Package io.quarkus.oidc

Class OidcTenantConfig

    • Field Detail

      • tenantId

        @ConfigItem
public Optional<String> tenantId
        A unique tenant identifier. It must be set by TenantConfigResolver providers which resolve the tenant configuration dynamically and is optional in all other cases.

      • tenantEnabled

        @ConfigItem(defaultValue="true")
public boolean tenantEnabled
        If this tenant configuration is enabled. Note that the default tenant will be disabled if it is not configured but either TenantConfigResolver which will resolve tenant configurations is registered or named tenants are configured. You do not have to disable the default tenant in this case.

      • authorizationPath

        @ConfigItem
public Optional<String> authorizationPath
        Relative path or absolute URL of the OIDC authorization endpoint which authenticates the users. This property must be set for the 'web-app' applications if OIDC discovery is disabled. This property will be ignored if the discovery is enabled.

      • userInfoPath

        @ConfigItem
public Optional<String> userInfoPath
        Relative path or absolute URL of the OIDC userinfo endpoint. This property must only be set for the 'web-app' applications if OIDC discovery is disabled and 'authentication.user-info-required' property is enabled. This property will be ignored if the discovery is enabled.

      • introspectionPath

        @ConfigItem
public Optional<String> introspectionPath
        Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JWT tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens have to be verified or 2) JWT tokens have to be verified while the cached JWK verification set with no matching JWK is being refreshed. This property will be ignored if the discovery is enabled.

      • jwksPath

        @ConfigItem
public Optional<String> jwksPath
        Relative path or absolute URL of the OIDC JWKS endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property will be ignored if the discovery is enabled.

      • endSessionPath

        @ConfigItem
public Optional<String> endSessionPath
        Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the 'web-app' applications is required. This property will be ignored if the discovery is enabled.

      • publicKey

        @ConfigItem
public Optional<String> publicKey
        Public key for the local JWT token verification. OIDC server connection will not be created when this property is set.

      • allowTokenIntrospectionCache

        @ConfigItem(defaultValue="true")
public boolean allowTokenIntrospectionCache
        Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used then please see OidcConfig.TokenCache how to enable it.

      • allowUserInfoCache

        @ConfigItem(defaultValue="true")
public boolean allowUserInfoCache
        Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used then please see OidcConfig.TokenCache how to enable it.

      • cacheUserInfoInIdtoken

        @ConfigItem(defaultValue="false")
public boolean cacheUserInfoInIdtoken
        Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.

    • Constructor Detail

      • OidcTenantConfig

        public OidcTenantConfig()