java.lang.Object
io.helidon.security.providers.oidc.common.TenantConfig.Builder
All Implemented Interfaces:
Builder<TenantConfig.Builder,TenantConfig>, Supplier<TenantConfig>
Enclosing interface:
TenantConfig

public static final class TenantConfig.Builder extends Object
A fluent API Builder to build instances of TenantConfig.
  • Method Details

    • name

      public TenantConfig.Builder name(String name)
      Name of the tenant.
      Parameters:
      name - tenant name
      Returns:
      updated builder instance
    • config

      public TenantConfig.Builder config(Config config)
      Update this builder with values from configuration.
      Parameters:
      config - provided config
      Returns:
      updated builder instance
    • build

      public TenantConfig build()
      Description copied from interface: Builder
      Build the instance from this builder.
      Returns:
      instance of the built type
    • clientId

      public TenantConfig.Builder clientId(String clientId)
      Client ID as generated by OIDC server.
      Parameters:
      clientId - the client id of this application.
      Returns:
      updated builder instance
    • clientSecret

      public TenantConfig.Builder clientSecret(String clientSecret)
      Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.
      Parameters:
      clientSecret - secret to use
      Returns:
      updated builder instance
    • identityUri

      public TenantConfig.Builder identityUri(URI uri)
      URI of the identity server, base used to retrieve OIDC metadata.
      Parameters:
      uri - full URI of an identity server (such as "http://tenantid.identity.oraclecloud.com")
      Returns:
      updated builder instance
    • realm

      public TenantConfig.Builder realm(String realm)
      Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.
      Parameters:
      realm - realm name
      Returns:
      updated builder instance
    • audience

      public TenantConfig.Builder audience(String audience)
      Audience of issued tokens.
      Parameters:
      audience - audience to validate
      Returns:
      updated builder instance
    • issuer

      public TenantConfig.Builder issuer(String issuer)
      Issuer of issued tokens.
      Parameters:
      issuer - expected issuer to validate
      Returns:
      updated builder instance
    • validateJwtWithJwk

      public TenantConfig.Builder validateJwtWithJwk(Boolean useJwk)
      Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.
      Parameters:
      useJwk - when set to true, jwk is used, when set to false, introspect endpoint is used
      Returns:
      updated builder instance
    • introspectEndpointUri

      public TenantConfig.Builder introspectEndpointUri(URI uri)
      Endpoint to use to validate JWT. Either use this or set signJwk(JwkKeys) or signJwk(Resource).
      Parameters:
      uri - URI of introspection endpoint
      Returns:
      updated builder instance
    • signJwk

      public TenantConfig.Builder signJwk(Resource resource)
      A resource pointing to JWK with public keys of signing certificates used to validate JWT.
      Parameters:
      resource - Resource pointing to the JWK
      Returns:
      updated builder instance
    • signJwk

      public TenantConfig.Builder signJwk(JwkKeys jwk)
      Set JwkKeys to use for JWT validation.
      Parameters:
      jwk - JwkKeys instance to get public keys used to sign JWT
      Returns:
      updated builder instance
    • tokenEndpointAuthentication

      public TenantConfig.Builder tokenEndpointAuthentication(OidcConfig.ClientAuthentication tokenEndpointAuthentication)
      Type of authentication to use when invoking the token endpoint. Current supported options:
      Parameters:
      tokenEndpointAuthentication - authentication type
      Returns:
      updated builder
    • authorizationEndpointUri

      public TenantConfig.Builder authorizationEndpointUri(URI uri)
      URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/authorize.
      Parameters:
      uri - URI to use for token endpoint
      Returns:
      updated builder instance
    • logoutEndpointUri

      public TenantConfig.Builder logoutEndpointUri(URI logoutEndpointUri)
      URI of a logout endpoint used to redirect users to for logging-out. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/userlogout.
      Parameters:
      logoutEndpointUri - URI to use to log out
      Returns:
      updated builder instance
    • tokenEndpointUri

      public TenantConfig.Builder tokenEndpointUri(URI uri)
      URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/token.
      Parameters:
      uri - URI to use for token endpoint
      Returns:
      updated builder instance
    • oidcMetadata

      public TenantConfig.Builder oidcMetadata(Resource resource)
      Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
      Parameters:
      resource - resource pointing to the JSON structure
      Returns:
      updated builder instance
    • oidcMetadata

      public TenantConfig.Builder oidcMetadata(JsonObject metadata)
      JsonObject with the OIDC Metadata.
      Parameters:
      metadata - metadata JSON
      Returns:
      updated builder instance
      See Also:
    • baseScopes

      public TenantConfig.Builder baseScopes(String scopes)
      Configure base scopes. By default, this is "openid". If scope has a qualifier, it must be used here.
      Parameters:
      scopes - Space separated scopes to be required by default from OIDC server
      Returns:
      updated builder instance
    • oidcMetadataWellKnown

      public TenantConfig.Builder oidcMetadataWellKnown(boolean useWellKnown)
      If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).
      Parameters:
      useWellKnown - whether to use well known location for OIDC metadata
      Returns:
      updated builder instance
    • serverType

      public TenantConfig.Builder serverType(String type)
      Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used.
      Parameters:
      type - Type of identity server. Currently supported is idcs or not configured (for default).
      Returns:
      updated builder instance
    • clientTimeout

      public TenantConfig.Builder clientTimeout(Duration duration)
      Timeout of calls using web client.
      Parameters:
      duration - timeout
      Returns:
      updated builder
    • scopeAudience

      public TenantConfig.Builder scopeAudience(String audience)
      Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.
      Parameters:
      audience - audience, if provided, end with "/" to append the scope correctly
      Returns:
      updated builder instance
    • useWellKnown

      public boolean useWellKnown()