Class TenantConfig.Builder
java.lang.Object
io.helidon.security.providers.oidc.common.TenantConfig.Builder
- All Implemented Interfaces:
Builder<TenantConfig.Builder,
,TenantConfig> Supplier<TenantConfig>
- Enclosing interface:
- TenantConfig
A fluent API
Builder
to build instances of TenantConfig
.-
Method Summary
Modifier and TypeMethodDescriptionAudience of issued tokens.URI of an authorization endpoint used to redirect users to for logging-in.baseScopes
(String scopes) Configure base scopes.build()
Build the instance from this builder.Client ID as generated by OIDC server.clientSecret
(String clientSecret) Client secret as generated by OIDC server.clientTimeout
(Duration duration) Timeout of calls using web client.Update this builder with values from configuration.identityUri
(URI uri) URI of the identity server, base used to retrieve OIDC metadata.introspectEndpointUri
(URI uri) Endpoint to use to validate JWT.Issuer of issued tokens.logoutEndpointUri
(URI logoutEndpointUri) URI of a logout endpoint used to redirect users to for logging-out.Name of the tenant.oidcMetadata
(Resource resource) Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.oidcMetadata
(JsonObject metadata) JsonObject with the OIDC Metadata.oidcMetadataWellKnown
(boolean useWellKnown) If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource.Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.scopeAudience
(String audience) Audience of the scope required by this application.serverType
(String type) Configure one of the supported types of identity servers.A resource pointing to JWK with public keys of signing certificates used to validate JWT.SetJwkKeys
to use for JWT validation.tokenEndpointAuthentication
(OidcConfig.ClientAuthentication tokenEndpointAuthentication) Type of authentication to use when invoking the token endpoint.tokenEndpointUri
(URI uri) URI of a token endpoint used to obtain a JWT based on the authentication code.boolean
validateJwtWithJwk
(Boolean useJwk) Use JWK (a set of keys to validate signatures of JWT) to validate tokens.
-
Method Details
-
name
Name of the tenant.- Parameters:
name
- tenant name- Returns:
- updated builder instance
-
config
Update this builder with values from configuration.- Parameters:
config
- provided config- Returns:
- updated builder instance
-
build
Description copied from interface:Builder
Build the instance from this builder.- Returns:
- instance of the built type
-
clientId
Client ID as generated by OIDC server.- Parameters:
clientId
- the client id of this application.- Returns:
- updated builder instance
-
clientSecret
Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.- Parameters:
clientSecret
- secret to use- Returns:
- updated builder instance
-
identityUri
URI of the identity server, base used to retrieve OIDC metadata.- Parameters:
uri
- full URI of an identity server (such as "http://tenantid.identity.oraclecloud.com")- Returns:
- updated builder instance
-
realm
Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.- Parameters:
realm
- realm name- Returns:
- updated builder instance
-
audience
Audience of issued tokens.- Parameters:
audience
- audience to validate- Returns:
- updated builder instance
-
issuer
Issuer of issued tokens.- Parameters:
issuer
- expected issuer to validate- Returns:
- updated builder instance
-
validateJwtWithJwk
Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.- Parameters:
useJwk
- when set to true, jwk is used, when set to false, introspect endpoint is used- Returns:
- updated builder instance
-
introspectEndpointUri
Endpoint to use to validate JWT. Either use this or setsignJwk(JwkKeys)
orsignJwk(Resource)
.- Parameters:
uri
- URI of introspection endpoint- Returns:
- updated builder instance
-
signJwk
A resource pointing to JWK with public keys of signing certificates used to validate JWT.- Parameters:
resource
- Resource pointing to the JWK- Returns:
- updated builder instance
-
signJwk
SetJwkKeys
to use for JWT validation.- Parameters:
jwk
- JwkKeys instance to get public keys used to sign JWT- Returns:
- updated builder instance
-
tokenEndpointAuthentication
public TenantConfig.Builder tokenEndpointAuthentication(OidcConfig.ClientAuthentication tokenEndpointAuthentication) Type of authentication to use when invoking the token endpoint. Current supported options:- Parameters:
tokenEndpointAuthentication
- authentication type- Returns:
- updated builder
-
authorizationEndpointUri
URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained fromoidcMetadata(Resource)
, if that is not defined an attempt is made to useidentityUri(URI)
/oauth2/v1/authorize.- Parameters:
uri
- URI to use for token endpoint- Returns:
- updated builder instance
-
logoutEndpointUri
URI of a logout endpoint used to redirect users to for logging-out. If not defined, it is obtained fromoidcMetadata(Resource)
, if that is not defined an attempt is made to useidentityUri(URI)
/oauth2/v1/userlogout.- Parameters:
logoutEndpointUri
- URI to use to log out- Returns:
- updated builder instance
-
tokenEndpointUri
URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained fromoidcMetadata(Resource)
, if that is not defined an attempt is made to useidentityUri(URI)
/oauth2/v1/token.- Parameters:
uri
- URI to use for token endpoint- Returns:
- updated builder instance
-
oidcMetadata
Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.- Parameters:
resource
- resource pointing to the JSON structure- Returns:
- updated builder instance
-
oidcMetadata
JsonObject with the OIDC Metadata.- Parameters:
metadata
- metadata JSON- Returns:
- updated builder instance
- See Also:
-
baseScopes
Configure base scopes. By default, this is "openid". If scope has a qualifier, it must be used here.- Parameters:
scopes
- Space separated scopes to be required by default from OIDC server- Returns:
- updated builder instance
-
oidcMetadataWellKnown
If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).- Parameters:
useWellKnown
- whether to use well known location for OIDC metadata- Returns:
- updated builder instance
-
serverType
Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used.- Parameters:
type
- Type of identity server. Currently supported isidcs
or not configured (for default).- Returns:
- updated builder instance
-
clientTimeout
Timeout of calls using web client.- Parameters:
duration
- timeout- Returns:
- updated builder
-
scopeAudience
Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.- Parameters:
audience
- audience, if provided, end with "/" to append the scope correctly- Returns:
- updated builder instance
-
useWellKnown
public boolean useWellKnown()
-