Module io.helidon.microprofile.jwt.auth
Package io.helidon.microprofile.jwt.auth

Class JwtAuthProvider.Builder

java.lang.Object
io.helidon.microprofile.jwt.auth.JwtAuthProvider.Builder
All Implemented Interfaces:
Builder<JwtAuthProvider.Builder,JwtAuthProvider>, Supplier<JwtAuthProvider>
Enclosing class:
JwtAuthProvider
public static class JwtAuthProvider.Builder extends Object implements Builder<JwtAuthProvider.Builder,JwtAuthProvider>
Fluent API builder for JwtAuthProvider.

  • Method Details

    • build

      public JwtAuthProvider build()
      Description copied from interface: Builder
      Build the instance from this builder.
      Specified by:
      build in interface Builder<JwtAuthProvider.Builder,JwtAuthProvider>
      Returns:
      instance of the built type

    • propagate

      public JwtAuthProvider.Builder propagate(boolean propagate)
      Whether to propagate identity.
      Parameters:
      propagate - whether to propagate identity (true) or not (false)
      Returns:
      updated builder instance

    • authenticate

      public JwtAuthProvider.Builder authenticate(boolean authenticate)
      Whether to authenticate requests.
      Parameters:
      authenticate - whether to authenticate (true) or not (false)
      Returns:
      updated builder instance

    • allowImpersonation

      public JwtAuthProvider.Builder allowImpersonation(boolean allowImpersonation)
      Whether to allow impersonation by explicitly overriding username from outbound requests using EndpointConfig.PROPERTY_OUTBOUND_ID property. By default this is not allowed and identity can only be propagated.
      Parameters:
      allowImpersonation - set to true to allow impersonation
      Returns:
      updated builder instance

    • subjectType

      public JwtAuthProvider.Builder subjectType(SubjectType subjectType)
      Principal type this provider extracts (and also propagates).
      Parameters:
      subjectType - type of principal
      Returns:
      updated builder instance

    • atnTokenHandler

      public JwtAuthProvider.Builder atnTokenHandler(TokenHandler tokenHandler)
      Token handler to extract username from request. Uses Authorization header with bearer prefix by default.
      Parameters:
      tokenHandler - token handler instance
      Returns:
      updated builder instance

    • optional

      public JwtAuthProvider.Builder optional(boolean optional)
      Whether authentication is required. By default, request will fail if the username cannot be extracted. If set to false, request will process and this provider will abstain.
      Parameters:
      optional - whether authentication is optional (true) or required (false)
      Returns:
      updated builder instance

    • outboundConfig

      public JwtAuthProvider.Builder outboundConfig(OutboundConfig config)
      Configuration of outbound rules.
      Parameters:
      config - outbound configuration, each target may contain custom object JwtAuthProvider.JwtOutboundTarget to add our configuration.
      Returns:
      updated builder instance

    • signJwk

      public JwtAuthProvider.Builder signJwk(Resource signJwkResource)
      JWK resource used to sign JWTs created by us.
      Parameters:
      signJwkResource - resource pointing to a JSON with keys
      Returns:
      updated builder instance

    • verifyJwk

      public JwtAuthProvider.Builder verifyJwk(Resource verifyJwkResource)
      JWK resource used to verify JWTs created by other parties.
      Parameters:
      verifyJwkResource - resource pointing to a JSON with keys
      Returns:
      updated builder instance

    • issuer

      public JwtAuthProvider.Builder issuer(String issuer)
      Issuer used to create new JWTs.
      Parameters:
      issuer - issuer to add to the issuer claim
      Returns:
      updated builder instance

    • publicKey

      public JwtAuthProvider.Builder publicKey(String publicKey)
      String representation of the public key.
      Parameters:
      publicKey - String representation
      Returns:
      updated builder instance

