java.lang.Object
io.helidon.security.providers.oidc.OidcSupport
All Implemented Interfaces:
Service

public final class OidcSupport extends Object implements Service
OIDC integration requires web resources to be exposed through a web server. This registers the endpoint to which OIDC redirects browser after successful login. This incorporates the "response_type=code" approach. When passing configuration to this class, you should pass the root of configuration (that contains security.providers). This class then reads the configuration for provider named "oidc" or (if mutliples are configured) for the name specified. Configuration options used by this class are (under security.providers[].${name}):
Configuration parameters
key default value description
redirect-uri /oidc/redirect Context root under which redirection endpoint is located (sent here by OIDC server
oidc-metadata-type WELL_KNOWN How to obtain OIDC metadata. Can be WELL_KNOWN, URI, PATH or NONE
oidc-metadata-uri N/A URI of the metadata if type set to URI
oidc-metadata-path N/A Path on the filesystem if type set to PATH
token-endpoint-type WELL_KNOWN Where is the token endpoint? WELL_KNOWN reads the location from OIDC Metadata
token-endpoint-uri N/A URI of the token endpoint if type set to URI
cookie-use true Whether to use cookie to provide the token to subsequent requests
cookie-name OIDCTOKEN Name of the cookie to set (and expect)
query-param-use false Whether to use query parameter to add to the request when redirecting to original URI
query-param-name accessToken Name of the query parameter to set (and expect)
  • Method Details

    • create

      public static OidcSupport create(Config config, String providerName)
      Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers.providerName under current key) or from the key itself (e.g. providerName is the current key).
      Parameters:
      config - Config instance on expected node
      providerName - name of the node that contains OIDC configuration
      Returns:
      OIDC webserver integration based on the config
    • create

      public static OidcSupport create(Config config)
      Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers."oidc" under current key) or from the provider's configuration. (expecting OIDC keys directly under current key).
      Parameters:
      config - Config instance on expected node
      Returns:
      OIDC webserver integration based on the config
    • create

      public static OidcSupport create(OidcConfig oidcConfig)
      Load OIDC support for webserver from OidcConfig instance. When programmatically configuring your environment, this is the best approach, to share configuration between this class and OidcProvider.
      Parameters:
      oidcConfig - configuration of OIDC integration
      Returns:
      OIDC webserver integration based on the configuration
    • builder

      public static OidcSupport.Builder builder()
      A new builder instance to configure OIDC support.
      Returns:
      a new builder
    • update

      public void update(Routing.Rules rules)
      Description copied from interface: Service
      Updates Routing.Rules with handlers representing this service.
      Specified by:
      update in interface Service
      Parameters:
      rules - a routing rules to update