Package io.quarkus.oidc
Class OidcTenantConfig.Token
- java.lang.Object
-
- io.quarkus.oidc.OidcTenantConfig.Token
-
- Enclosing class:
- OidcTenantConfig
public static class OidcTenantConfig.Token extends Object
-
-
Field Summary
Fields Modifier and Type Field Description boolean
allowJwtIntrospection
Allow the remote introspection of JWT tokens when no matching JWK key is available.boolean
allowOpaqueTokenIntrospection
Allow the remote introspection of the opaque tokens.Optional<List<String>>
audience
Expected audience 'aud' claim value which may be a string or an array of strings.Optional<Duration>
autoRefreshInterval
Deprecated.Duration
forcedJwkRefreshInterval
Forced JWK set refresh interval in minutes.Optional<String>
header
Custom HTTP header that contains a bearer token.Optional<String>
issuer
Expected issuer 'iss' claim value.OptionalInt
lifespanGrace
Life span grace period in seconds.Optional<String>
principalClaim
Name of the claim which contains a principal name.boolean
refreshExpired
Refresh expired ID tokens.Optional<Duration>
refreshTokenTimeSkew
Refresh token time skew in seconds.Optional<String>
tokenType
Expected token type
-
Constructor Summary
Constructors Constructor Description Token()
-
Method Summary
-
-
-
Field Detail
-
issuer
@ConfigItem public Optional<String> issuer
Expected issuer 'iss' claim value. Note this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the issuer verification by setting this property to 'any' but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible.
-
audience
@ConfigItem public Optional<List<String>> audience
Expected audience 'aud' claim value which may be a string or an array of strings.
-
tokenType
@ConfigItem public Optional<String> tokenType
Expected token type
-
lifespanGrace
@ConfigItem public OptionalInt lifespanGrace
Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds.
-
principalClaim
@ConfigItem public Optional<String> principalClaim
Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are checked.
-
refreshExpired
@ConfigItem public boolean refreshExpired
Refresh expired ID tokens. If this property is enabled then a refresh token request will be performed if the ID token has expired and, if successful, the local session will be updated with the new set of tokens. Otherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case the user may not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a non-zero value since the refresh token is currently kept in the user session. This option is valid only when the application is of typeOidcTenantConfig.ApplicationType.WEB_APP
}.
-
autoRefreshInterval
@ConfigItem @Deprecated public Optional<Duration> autoRefreshInterval
Deprecated.Token auto-refresh interval in seconds during the user re-authentication. If this option is set then the valid ID token will be refreshed if it will expire in less than a number of seconds set by this option. The user will still be authenticated if the ID token can no longer be refreshed but is still valid. This option will be ignored if the 'refresh-expired' property is not enabled. Note this property is deprecated and will be removed in one of the next releases. Please use 'quarkus.oidc.token.refresh-token-time-skew'
-
refreshTokenTimeSkew
@ConfigItem public Optional<Duration> refreshTokenTimeSkew
Refresh token time skew in seconds. If this property is enabled then the configured number of seconds is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. This property will be ignored if the 'refresh-expired' property is not enabled.
-
forcedJwkRefreshInterval
@ConfigItem(defaultValue="10M") public Duration forcedJwkRefreshInterval
Forced JWK set refresh interval in minutes.
-
header
@ConfigItem public Optional<String> header
Custom HTTP header that contains a bearer token. This option is valid only when the application is of typeOidcTenantConfig.ApplicationType.SERVICE
}.
-
allowJwtIntrospection
@ConfigItem(defaultValue="true") public boolean allowJwtIntrospection
Allow the remote introspection of JWT tokens when no matching JWK key is available. Note this property is set to 'true' by default for backward-compatibility reasons and will be set to `false` instead in one of the next releases. Also note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option.
-
allowOpaqueTokenIntrospection
@ConfigItem(defaultValue="true") public boolean allowOpaqueTokenIntrospection
Allow the remote introspection of the opaque tokens. Set this property to 'false' if only JWT tokens are expected.
-
-
Method Detail
-
fromIssuer
public static OidcTenantConfig.Token fromIssuer(String issuer)
-
fromAudience
public static OidcTenantConfig.Token fromAudience(String... audience)
-
setIssuer
public void setIssuer(String issuer)
-
setHeader
public void setHeader(String header)
-
getLifespanGrace
public OptionalInt getLifespanGrace()
-
setLifespanGrace
public void setLifespanGrace(int lifespanGrace)
-
setPrincipalClaim
public void setPrincipalClaim(String principalClaim)
-
isRefreshExpired
public boolean isRefreshExpired()
-
setRefreshExpired
public void setRefreshExpired(boolean refreshExpired)
-
getForcedJwkRefreshInterval
public Duration getForcedJwkRefreshInterval()
-
setForcedJwkRefreshInterval
public void setForcedJwkRefreshInterval(Duration forcedJwkRefreshInterval)
-
setTokenType
public void setTokenType(String tokenType)
-
setRefreshTokenTimeSkew
public void setRefreshTokenTimeSkew(Duration refreshTokenTimeSkew)
-
isAllowJwtIntrospection
public boolean isAllowJwtIntrospection()
-
setAllowJwtIntrospection
public void setAllowJwtIntrospection(boolean allowJwtIntrospection)
-
isAllowOpaqueTokenIntrospection
public boolean isAllowOpaqueTokenIntrospection()
-
setAllowOpaqueTokenIntrospection
public void setAllowOpaqueTokenIntrospection(boolean allowOpaqueTokenIntrospection)
-
-