Module io.helidon.security.providers.oidc.common
Package io.helidon.security.providers.oidc.common

Class BaseBuilder<B extends BaseBuilder<B,T>,T>

java.lang.Object
io.helidon.security.providers.oidc.common.BaseBuilder<B,T>
Type Parameters:
B - type of the builder
T - type of the object built by this builder
All Implemented Interfaces:
Builder<B,T>, Supplier<T>
Direct Known Subclasses:
OidcConfig.Builder, TenantConfig.Builder
public abstract class BaseBuilder<B extends BaseBuilder<B,T>,T> extends Object implements Builder<B,T>
Base builder of the OIDC config components.

  • Method Details

    • config

      public B config(Config config)
      Update this builder with values from configuration.
      Parameters:
      config - provided config
      Returns:
      updated builder instance

    • clientId

      public B clientId(String clientId)
      Client ID as generated by OIDC server.
      Parameters:
      clientId - the client id of this application.
      Returns:
      updated builder instance

    • clientSecret

      public B clientSecret(String clientSecret)
      Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.
      Parameters:
      clientSecret - secret to use
      Returns:
      updated builder instance

    • identityUri

      public B identityUri(URI uri)
      URI of the identity server, base used to retrieve OIDC metadata.
      Parameters:
      uri - full URI of an identity server (such as "http://tenantid.identity.oraclecloud.com")
      Returns:
      updated builder instance

    • realm

      public B realm(String realm)
      Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.
      Parameters:
      realm - realm name
      Returns:
      updated builder instance

    • audience

      public B audience(String audience)
      Audience of issued tokens.
      Parameters:
      audience - audience to validate
      Returns:
      updated builder instance

    • issuer

      public B issuer(String issuer)
      Issuer of issued tokens.
      Parameters:
      issuer - expected issuer to validate
      Returns:
      updated builder instance

    • validateJwtWithJwk

      public B validateJwtWithJwk(Boolean useJwk)
      Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.
      Parameters:
      useJwk - when set to true, jwk is used, when set to false, introspect endpoint is used
      Returns:
      updated builder instance

    • introspectEndpointUri

      public B introspectEndpointUri(URI uri)
      Endpoint to use to validate JWT. Either use this or set signJwk(JwkKeys) or signJwk(Resource).
      Parameters:
      uri - URI of introspection endpoint
      Returns:
      updated builder instance

    • signJwk

      public B signJwk(Resource resource)
      A resource pointing to JWK with public keys of signing certificates used to validate JWT.
      Parameters:
      resource - Resource pointing to the JWK
      Returns:
      updated builder instance

    • signJwk

      public B signJwk(JwkKeys jwk)
      Set JwkKeys to use for JWT validation.
      Parameters:
      jwk - JwkKeys instance to get public keys used to sign JWT
      Returns:
      updated builder instance

    • tokenEndpointAuthentication

      public B tokenEndpointAuthentication(OidcConfig.ClientAuthentication tokenEndpointAuthentication)
      Type of authentication to use when invoking the token endpoint. Current supported options:
      Parameters:
      tokenEndpointAuthentication - authentication type
      Returns:
      updated builder

    • authorizationEndpointUri

      public B authorizationEndpointUri(URI uri)
      URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/authorize.
      Parameters:
      uri - URI to use for token endpoint
      Returns:
      updated builder instance

    • logoutEndpointUri

      public B logoutEndpointUri(URI logoutEndpointUri)
      URI of a logout endpoint used to redirect users to for logging-out. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/userlogout.
      Parameters:
      logoutEndpointUri - URI to use to log out
      Returns:
      updated builder instance

    • tokenEndpointUri

      public B tokenEndpointUri(URI uri)
      URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/token.
      Parameters:
      uri - URI to use for token endpoint
      Returns:
      updated builder instance

    • oidcMetadata

      public B oidcMetadata(Resource resource)
      Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
      Parameters:
      resource - resource pointing to the JSON structure
      Returns:
      updated builder instance

    • oidcMetadata

      public B oidcMetadata(JsonObject metadata)
      JsonObject with the OIDC Metadata.
      Parameters:
      metadata - metadata JSON
      Returns:
      updated builder instance
      See Also:

    • baseScopes

      public B baseScopes(String scopes)
      Configure base scopes. By default, this is "openid". If scope has a qualifier, it must be used here.
      Parameters:
      scopes - Space separated scopes to be required by default from OIDC server
      Returns:
      updated builder instance

    • oidcMetadataWellKnown

      public B oidcMetadataWellKnown(boolean useWellKnown)
      If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).
      Parameters:
      useWellKnown - whether to use well known location for OIDC metadata
      Returns:
      updated builder instance

    • serverType

      public B serverType(String type)
      Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used.
      Parameters:
      type - Type of identity server. Currently supported is idcs or not configured (for default).
      Returns:
      updated builder instance

    • clientTimeout

      public B clientTimeout(Duration duration)
      Timeout of calls using web client.
      Parameters:
      duration - timeout
      Returns:
      updated builder

    • scopeAudience

      public B scopeAudience(String audience)
      Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.
      Parameters:
      audience - audience, if provided, end with "/" to append the scope correctly
      Returns:
      updated builder instance

    • optionalAudience

      public B optionalAudience(boolean optional)
      Allow audience claim to be optional.
      Parameters:
      optional - whether the audience claim is optional (true) or not (false)
      Returns:
      updated builder instance

    • checkAudience

      public B checkAudience(boolean checkAudience)
      Configure audience claim check.
      Parameters:
      checkAudience - whether the audience claim will be checked (true) or not (false)
      Returns:
      updated builder instance

    • decryptionKeys

      public B decryptionKeys(Resource resource)
      A resource pointing to JWK with private keys used for JWE content key decryption.
      Parameters:
      resource - Resource pointing to the JWK
      Returns:
      updated builder instance

    • decryptionKeys

      public B decryptionKeys(JwkKeys contentKeyDecryptionKeys)
      Set JwkKeys used for JWE content key decryption.
      Parameters:
      contentKeyDecryptionKeys - JwkKeys instance to get private key for JWE content key decryption
      Returns:
      updated builder instance