Package io.quarkus.oidc
Class OidcTenantConfig.Authentication
- java.lang.Object
-
- io.quarkus.oidc.OidcTenantConfig.Authentication
-
- Enclosing class:
- OidcTenantConfig
public static class OidcTenantConfig.Authentication extends Object
Defines the authorization request properties when authenticating users using the Authorization Code Grant Type.
-
-
Field Summary
Fields Modifier and Type Field Description Optional<String>
cookieDomain
Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.boolean
cookieForceSecure
If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used.String
cookiePath
Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies.Optional<String>
cookiePathHeader
Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies.Map<String,String>
extraParams
Additional properties which will be added as the query parameters to the authentication redirect URI.boolean
forceRedirectHttpsScheme
Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy.boolean
javaScriptAutoRedirect
If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single Page Applications since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.Optional<String>
redirectPath
Relative path for calculating a "redirect_uri" query parameter.boolean
removeRedirectParameters
Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.boolean
restorePathAfterRedirect
If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application.Optional<List<String>>
scopes
List of scopesDuration
sessionAgeExtension
Session age extension in minutes.boolean
userInfoRequired
If this property is set to 'true' then an OIDC UserInfo endpoint will be calledboolean
verifyAccessToken
Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
-
Constructor Summary
Constructors Constructor Description Authentication()
-
Method Summary
-
-
-
Field Detail
-
redirectPath
@ConfigItem public Optional<String> redirectPath
Relative path for calculating a "redirect_uri" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated if 'restorePathAfterRedirect' is set to 'true'.
-
restorePathAfterRedirect
@ConfigItem(defaultValue="false") public boolean restorePathAfterRedirect
If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application. Note if `redirectPath` property is not set the the original request URI will be restored even if this property is disabled.
-
removeRedirectParameters
@ConfigItem(defaultValue="true") public boolean removeRedirectParameters
Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.
-
verifyAccessToken
@ConfigItem(defaultValue="false") public boolean verifyAccessToken
Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.
-
forceRedirectHttpsScheme
@ConfigItem(defaultValue="false") public boolean forceRedirectHttpsScheme
Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.
-
scopes
@ConfigItem public Optional<List<String>> scopes
List of scopes
-
extraParams
@ConfigItem public Map<String,String> extraParams
Additional properties which will be added as the query parameters to the authentication redirect URI.
-
cookieForceSecure
@ConfigItem(defaultValue="false") public boolean cookieForceSecure
If enabled the state, session and post logout cookies will have their 'secure' parameter set to 'true' when HTTP is used. It may be necessary when running behind an SSL terminating reverse proxy. The cookies will always be secure if HTTPS is used even if this property is set to false.
-
cookiePath
@ConfigItem(defaultValue="/") public String cookiePath
Cookie path parameter value which, if set, will be used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, will be checked first.
-
cookiePathHeader
@ConfigItem public Optional<String> cookiePathHeader
Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value will be used to set a path parameter for the session, state and post logout cookies. If the header is missing then the `cookie-path` property will be checked.
-
cookieDomain
@ConfigItem public Optional<String> cookieDomain
Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.
-
userInfoRequired
@ConfigItem(defaultValue="false") public boolean userInfoRequired
If this property is set to 'true' then an OIDC UserInfo endpoint will be called
-
sessionAgeExtension
@ConfigItem(defaultValue="5M") public Duration sessionAgeExtension
Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.
-
javaScriptAutoRedirect
@ConfigItem(defaultValue="true") public boolean javaScriptAutoRedirect
If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single Page Applications since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS. If this property is set to `false` then a status code of '499' will be returned to allow the client to handle the redirect manually
-
-
Method Detail
-
isJavaScriptAutoRedirect
public boolean isJavaScriptAutoRedirect()
-
setJavaScriptAutoredirect
public void setJavaScriptAutoredirect(boolean autoRedirect)
-
setRedirectPath
public void setRedirectPath(String redirectPath)
-
isForceRedirectHttpsScheme
public boolean isForceRedirectHttpsScheme()
-
setForceRedirectHttpsScheme
public void setForceRedirectHttpsScheme(boolean forceRedirectHttpsScheme)
-
isRestorePathAfterRedirect
public boolean isRestorePathAfterRedirect()
-
setRestorePathAfterRedirect
public void setRestorePathAfterRedirect(boolean restorePathAfterRedirect)
-
isCookieForceSecure
public boolean isCookieForceSecure()
-
setCookieForceSecure
public void setCookieForceSecure(boolean cookieForceSecure)
-
getCookiePath
public String getCookiePath()
-
setCookiePath
public void setCookiePath(String cookiePath)
-
setCookieDomain
public void setCookieDomain(String cookieDomain)
-
isUserInfoRequired
public boolean isUserInfoRequired()
-
setUserInfoRequired
public void setUserInfoRequired(boolean userInfoRequired)
-
isRemoveRedirectParameters
public boolean isRemoveRedirectParameters()
-
setRemoveRedirectParameters
public void setRemoveRedirectParameters(boolean removeRedirectParameters)
-
isVerifyAccessToken
public boolean isVerifyAccessToken()
-
setVerifyAccessToken
public void setVerifyAccessToken(boolean verifyAccessToken)
-
getSessionAgeExtension
public Duration getSessionAgeExtension()
-
setSessionAgeExtension
public void setSessionAgeExtension(Duration sessionAgeExtension)
-
setCookiePathHeader
public void setCookiePathHeader(String cookiePathHeader)
-
-