a workflow expression. Contains the authority information | string | no | | grantType | Defines the grant type. Can be "password", "clientCredentials", or "tokenExchange" | enum | yes | | clientId | String or a workflow expression. Contains the client identifier | string | yes | | clientSecret | Workflow secret or a workflow expression. Contains the client secret | string | no | | scopes | Array containing strings or workflow expressions. Contains the OAuth2 scopes | array | no | | username | String or a workflow expression. Contains the user name. Used only if grantType is 'resourceOwner' | string | no | | password | String or a workflow expression. Contains the user password. Used only if grantType is 'resourceOwner' | string | no | | audiences | Array containing strings or workflow expressions. Contains the OAuth2 audiences | array | no | | subjectToken | String or a workflow expression. Contains the subject token | string | no | | requestedSubject | String or a workflow expression. Contains the requested subject | string | no | | requestedIssuer | String or a workflow expression. Contains the requested issuer | string | no | | metadata | Metadata information | object | no |