Module io.helidon.security.providers.oidc.common
Package io.helidon.security.providers.oidc.common

Class TenantConfig.Builder

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      B audience​(String audience)
      Audience of issued tokens.
      B authorizationEndpointUri​(URI uri)
      URI of an authorization endpoint used to redirect users to for logging-in.
      B baseScopes​(String scopes)
      Configure base scopes.
      TenantConfig build()
      Build the instance from this builder.
      B clientId​(String clientId)
      Client ID as generated by OIDC server.
      B clientSecret​(String clientSecret)
      Client secret as generated by OIDC server.
      B clientTimeout​(Duration duration)
      Timeout of calls using web client.
      TenantConfig.Builder config​(Config config)
      Update this builder with values from configuration.
      B identityUri​(URI uri)
      URI of the identity server, base used to retrieve OIDC metadata.
      B introspectEndpointUri​(URI uri)
      Endpoint to use to validate JWT.
      B issuer​(String issuer)
      Issuer of issued tokens.
      B logoutEndpointUri​(URI logoutEndpointUri)
      URI of a logout endpoint used to redirect users to for logging-out.
      TenantConfig.Builder name​(String name)
      Name of the tenant.
      B oidcMetadata​(Resource resource)
      Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
      B oidcMetadata​(JsonObject metadata)
      JsonObject with the OIDC Metadata.
      B oidcMetadataWellKnown​(boolean useWellKnown)
      If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource.
      B realm​(String realm)
      Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.
      B scopeAudience​(String audience)
      Audience of the scope required by this application.
      B serverType​(String type)
      Configure one of the supported types of identity servers.
      B signJwk​(Resource resource)
      A resource pointing to JWK with public keys of signing certificates used to validate JWT.
      B signJwk​(JwkKeys jwk)
      Set JwkKeys to use for JWT validation.
      B tokenEndpointAuthentication​(OidcConfig.ClientAuthentication tokenEndpointAuthentication)
      Type of authentication to use when invoking the token endpoint.
      B tokenEndpointUri​(URI uri)
      URI of a token endpoint used to obtain a JWT based on the authentication code.
      boolean useWellKnown()  
      B validateJwtWithJwk​(Boolean useJwk)
      Use JWK (a set of keys to validate signatures of JWT) to validate tokens.

      • Methods inherited from interface io.helidon.common.Builder

        get

    • Method Detail

      • name

        public TenantConfig.Builder name​(String name)
        Name of the tenant.
        Parameters:
        name - tenant name
        Returns:
        updated builder instance

      • config

        public TenantConfig.Builder config​(Config config)
        Update this builder with values from configuration.
        Parameters:
        config - provided config
        Returns:
        updated builder instance

      • build

        public TenantConfig build()
        Description copied from interface: Builder
        Build the instance from this builder.
        Returns:
        instance of the built type

      • clientId

        public B clientId​(String clientId)
        Client ID as generated by OIDC server.
        Parameters:
        clientId - the client id of this application.
        Returns:
        updated builder instance

      • clientSecret

        public B clientSecret​(String clientSecret)
        Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.
        Parameters:
        clientSecret - secret to use
        Returns:
        updated builder instance

      • identityUri

        public B identityUri​(URI uri)
        URI of the identity server, base used to retrieve OIDC metadata.
        Parameters:
        uri - full URI of an identity server (such as "http://tenantid.identity.oraclecloud.com")
        Returns:
        updated builder instance

      • realm

        public B realm​(String realm)
        Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.
        Parameters:
        realm - realm name
        Returns:
        updated builder instance

      • audience

        public B audience​(String audience)
        Audience of issued tokens.
        Parameters:
        audience - audience to validate
        Returns:
        updated builder instance

      • issuer

        public B issuer​(String issuer)
        Issuer of issued tokens.
        Parameters:
        issuer - expected issuer to validate
        Returns:
        updated builder instance

      • validateJwtWithJwk

        public B validateJwtWithJwk​(Boolean useJwk)
        Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.
        Parameters:
        useJwk - when set to true, jwk is used, when set to false, introspect endpoint is used
        Returns:
        updated builder instance

      • introspectEndpointUri

        public B introspectEndpointUri​(URI uri)
        Endpoint to use to validate JWT. Either use this or set signJwk(JwkKeys) or signJwk(Resource).
        Parameters:
        uri - URI of introspection endpoint
        Returns:
        updated builder instance

      • signJwk

        public B signJwk​(Resource resource)
        A resource pointing to JWK with public keys of signing certificates used to validate JWT.
        Parameters:
        resource - Resource pointing to the JWK
        Returns:
        updated builder instance

      • signJwk

        public B signJwk​(JwkKeys jwk)
        Set JwkKeys to use for JWT validation.
        Parameters:
        jwk - JwkKeys instance to get public keys used to sign JWT
        Returns:
        updated builder instance

      • authorizationEndpointUri

        public B authorizationEndpointUri​(URI uri)
        URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/authorize.
        Parameters:
        uri - URI to use for token endpoint
        Returns:
        updated builder instance

      • logoutEndpointUri

        public B logoutEndpointUri​(URI logoutEndpointUri)
        URI of a logout endpoint used to redirect users to for logging-out. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/userlogout.
        Parameters:
        logoutEndpointUri - URI to use to log out
        Returns:
        updated builder instance

      • tokenEndpointUri

        public B tokenEndpointUri​(URI uri)
        URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/token.
        Parameters:
        uri - URI to use for token endpoint
        Returns:
        updated builder instance

      • oidcMetadata

        public B oidcMetadata​(Resource resource)
        Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
        Parameters:
        resource - resource pointing to the JSON structure
        Returns:
        updated builder instance

      • oidcMetadata

        public B oidcMetadata​(JsonObject metadata)
        JsonObject with the OIDC Metadata.
        Parameters:
        metadata - metadata JSON
        Returns:
        updated builder instance
        See Also:
        oidcMetadata(Resource)

      • baseScopes

        public B baseScopes​(String scopes)
        Configure base scopes. By default, this is "openid". If scope has a qualifier, it must be used here.
        Parameters:
        scopes - Space separated scopes to be required by default from OIDC server
        Returns:
        updated builder instance

      • oidcMetadataWellKnown

        public B oidcMetadataWellKnown​(boolean useWellKnown)
        If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).
        Parameters:
        useWellKnown - whether to use well known location for OIDC metadata
        Returns:
        updated builder instance

      • serverType

        public B serverType​(String type)
        Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used.
        Parameters:
        type - Type of identity server. Currently supported is idcs or not configured (for default).
        Returns:
        updated builder instance

      • clientTimeout

        public B clientTimeout​(Duration duration)
        Timeout of calls using web client.
        Parameters:
        duration - timeout
        Returns:
        updated builder

      • scopeAudience

        public B scopeAudience​(String audience)
        Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.
        Parameters:
        audience - audience, if provided, end with "/" to append the scope correctly
        Returns:
        updated builder instance

      • useWellKnown

        public boolean useWellKnown()