Package io.quarkus.oidc

Class OidcTenantConfig.Token

    • Field Detail

      • issuer

        @ConfigItem
public Optional<String> issuer
        Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.

      • lifespanGrace

        @ConfigItem
public OptionalInt lifespanGrace
        Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.

      • principalClaim

        @ConfigItem
public Optional<String> principalClaim
        Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.

      • refreshExpired

        @ConfigItem
public boolean refreshExpired
        Refresh expired ID tokens. If this property is enabled then a refresh token request will be performed if the ID token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type OidcTenantConfig.ApplicationType.WEB_APP}.

      • autoRefreshInterval

        @ConfigItem
@Deprecated
public Optional<Duration> autoRefreshInterval
        Deprecated.
        Token auto-refresh interval in seconds during the user re-authentication. If this option is set then the valid ID token will be refreshed if it will expire in less than a number of seconds set by this option. The user will still be authenticated if the ID token can no longer be refreshed but is still valid. This option will be ignored if the 'refresh-expired' property is not enabled. Note this property is deprecated and will be removed in one of the next releases. Please use 'quarkus.oidc.token.refresh-token-time-skew'

      • refreshTokenTimeSkew

        @ConfigItem
public Optional<Duration> refreshTokenTimeSkew
        Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. This property will be ignored if the 'refresh-expired' property is not enabled.

      • allowJwtIntrospection

        @ConfigItem(defaultValue="true")
public boolean allowJwtIntrospection
        Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.

      • allowOpaqueTokenIntrospection

        @ConfigItem(defaultValue="true")
public boolean allowOpaqueTokenIntrospection
        Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.

    • Constructor Detail

      • Token

        public Token()

    • Method Detail

      • setIssuer

        public void setIssuer​(String issuer)

      • setHeader

        public void setHeader​(String header)

      • setAudience

        public void setAudience​(List<String> audience)

      • getLifespanGrace

        public OptionalInt getLifespanGrace()

      • setLifespanGrace

        public void setLifespanGrace​(int lifespanGrace)

      • setPrincipalClaim

        public void setPrincipalClaim​(String principalClaim)

      • isRefreshExpired

        public boolean isRefreshExpired()

      • setRefreshExpired

        public void setRefreshExpired​(boolean refreshExpired)

      • getForcedJwkRefreshInterval

        public Duration getForcedJwkRefreshInterval()

      • setForcedJwkRefreshInterval

        public void setForcedJwkRefreshInterval​(Duration forcedJwkRefreshInterval)

      • setTokenType

        public void setTokenType​(String tokenType)

      • setRefreshTokenTimeSkew

        public void setRefreshTokenTimeSkew​(Duration refreshTokenTimeSkew)

      • isAllowJwtIntrospection

        public boolean isAllowJwtIntrospection()

      • setAllowJwtIntrospection

        public void setAllowJwtIntrospection​(boolean allowJwtIntrospection)

      • isAllowOpaqueTokenIntrospection

        public boolean isAllowOpaqueTokenIntrospection()

      • setAllowOpaqueTokenIntrospection

        public void setAllowOpaqueTokenIntrospection​(boolean allowOpaqueTokenIntrospection)