fish.payara.security.annotations

Annotation Type OpenIdAuthenticationDefinition

@Target(value={TYPE,METHOD})
 @Retention(value=RUNTIME)
public @interface OpenIdAuthenticationDefinition

OpenIdAuthenticationDefinition annotation defines openid connect client configuration and The value of each parameter can be overwritten via mp config properties.

Author:

Gaurav Gupta

Field Summary

Fields

Modifier and Type	Fields and Description
static String	OPENID_MP_CLIENT_ENC_ALGORITHM The Microprofile Config key for the encryption algorithm is "payara.security.openid.client.encryption.algorithm".
static String	OPENID_MP_CLIENT_ENC_JWKS The Microprofile Config key for the private key jwks is "payara.security.openid.client.encryption.jwks".
static String	OPENID_MP_CLIENT_ENC_METHOD The Microprofile Config key for the encryption method is "payara.security.openid.client.encryption.method".
static String	OPENID_MP_CLIENT_ID The Microprofile Config key for the clientId is "payara.security.openid.clientId"
static String	OPENID_MP_CLIENT_SECRET The Microprofile Config key for the client secret is "payara.security.openid.clientSecret"
static String	OPENID_MP_DISPLAY The Microprofile Config key for the display is "payara.security.openid.display".
static String	OPENID_MP_JWKS_CONNECT_TIMEOUT The Microprofile Config key for the connect timeout of JWKS retrieval is "payara.security.openid.jwks.connect.timeout".
static String	OPENID_MP_JWKS_READ_TIMEOUT The Microprofile Config key for the read timeout of JWKS retrieval is "payara.security.openid.jwks.read.timeout".
static String	OPENID_MP_PROMPT The Microprofile Config key for the prompt is "payara.security.openid.prompt".
static String	OPENID_MP_PROVIDER_URI The Microprofile Config key for the provider uri is "payara.security.openid.providerURI"
static String	OPENID_MP_REDIRECT_URI The Microprofile Config key for the redirect URI is "payara.security.openid.redirectURI"
static String	OPENID_MP_RESPONSE_MODE The Microprofile Config key for the responseMode is "payara.security.openid.responseMode"
static String	OPENID_MP_RESPONSE_TYPE The Microprofile Config key for the scope is "payara.security.openid.responseType"
static String	OPENID_MP_SCOPE The Microprofile Config key for the scope is "payara.security.openid.scope"
static String	OPENID_MP_TOKEN_AUTO_REFRESH The Microprofile Config key for the Access Token auto refresh is "payara.security.openid.token.autoRefresh".
static String	OPENID_MP_TOKEN_MIN_VALIDITY The Microprofile Config key for the minimum validity in seconds of Access Tokens and Identity Token is "payara.security.openid.token.minValidity".
static String	OPENID_MP_USE_NONCE The Microprofile Config key for the nonce is "payara.security.openid.useNonce".
static String	OPENID_MP_USE_SESSION The Microprofile Config key to enable the session is "payara.security.openid.useSession".

Optional Element Summary

Optional Elements

Modifier and Type	Optional Element and Description
ClaimsDefinition	claimsDefinition Optional.
String	clientId Required.
String	clientSecret Required.
DisplayType	display Optional.
String[]	extraParameters An array of extra options that will be sent to the OAuth provider.
int	jwksConnectTimeout Optional.
int	jwksReadTimeout Optional.
LogoutDefinition	logout Optional.
PromptType[]	prompt Optional.
OpenIdProviderMetadata	providerMetadata To override the openid connect provider's metadata property discovered via providerUri.
String	providerURI Required.
String	redirectURI The redirect URI to which the response will be sent by OpenId Connect Provider.
String	responseMode Optional.
String	responseType Optional.
String[]	scope Optional.
boolean	tokenAutoRefresh Optional.
int	tokenMinValidity Optional.
boolean	useNonce Optional.
boolean	useSession Optional.

