Package io.helidon.security.providers.oidc

Class OidcProvider

java.lang.Object

io.helidon.security.spi.SynchronousProvider

io.helidon.security.providers.oidc.OidcProvider

All Implemented Interfaces:

AuthenticationProvider, OutboundSecurityProvider, SecurityProvider

public final class OidcProvider
extends SynchronousProvider
implements AuthenticationProvider, OutboundSecurityProvider

Open ID Connect authentication provider. IDCS specific notes:

• If you want to use JWK to validate tokens, you must give access to the endpoint (by default only admin can access it)
• If you want to use introspect endpoint to validate tokens, you must give rights to the application to do so (Client Configuration/Allowed Operations)
• If you want to retrieve groups when using IDCS, you must add "Client Credentials" in "Allowed Grant Types" in application configuration, as well as "Grant the client access to Identity Cloud Service Admin APIs." configured to "User Administrator"

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	OidcProvider.Builder	Builder for OidcProvider.

Method Summary

Modifier and Type	Method	Description
static OidcProvider.Builder	builder()	A fluent API builder to created instances of this provider.
static OidcProvider	create(Config config)	Load this provider from configuration.
static OidcProvider	create(OidcConfig config)	Create a new provider based on OIDC configuration.
boolean	isOutboundSupported(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundConfig)	Check if the path to be executed is supported by this security provider.
Collection<Class<? extends Annotation>>	supportedAnnotations()	Provide extension annotations supported by this provider (e.g.
protected AuthenticationResponse	syncAuthenticate(ProviderRequest providerRequest)	Synchronous authentication.
protected OutboundSecurityResponse	syncOutbound(ProviderRequest providerRequest, SecurityEnvironment outboundEnv, EndpointConfig outboundEndpointConfig)	Synchronous outbound security.

Methods inherited from class io.helidon.security.spi.SynchronousProvider

authenticate, authorize, outboundSecurity, syncAuthorize

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.security.spi.AuthenticationProvider

authenticate

Methods inherited from interface io.helidon.security.spi.OutboundSecurityProvider

outboundSecurity

Methods inherited from interface io.helidon.security.spi.SecurityProvider

supportedAttributes, supportedConfigKeys, supportedCustomObjects

Method Detail

create

public static OidcProvider create(Config config)

Load this provider from configuration.

Parameters:

config - configuration of this provider

Returns:

a new provider configured for OIDC

create

public static OidcProvider create(OidcConfig config)

Create a new provider based on OIDC configuration.

Parameters:

config - config of OIDC server and client

Returns:

a new provider configured for OIDC

builder

public static OidcProvider.Builder builder()

A fluent API builder to created instances of this provider.

Returns:

a new builder instance

supportedAnnotations

public Collection<Class<? extends Annotation>> supportedAnnotations()

Description copied from interface: SecurityProvider

Provide extension annotations supported by this provider (e.g. javax.annotation.security.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected.

Specified by:

supportedAnnotations in interface SecurityProvider

Returns:

Collection of annotations this provider expects.

See Also:

EndpointConfig.annotations(EndpointConfig.AnnotationScope...), EndpointConfig.combineAnnotations(Class, EndpointConfig.AnnotationScope...)

syncAuthenticate

protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest)

Description copied from class: SynchronousProvider

Synchronous authentication.

Overrides:

syncAuthenticate in class SynchronousProvider

Parameters:

providerRequest - context with environment, subject(s) etc.

Returns:

authentication response

See Also:

AuthenticationProvider.authenticate(ProviderRequest)

isOutboundSupported

public boolean isOutboundSupported(ProviderRequest providerRequest,
                                   SecurityEnvironment outboundEnv,
                                   EndpointConfig outboundConfig)

Description copied from interface: OutboundSecurityProvider

Check if the path to be executed is supported by this security provider. Defaults to true.

Specified by:

isOutboundSupported in interface OutboundSecurityProvider

Parameters:

providerRequest - context with environment, subject(s) etc. that was received

outboundEnv - environment for outbound call

outboundConfig - outbound endpoint configuration

Returns:

true if this identity propagator can generate required headers for the path defined

syncOutbound

protected OutboundSecurityResponse syncOutbound(ProviderRequest providerRequest,
                                                SecurityEnvironment outboundEnv,
                                                EndpointConfig outboundEndpointConfig)

Description copied from class: SynchronousProvider

Synchronous outbound security.

Overrides:

syncOutbound in class SynchronousProvider

Parameters:

providerRequest - context with environment, subject(s) etc.

outboundEnv - environment of this outbound call

outboundEndpointConfig - endpoint config for outbound call

Returns:

outbound response

See Also:

OutboundSecurityProvider.outboundSecurity(ProviderRequest, SecurityEnvironment, EndpointConfig), OutboundSecurityProvider.isOutboundSupported(ProviderRequest, SecurityEnvironment, EndpointConfig)