Package io.quarkus.oidc
Class OidcTenantConfig
- java.lang.Object
-
- io.quarkus.oidc.common.runtime.OidcCommonConfig
-
- io.quarkus.oidc.OidcTenantConfig
-
public class OidcTenantConfig extends OidcCommonConfig
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
OidcTenantConfig.ApplicationType
static class
OidcTenantConfig.Authentication
Defines the authorization request properties when authenticating users using the Authorization Code Grant Type.static class
OidcTenantConfig.Backchannel
static class
OidcTenantConfig.CodeGrant
Authorization Code grant configurationstatic class
OidcTenantConfig.Frontchannel
static class
OidcTenantConfig.IntrospectionCredentials
Introspection Basic Authentication configurationstatic class
OidcTenantConfig.Logout
static class
OidcTenantConfig.Provider
static class
OidcTenantConfig.Roles
static class
OidcTenantConfig.Token
static class
OidcTenantConfig.TokenStateManager
Default Authorization Code token state manager configuration-
Nested classes/interfaces inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
OidcCommonConfig.Credentials, OidcCommonConfig.Proxy, OidcCommonConfig.Tls
-
-
Field Summary
Fields Modifier and Type Field Description boolean
allowTokenIntrospectionCache
Allow caching the token introspection data.boolean
allowUserInfoCache
Allow caching the user info data.Optional<OidcTenantConfig.ApplicationType>
applicationType
The application type, which can be one of the following values from enumOidcTenantConfig.ApplicationType
.OidcTenantConfig.Authentication
authentication
Different options to configure authorization requestsOptional<String>
authorizationPath
Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users.boolean
cacheUserInfoInIdtoken
Allow inlining UserInfo in IdToken instead of caching it in the token cache.OidcTenantConfig.CodeGrant
codeGrant
Authorization code grant configurationOptional<String>
endSessionPath
Relative path or absolute URL of the OIDC end_session_endpoint.OidcTenantConfig.IntrospectionCredentials
introspectionCredentials
Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured withOidcCommonConfig.credentials
for its introspection endpoint.Optional<String>
introspectionPath
Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens.Optional<String>
jwksPath
Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set.OidcTenantConfig.Logout
logout
RP Initiated, BackChannel and FrontChannel Logout configurationOptional<OidcTenantConfig.Provider>
provider
Well known OpenId Connect provider identifierOptional<String>
publicKey
Public key for the local JWT token verification.OidcTenantConfig.Roles
roles
Configuration to find and parse a custom claim containing the roles information.boolean
tenantEnabled
If this tenant configuration is enabled.Optional<String>
tenantId
A unique tenant identifier.OidcTenantConfig.Token
token
Configuration how to validate the token claims.OidcTenantConfig.TokenStateManager
tokenStateManager
Default token state manager configurationOptional<String>
userInfoPath
Relative path or absolute URL of the OIDC userinfo endpoint.-
Fields inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
authServerUrl, clientId, connectionDelay, connectionRetryCount, connectionTimeout, credentials, discoveryEnabled, maxPoolSize, proxy, revokePath, tls, tokenPath
-
-
Constructor Summary
Constructors Constructor Description OidcTenantConfig()
-
Method Summary
-
Methods inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
getAuthServerUrl, getClientId, getConnectionDelay, getConnectionTimeout, getCredentials, getMaxPoolSize, getProxy, getRevokePath, getTokenPath, isDiscoveryEnabled, setAuthServerUrl, setClientId, setConnectionDelay, setConnectionTimeout, setCredentials, setDiscoveryEnabled, setMaxPoolSize, setProxy, setRevokePath, setTokenPath
-
-
-
-
Field Detail
-
tenantId
@ConfigItem public Optional<String> tenantId
A unique tenant identifier. It must be set byTenantConfigResolver
providers which resolve the tenant configuration dynamically and is optional in all other cases.
-
tenantEnabled
@ConfigItem(defaultValue="true") public boolean tenantEnabled
If this tenant configuration is enabled.
-
applicationType
@ConfigItem(defaultValueDocumentation="service") public Optional<OidcTenantConfig.ApplicationType> applicationType
The application type, which can be one of the following values from enumOidcTenantConfig.ApplicationType
.
-
authorizationPath
@ConfigItem public Optional<String> authorizationPath
Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.
-
userInfoPath
@ConfigItem public Optional<String> userInfoPath
Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.
-
introspectionPath
@ConfigItem public Optional<String> introspectionPath
Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.