Field Detail

OPENID_MP_PROVIDER_URI

public static final String OPENID_MP_PROVIDER_URI

The Microprofile Config key for the provider uri is "payara.security.openid.providerURI"

OPENID_MP_CLIENT_ID

public static final String OPENID_MP_CLIENT_ID

The Microprofile Config key for the clientId is "payara.security.openid.clientId"

OPENID_MP_CLIENT_SECRET

public static final String OPENID_MP_CLIENT_SECRET

The Microprofile Config key for the client secret is "payara.security.openid.clientSecret"

OPENID_MP_REDIRECT_URI

public static final String OPENID_MP_REDIRECT_URI

The Microprofile Config key for the redirect URI is "payara.security.openid.redirectURI"

OPENID_MP_SCOPE

public static final String OPENID_MP_SCOPE

The Microprofile Config key for the scope is "payara.security.openid.scope"

The defined values are: profile, email, address, phone, and offline_access.

OPENID_MP_RESPONSE_TYPE

public static final String OPENID_MP_RESPONSE_TYPE

The Microprofile Config key for the scope is "payara.security.openid.responseType"

The defined values are: profile, email, address, phone, and offline_access.

OPENID_MP_RESPONSE_MODE

public static final String OPENID_MP_RESPONSE_MODE

The Microprofile Config key for the responseMode is "payara.security.openid.responseMode"

OPENID_MP_PROMPT

public static final String OPENID_MP_PROMPT

The Microprofile Config key for the prompt is "payara.security.openid.prompt".

Value is case sensitive and multiple values must be separated by space delimiter. The defined values are: none, login, consent, select_account. If this parameter contains 'none' with any other value, an error is returned.

OPENID_MP_DISPLAY

public static final String OPENID_MP_DISPLAY

The Microprofile Config key for the display is "payara.security.openid.display".

The defined values are: page, popup, touch, and wap. If the display parameter is not specified then 'page' is the default display mode.

OPENID_MP_USE_NONCE

public static final String OPENID_MP_USE_NONCE

The Microprofile Config key for the nonce is "payara.security.openid.useNonce".

OPENID_MP_USE_SESSION

public static final String OPENID_MP_USE_SESSION

The Microprofile Config key to enable the session is "payara.security.openid.useSession".

OPENID_MP_JWKS_CONNECT_TIMEOUT

public static final String OPENID_MP_JWKS_CONNECT_TIMEOUT

The Microprofile Config key for the connect timeout of JWKS retrieval is "payara.security.openid.jwks.connect.timeout".

OPENID_MP_JWKS_READ_TIMEOUT

public static final String OPENID_MP_JWKS_READ_TIMEOUT

The Microprofile Config key for the read timeout of JWKS retrieval is "payara.security.openid.jwks.read.timeout".

OPENID_MP_CLIENT_ENC_ALGORITHM

public static final String OPENID_MP_CLIENT_ENC_ALGORITHM

The Microprofile Config key for the encryption algorithm is "payara.security.openid.client.encryption.algorithm".

OPENID_MP_CLIENT_ENC_METHOD

public static final String OPENID_MP_CLIENT_ENC_METHOD

The Microprofile Config key for the encryption method is "payara.security.openid.client.encryption.method".

OPENID_MP_CLIENT_ENC_JWKS

public static final String OPENID_MP_CLIENT_ENC_JWKS

The Microprofile Config key for the private key jwks is "payara.security.openid.client.encryption.jwks".

OPENID_MP_TOKEN_AUTO_REFRESH

public static final String OPENID_MP_TOKEN_AUTO_REFRESH

The Microprofile Config key for the Access Token auto refresh is "payara.security.openid.token.autoRefresh".

OPENID_MP_TOKEN_MIN_VALIDITY

public static final String OPENID_MP_TOKEN_MIN_VALIDITY

The Microprofile Config key for the minimum validity in seconds of Access Tokens and Identity Token is "payara.security.openid.token.minValidity".

