Package io.quarkus.oidc
Class OidcTenantConfig
java.lang.Object
io.quarkus.oidc.common.runtime.OidcCommonConfig
io.quarkus.oidc.OidcTenantConfig
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
static class
Defines the authorization request properties when authenticating users using the Authorization Code Grant Type.static class
static class
static class
Authorization Code grant configurationstatic class
static class
Introspection Basic Authentication configurationstatic class
static class
static enum
static class
static enum
Supported asymmetric signature algorithmsstatic class
static class
Default Authorization Code token state manager configurationNested classes/interfaces inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
OidcCommonConfig.Credentials, OidcCommonConfig.Proxy, OidcCommonConfig.Tls
-
Field Summary
Modifier and TypeFieldDescriptionboolean
Allow caching the token introspection data.boolean
Allow caching the user info data.The application type, which can be one of the followingOidcTenantConfig.ApplicationType
values.Different options to configure authorization requestsThe relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users.boolean
Allow inlining UserInfo in IdToken instead of caching it in the token cache.Configuration of the certificate chain which can be used to verify tokens.Authorization code grant configurationRelative path or absolute URL of the OIDC end_session_endpoint.Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured withOidcCommonConfig.credentials
for its introspection endpoint.Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens.Configuration for controlling how JsonWebKeySet containing verification keys should be acquired and managed.Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set.RP Initiated, BackChannel and FrontChannel Logout configurationWell known OpenId Connect provider identifierThe public key for the local JWT token verification.Configuration to find and parse a custom claim containing the roles information.boolean
If this tenant configuration is enabled.A unique tenant identifier.Configuration how to validate the token claims.Default token state manager configurationThe relative path or absolute URL of the OIDC UserInfo endpoint.Fields inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
authServerUrl, clientId, connectionDelay, connectionRetryCount, connectionTimeout, credentials, discoveryEnabled, maxPoolSize, proxy, revokePath, tls, tokenPath
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptiongetRoles()
getToken()
boolean
boolean
boolean
boolean
void
setAllowTokenIntrospectionCache
(boolean allowTokenIntrospectionCache) void
setAllowUserInfoCache
(boolean allowUserInfoCache) void
void
setAuthentication
(OidcTenantConfig.Authentication authentication) void
setAuthorizationPath
(String authorizationPath) void
setCacheUserInfoInIdtoken
(boolean cacheUserInfoInIdtoken) void
setCertificateChain
(OidcTenantConfig.CertificateChain certificateChain) void
setCodeGrant
(OidcTenantConfig.CodeGrant codeGrant) void
setEndSessionPath
(String endSessionPath) void
setIntrospectionCredentials
(OidcTenantConfig.IntrospectionCredentials introspectionCredentials) void
setIntrospectionPath
(String introspectionPath) void
setJwksPath
(String jwksPath) void
setLogout
(OidcTenantConfig.Logout logout) void
setProvider
(OidcTenantConfig.Provider provider) void
setPublicKey
(String publicKey) void
setRoles
(OidcTenantConfig.Roles roles) void
setTenantEnabled
(boolean enabled) void
setTenantId
(String tenantId) void
setToken
(OidcTenantConfig.Token token) void
setUserInfoPath
(String userInfoPath) Methods inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig
getAuthServerUrl, getClientId, getConnectionDelay, getConnectionTimeout, getCredentials, getMaxPoolSize, getProxy, getRevokePath, getTokenPath, isDiscoveryEnabled, setAuthServerUrl, setClientId, setConnectionDelay, setConnectionTimeout, setCredentials, setDiscoveryEnabled, setMaxPoolSize, setProxy, setRevokePath, setTokenPath
-
Field Details
-
tenantId
A unique tenant identifier. It can be set byTenantConfigResolver
providers, which resolve the tenant configuration dynamically. -
tenantEnabled
If this tenant configuration is enabled. The default tenant is disabled if it is not configured but aTenantConfigResolver
that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. -
applicationType
@ConfigItem(defaultValueDocumentation="service") public Optional<OidcTenantConfig.ApplicationType> applicationTypeThe application type, which can be one of the followingOidcTenantConfig.ApplicationType
values. -
authorizationPath
The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. -
userInfoPath
The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. -
introspectionPath
Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. -
jwksPath
Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. -
endSessionPath
Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. -
publicKey
The public key for the local JWT token verification. OIDC server connection is not created when this property is set. -
introspectionCredentials
Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured withOidcCommonConfig.credentials
for its introspection endpoint. -
roles
Configuration to find and parse a custom claim containing the roles information. -
token
Configuration how to validate the token claims. -
logout
RP Initiated, BackChannel and FrontChannel Logout configuration -
certificateChain
Configuration of the certificate chain which can be used to verify tokens. If the certificate chain trusstore is configured, the tokens can be verified using the certificate chain inlined in the Base64-encoded format as an `x5c` header in the token itself. -
authentication
Different options to configure authorization requests -
codeGrant
Authorization code grant configuration -
tokenStateManager
Default token state manager configuration -
allowTokenIntrospectionCache
Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, seeOidcConfig.TokenCache
to enable it. -
allowUserInfoCache
Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, seeOidcConfig.TokenCache
to enable it. -
cacheUserInfoInIdtoken
Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. -
jwks
Configuration for controlling how JsonWebKeySet containing verification keys should be acquired and managed. -
provider
Well known OpenId Connect provider identifier
-
-
Constructor Details
-
OidcTenantConfig
public OidcTenantConfig()
-
-
Method Details
-
getAuthorizationPath
-
setAuthorizationPath
-
getUserInfoPath
-
setUserInfoPath
-
getIntrospectionPath
-
setIntrospectionPath
-
getJwksPath
-
setJwksPath
-
getEndSessionPath
-
setEndSessionPath
-
getPublicKey
-
setPublicKey
-
getRoles
-
setRoles
-
getToken
-
setToken
-
getAuthentication
-
setAuthentication
-
getTenantId
-
setTenantId
-
isTenantEnabled
public boolean isTenantEnabled() -
setTenantEnabled
public void setTenantEnabled(boolean enabled) -
setLogout
-
getLogout
-
getProvider
-
setProvider
-
getApplicationType
-
setApplicationType
-
isAllowTokenIntrospectionCache
public boolean isAllowTokenIntrospectionCache() -
setAllowTokenIntrospectionCache
public void setAllowTokenIntrospectionCache(boolean allowTokenIntrospectionCache) -
isAllowUserInfoCache
public boolean isAllowUserInfoCache() -
setAllowUserInfoCache
public void setAllowUserInfoCache(boolean allowUserInfoCache) -
isCacheUserInfoInIdtoken
public boolean isCacheUserInfoInIdtoken() -
setCacheUserInfoInIdtoken
public void setCacheUserInfoInIdtoken(boolean cacheUserInfoInIdtoken) -
getIntrospectionCredentials
-
setIntrospectionCredentials
public void setIntrospectionCredentials(OidcTenantConfig.IntrospectionCredentials introspectionCredentials) -
getCodeGrant
-
setCodeGrant
-
getCertificateChain
-
setCertificateChain
-