java.lang.Object
io.helidon.security.providers.oidc.OidcFeature
All Implemented Interfaces:
HttpFeature, ServerLifecycle, Supplier<HttpFeature>

public final class OidcFeature extends Object implements HttpFeature
OIDC integration requires web resources to be exposed through a web server. This registers the endpoint to which OIDC redirects browser after successful login. This incorporates the "response_type=code" approach. When passing configuration to this class, you should pass the root of configuration (that contains security.providers). This class then reads the configuration for provider named "oidc" or (if mutliples are configured) for the name specified. Configuration options used by this class are (under security.providers[].${name}):
Configuration parameters
key default value description
redirect-uri /oidc/redirect Context root under which redirection endpoint is located (sent here by OIDC server
oidc-metadata-type WELL_KNOWN How to obtain OIDC metadata. Can be WELL_KNOWN, URI, PATH or NONE
oidc-metadata-uri N/A URI of the metadata if type set to URI
oidc-metadata-path N/A Path on the filesystem if type set to PATH
token-endpoint-type WELL_KNOWN Where is the token endpoint? WELL_KNOWN reads the location from OIDC Metadata
token-endpoint-uri N/A URI of the token endpoint if type set to URI
cookie-use true Whether to use cookie to provide the token to subsequent requests
cookie-name OIDCTOKEN Name of the cookie to set (and expect)
query-param-use false Whether to use query parameter to add to the request when redirecting to original URI
query-param-name accessToken Name of the query parameter to set (and expect)
  • Method Details

    • create

      public static OidcFeature create(Config config, String providerName)
      Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers.providerName under current key) or from the key itself (e.g. providerName is the current key).
      Parameters:
      config - Config instance on expected node
      providerName - name of the node that contains OIDC configuration
      Returns:
      OIDC webserver integration based on the config
    • create

      public static OidcFeature create(Config config)
      Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers."oidc" under current key) or from the provider's configuration. (expecting OIDC keys directly under current key).
      Parameters:
      config - Config instance on expected node
      Returns:
      OIDC webserver integration based on the config
    • create

      public static OidcFeature create(OidcConfig oidcConfig)
      Load OIDC support for webserver from OidcConfig instance. When programmatically configuring your environment, this is the best approach, to share configuration between this class and OidcProvider.
      Parameters:
      oidcConfig - configuration of OIDC integration
      Returns:
      OIDC webserver integration based on the configuration
    • builder

      public static OidcFeature.Builder builder()
      A new builder instance to configure OIDC support.
      Returns:
      a new builder
    • setup

      public void setup(HttpRouting.Builder routing)
      Description copied from interface: HttpFeature
      Method to set up a feature.
      Specified by:
      setup in interface HttpFeature
      Parameters:
      routing - routing builder