Element Detail

providerURI

public abstract String providerURI

Required. The provider uri ( http://openid.net/specs/openid-connect-discovery-1_0.html ) to read / discover the metadata of the openid provider.

Returns:

Default:

""

providerMetadata

public abstract OpenIdProviderMetadata providerMetadata

To override the openid connect provider's metadata property discovered via providerUri.

Returns:

Default:

@fish.payara.security.annotations.OpenIdProviderMetadata

claimsDefinition

public abstract ClaimsDefinition claimsDefinition

Optional. The claims definition defines the custom claims mapping of caller name and groups.

Returns:

Default:

@fish.payara.security.annotations.ClaimsDefinition

logout

public abstract LogoutDefinition logout

Optional. The Logout definition defines the logout and RP session management configuration.

Returns:

Default:

@fish.payara.security.annotations.LogoutDefinition

clientId

public abstract String clientId

Required. The client identifier issued when the application was registered

To set this using Microprofile Config use payara.security.openid.cliendId

Returns:

the client identifier

Default:

""

clientSecret

public abstract String clientSecret

Required. The client secret

It is recommended to set this using an alias.

To set this using Microprofile Config use payara.security.openid.clientSecret

Returns:

See Also:

Payara Password Aliases Documentation

Default:

""

redirectURI

public abstract String redirectURI

The redirect URI to which the response will be sent by OpenId Connect Provider. This URI must exactly match one of the Redirection URI values for the Client pre-registered at the OpenID Provider. To set this using Microprofile Config use payara.security.openid.redirectURI

Returns:

Default:

"${baseURL}/Callback"

scope

public abstract String[] scope

Optional. The scope value defines the access privileges. The basic (and required) scope for OpenID Connect is the openid scope.

Returns:

Default:

{"openid", "email", "profile"}

responseType

public abstract String responseType

Optional. Response Type value defines the processing flow to be used. By default, the value is code (Authorization Code Flow).

Returns:

Default:

"code"

responseMode

public abstract String responseMode

Optional. Informs the Authorization Server of the mechanism to be used for returning parameters from the Authorization Endpoint.

Returns:

Default:

""

prompt

public abstract PromptType[] prompt

Optional. The prompt value specifies whether the authorization server prompts the user for reauthentication and consent. If no value is specified and the user has not previously authorized access, then the user is shown a consent screen.

Returns:

Default:

{}

display

public abstract DisplayType display

Optional. The display value specifying how the authorization server displays the authentication and consent user interface pages.

Returns:

Default:

fish.payara.security.openid.api.DisplayType.PAGE

useNonce

public abstract boolean useNonce

Optional. Enables string value used to mitigate replay attacks.

Returns:

Default:

true

useSession

public abstract boolean useSession

Optional. If enabled state & nonce value stored in session otherwise in cookies.

Returns:

Default:

true

extraParameters

public abstract String[] extraParameters

An array of extra options that will be sent to the OAuth provider.

These must be in the form of "key=value" i.e. extraParameters={"key1=value", "key2=value2"}

Returns:

Default:

{}

jwksConnectTimeout

public abstract int jwksConnectTimeout

Optional. Sets the connect timeout(in milliseconds) for Remote JWKS retrieval. Value must not be negative and if value is zero then infinite timeout.

Returns:

Default:

500

jwksReadTimeout

public abstract int jwksReadTimeout

Optional. Sets the read timeout(in milliseconds) for Remote JWKS retrieval. Value must not be negative and if value is zero then infinite timeout.

Returns:

Default:

500

tokenAutoRefresh

public abstract boolean tokenAutoRefresh

Optional. Enables or disables the automatically performed refresh of Access and Identity Token. If refresh token operation failed then logout the End-User from RP's application.

Returns:

true, if Access and Identity Token shall be refreshed automatically when they are expired.

Default:

false

tokenMinValidity

public abstract int tokenMinValidity

Optional. Sets the minimum validity time in milliseconds the Access Token and Identity Token must be valid before it is considered expired. Value must not be negative.

Returns:

Default:

10000