-
jwksPath
@ConfigItem public Optional<String> jwksPath
Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.
-
endSessionPath
@ConfigItem public Optional<String> endSessionPath
Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.
-
publicKey
@ConfigItem public Optional<String> publicKey
Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.
-
introspectionCredentials
@ConfigItem public OidcTenantConfig.IntrospectionCredentials introspectionCredentials
Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured withOidcCommonConfig.credentials
for its introspection endpoint.
-
roles
@ConfigItem public OidcTenantConfig.Roles roles
Configuration to find and parse a custom claim containing the roles information.
-
token
@ConfigItem public OidcTenantConfig.Token token
Configuration how to validate the token claims.
-
logout
@ConfigItem public OidcTenantConfig.Logout logout
RP Initiated, BackChannel and FrontChannel Logout configuration
-
authentication
public OidcTenantConfig.Authentication authentication
Different options to configure authorization requests
-
codeGrant
public OidcTenantConfig.CodeGrant codeGrant
Authorization code grant configuration
-
tokenStateManager
@ConfigItem public OidcTenantConfig.TokenStateManager tokenStateManager
Default token state manager configuration
-
allowTokenIntrospectionCache
@ConfigItem(defaultValue="true") public boolean allowTokenIntrospectionCache
Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please seeOidcConfig.TokenCache
how to enable it.
-
allowUserInfoCache
@ConfigItem(defaultValue="true") public boolean allowUserInfoCache
Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please seeOidcConfig.TokenCache
how to enable it.
-
cacheUserInfoInIdtoken
@ConfigItem(defaultValue="false") public boolean cacheUserInfoInIdtoken
Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.
-
provider
@ConfigItem public Optional<OidcTenantConfig.Provider> provider
Well known OpenId Connect provider identifier
-
-
Method Detail
-
setAuthorizationPath
public void setAuthorizationPath(String authorizationPath)
-
setUserInfoPath
public void setUserInfoPath(String userInfoPath)
-
setIntrospectionPath
public void setIntrospectionPath(String introspectionPath)
-
setJwksPath
public void setJwksPath(String jwksPath)
-
setEndSessionPath
public void setEndSessionPath(String endSessionPath)
-
setPublicKey
public void setPublicKey(String publicKey)
-
getRoles
public OidcTenantConfig.Roles getRoles()
-
setRoles
public void setRoles(OidcTenantConfig.Roles roles)
-
getToken
public OidcTenantConfig.Token getToken()
-
setToken
public void setToken(OidcTenantConfig.Token token)
-
getAuthentication
public OidcTenantConfig.Authentication getAuthentication()
-
setAuthentication
public void setAuthentication(OidcTenantConfig.Authentication authentication)
-
setTenantId
public void setTenantId(String tenantId)
-
isTenantEnabled
public boolean isTenantEnabled()
-
setTenantEnabled
public void setTenantEnabled(boolean enabled)
-
setLogout
public void setLogout(OidcTenantConfig.Logout logout)
-
getLogout
public OidcTenantConfig.Logout getLogout()
-
getProvider
public Optional<OidcTenantConfig.Provider> getProvider()
-
setProvider
public void setProvider(OidcTenantConfig.Provider provider)
-
getApplicationType
public Optional<OidcTenantConfig.ApplicationType> getApplicationType()
-
setApplicationType
public void setApplicationType(OidcTenantConfig.ApplicationType type)
-
isAllowTokenIntrospectionCache
public boolean isAllowTokenIntrospectionCache()
-
setAllowTokenIntrospectionCache
public void setAllowTokenIntrospectionCache(boolean allowTokenIntrospectionCache)
-
isAllowUserInfoCache
public boolean isAllowUserInfoCache()
-
setAllowUserInfoCache
public void setAllowUserInfoCache(boolean allowUserInfoCache)
-
isCacheUserInfoInIdtoken
public boolean isCacheUserInfoInIdtoken()
-
setCacheUserInfoInIdtoken
public void setCacheUserInfoInIdtoken(boolean cacheUserInfoInIdtoken)
-
getIntrospectionCredentials
public OidcTenantConfig.IntrospectionCredentials getIntrospectionCredentials()
-
setIntrospectionCredentials
public void setIntrospectionCredentials(OidcTenantConfig.IntrospectionCredentials introspectionCredentials)
-
getCodeGrant
public OidcTenantConfig.CodeGrant getCodeGrant()
-
setCodeGrant
public void setCodeGrant(OidcTenantConfig.CodeGrant codeGrant)
-
-