Package io.quarkus.oidc

Class OidcTenantConfig

java.lang.Object
io.quarkus.oidc.common.runtime.OidcCommonConfig
io.quarkus.oidc.OidcTenantConfig
public class OidcTenantConfig extends OidcCommonConfig

  • Field Details

    • tenantId

      @ConfigItem public Optional<String> tenantId
      A unique tenant identifier. It can be set by TenantConfigResolver providers, which resolve the tenant configuration dynamically.

    • tenantEnabled

      @ConfigItem(defaultValue="true") public boolean tenantEnabled
      If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a TenantConfigResolver that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant.

    • applicationType

      @ConfigItem(defaultValueDocumentation="service") public Optional<OidcTenantConfig.ApplicationType> applicationType
      The application type, which can be one of the following OidcTenantConfig.ApplicationType values.

    • authorizationPath

      @ConfigItem public Optional<String> authorizationPath
      The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled.

    • userInfoPath

      @ConfigItem public Optional<String> userInfoPath
      The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled.

    • introspectionPath

      @ConfigItem public Optional<String> introspectionPath
      Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled.

    • jwksPath

      @ConfigItem public Optional<String> jwksPath
      Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled.

    • endSessionPath

      @ConfigItem public Optional<String> endSessionPath
      Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled.

    • publicKey

      @ConfigItem public Optional<String> publicKey
      The public key for the local JWT token verification. OIDC server connection is not created when this property is set.

    • introspectionCredentials

      @ConfigItem public OidcTenantConfig.IntrospectionCredentials introspectionCredentials
      Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured with OidcCommonConfig.credentials for its introspection endpoint.

    • roles

      @ConfigItem public OidcTenantConfig.Roles roles
      Configuration to find and parse a custom claim containing the roles information.

    • token

      @ConfigItem public OidcTenantConfig.Token token
      Configuration how to validate the token claims.

    • logout

      @ConfigItem public OidcTenantConfig.Logout logout
      RP Initiated, BackChannel and FrontChannel Logout configuration

    • certificateChain

      @ConfigItem public OidcTenantConfig.CertificateChain certificateChain
      Configuration of the certificate chain which can be used to verify tokens. If the certificate chain trusstore is configured, the tokens can be verified using the certificate chain inlined in the Base64-encoded format as an `x5c` header in the token itself.

    • authentication

      public OidcTenantConfig.Authentication authentication
      Different options to configure authorization requests

    • codeGrant

      public OidcTenantConfig.CodeGrant codeGrant
      Authorization code grant configuration

    • tokenStateManager

      @ConfigItem public OidcTenantConfig.TokenStateManager tokenStateManager
      Default token state manager configuration

    • allowTokenIntrospectionCache

      @ConfigItem(defaultValue="true") public boolean allowTokenIntrospectionCache
      Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

    • allowUserInfoCache

      @ConfigItem(defaultValue="true") public boolean allowUserInfoCache
      Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

    • cacheUserInfoInIdtoken

      @ConfigItem(defaultValue="false") public boolean cacheUserInfoInIdtoken
      Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.

    • jwks

      @ConfigItem public OidcTenantConfig.Jwks jwks
      Configuration for controlling how JsonWebKeySet containing verification keys should be acquired and managed.

    • provider

      @ConfigItem public Optional<OidcTenantConfig.Provider> provider
      Well known OpenId Connect provider identifier

  • Constructor Details

    • OidcTenantConfig

      public OidcTenantConfig()

  • Method Details