Module io.helidon.microprofile.jwt.auth
Package io.helidon.microprofile.jwt.auth

Class JwtAuthProvider.Builder

    • Method Detail

      • propagate

        public JwtAuthProvider.Builder propagate​(boolean propagate)
        Whether to propagate identity.
        Parameters:
        propagate - whether to propagate identity (true) or not (false)
        Returns:
        updated builder instance

      • authenticate

        public JwtAuthProvider.Builder authenticate​(boolean authenticate)
        Whether to authenticate requests.
        Parameters:
        authenticate - whether to authenticate (true) or not (false)
        Returns:
        updated builder instance

      • allowImpersonation

        public JwtAuthProvider.Builder allowImpersonation​(boolean allowImpersonation)
        Whether to allow impersonation by explicitly overriding username from outbound requests using JwtAuthProvider.EP_PROPERTY_OUTBOUND_USER property. By default this is not allowed and identity can only be propagated.
        Parameters:
        allowImpersonation - set to true to allow impersonation
        Returns:
        updated builder instance

      • subjectType

        public JwtAuthProvider.Builder subjectType​(SubjectType subjectType)
        Principal type this provider extracts (and also propagates).
        Parameters:
        subjectType - type of principal
        Returns:
        updated builder instance

      • atnTokenHandler

        public JwtAuthProvider.Builder atnTokenHandler​(TokenHandler tokenHandler)
        Token handler to extract username from request.
        Parameters:
        tokenHandler - token handler instance
        Returns:
        updated builder instance

      • optional

        public JwtAuthProvider.Builder optional​(boolean optional)
        Whether authentication is required. By default, request will fail if the username cannot be extracted. If set to false, request will process and this provider will abstain.
        Parameters:
        optional - whether authentication is optional (true) or required (false)
        Returns:
        updated builder instance

      • signJwk

        public JwtAuthProvider.Builder signJwk​(Resource signJwkResource)
        JWK resource used to sign JWTs created by us.
        Parameters:
        signJwkResource - resource pointing to a JSON with keys
        Returns:
        updated builder instance

      • verifyJwk

        public JwtAuthProvider.Builder verifyJwk​(Resource verifyJwkResource)
        JWK resource used to verify JWTs created by other parties.
        Parameters:
        verifyJwkResource - resource pointing to a JSON with keys
        Returns:
        updated builder instance

      • issuer

        public JwtAuthProvider.Builder issuer​(String issuer)
        Issuer used to create new JWTs.
        Parameters:
        issuer - issuer to add to the issuer claim
        Returns:
        updated builder instance

      • publicKey

        public JwtAuthProvider.Builder publicKey​(String publicKey)
        String representation of the public key.
        Parameters:
        publicKey - String representation
        Returns:
        updated builder instance

      • publicKeyPath

        public JwtAuthProvider.Builder publicKeyPath​(String publicKeyPath)
        Path to public key.
        Parameters:
        publicKeyPath - Public key path
        Returns:
        updated builder instance

      • defaultJwk

        public JwtAuthProvider.Builder defaultJwk​(Jwk defaultJwk)
        Default JWK which should be used.
        Parameters:
        defaultJwk - Default JWK
        Returns:
        updated builder instance

      • defaultKeyId

        public JwtAuthProvider.Builder defaultKeyId​(String defaultKeyId)
        Default JWT key ID which should be used.
        Parameters:
        defaultKeyId - Default JWT key ID
        Returns:
        updated builder instance

      • config

        public JwtAuthProvider.Builder config​(Config config)
        Load this builder from a configuration.
        Parameters:
        config - configuration to load from
        Returns:
        updated builder instance

      • jwtHeader

        public JwtAuthProvider.Builder jwtHeader​(String header)
        Parameters:
        header - header name which should be used
        Returns:
        updated builder instance

      • cookieProperty

        public JwtAuthProvider.Builder cookieProperty​(String cookieProperty)
        Specific cookie property name where we should search for JWT property.
        Parameters:
        cookieProperty - cookie property name
        Returns:
        updated builder instance

      • expectedIssuer

        public JwtAuthProvider.Builder expectedIssuer​(String issuer)
        Expected issuer in incoming requests.
        Parameters:
        issuer - name of issuer
        Returns:
        updated builder instance

      • addExpectedAudience

        public JwtAuthProvider.Builder addExpectedAudience​(String audience)
        Add an audience expected in inbound JWTs.
        Parameters:
        audience - audience string
        Returns:
        updated builder instance

      • expectedAudiences

        public JwtAuthProvider.Builder expectedAudiences​(Collection<String> audiences)
        Replace expected audiences with the content of the provided collection.
        Parameters:
        audiences - expected audiences to use
        Returns:
        updated builder instance

      • decryptKeyLocation

        public JwtAuthProvider.Builder decryptKeyLocation​(String decryptKeyLocation)
        Private key to decryption of encrypted claims.
        Parameters:
        decryptKeyLocation - private key location
        Returns:
        updated builder instance

      • loadOnStartup

        public JwtAuthProvider.Builder loadOnStartup​(boolean loadOnStartup)
        Whether to load JWK verification keys on server startup Default value is false.
        Parameters:
        loadOnStartup - load verification keys on server startup
        Returns:
        updated builder instance