    • publicKeyPath

      public JwtAuthProvider.Builder publicKeyPath(String publicKeyPath)
      Path to public key. The value may be a relative path or a URL.
      Parameters:
      publicKeyPath - Public key path
      Returns:
      updated builder instance

    • defaultJwk

      public JwtAuthProvider.Builder defaultJwk(Jwk defaultJwk)
      Default JWK which should be used.
      Parameters:
      defaultJwk - Default JWK
      Returns:
      updated builder instance

    • defaultKeyId

      public JwtAuthProvider.Builder defaultKeyId(String defaultKeyId)
      Default JWT key ID which should be used.
      Parameters:
      defaultKeyId - Default JWT key ID
      Returns:
      updated builder instance

    • config

      public JwtAuthProvider.Builder config(Config config)
      Load this builder from a configuration.
      Parameters:
      config - configuration to load from
      Returns:
      updated builder instance

    • jwtHeader

      public JwtAuthProvider.Builder jwtHeader(String header)
      Name of the header expected to contain the token.
      Parameters:
      header - header name which should be used
      Returns:
      updated builder instance

    • cookieProperty

      public JwtAuthProvider.Builder cookieProperty(String cookieProperty)
      Specific cookie property name where we should search for JWT property.
      Parameters:
      cookieProperty - cookie property name
      Returns:
      updated builder instance

    • expectedIssuer

      public JwtAuthProvider.Builder expectedIssuer(String issuer)
      Expected issuer in incoming requests.
      Parameters:
      issuer - name of issuer
      Returns:
      updated builder instance

    • expectedAudience

      @Deprecated(forRemoval=true, since="2.4.0") public JwtAuthProvider.Builder expectedAudience(String audience)
      Deprecated, for removal: This API element is subject to removal in a future version.
      use addExpectedAudience(String) instead
      Audience expected in inbound JWTs.
      Parameters:
      audience - audience string
      Returns:
      updated builder instance

    • addExpectedAudience

      public JwtAuthProvider.Builder addExpectedAudience(String audience)
      Add an audience expected in inbound JWTs.
      Parameters:
      audience - audience string
      Returns:
      updated builder instance

    • expectedAudiences

      public JwtAuthProvider.Builder expectedAudiences(Collection<String> audiences)
      Expected audiences of incoming tokens.
      Parameters:
      audiences - expected audiences to use
      Returns:
      updated builder instance

    • expectedMaxTokenAge

      public JwtAuthProvider.Builder expectedMaxTokenAge(int expectedMaxTokenAge)
      Maximal expected token age in seconds. If this value is set, iat claim needs to be present in the JWT.
      Parameters:
      expectedMaxTokenAge - expected maximal token age in seconds
      Returns:
      updated builder instance

    • decryptKeyLocation

      public JwtAuthProvider.Builder decryptKeyLocation(String decryptKeyLocation)
      Private key for decryption of encrypted claims. The value may be a relative path or a URL.
      Parameters:
      decryptKeyLocation - private key location
      Returns:
      updated builder instance

    • decryptKeyAlgorithm

      public JwtAuthProvider.Builder decryptKeyAlgorithm(String decryptionKeyAlgorithm)
      Expected key management algorithm supported by the MP JWT endpoint. Supported algorithms are either RSA-OAEP or RSA-OAEP-256. If no algorithm is set, both algorithms must be accepted.
      Parameters:
      decryptionKeyAlgorithm - expected decryption key algorithm
      Returns:
      updated builder instance

    • loadOnStartup

      public JwtAuthProvider.Builder loadOnStartup(boolean loadOnStartup)
      Whether to load JWK verification keys on server startup Default value is false.
      Parameters:
      loadOnStartup - load verification keys on server startup
      Returns:
      updated builder instance

    • clockSkew

      public JwtAuthProvider.Builder clockSkew(int clockSkew)
      Clock skew to be accounted for in token expiration and max age validations in seconds.
      Parameters:
      clockSkew - clock skew
      Returns:
      updated builder instance