Class OidcSupport
java.lang.Object
io.helidon.security.providers.oidc.OidcSupport
- All Implemented Interfaces:
Service
OIDC integration requires web resources to be exposed through a web server.
This registers the endpoint to which OIDC redirects browser after successful login.
This incorporates the "response_type=code" approach.
When passing configuration to this class, you should pass the root of configuration
(that contains security.providers). This class then reads the configuration for provider
named "oidc" or (if mutliples are configured) for the name specified.
Configuration options used by this class are (under security.providers[].${name}):
key | default value | description |
---|---|---|
redirect-uri | /oidc/redirect | Context root under which redirection endpoint is located (sent here by OIDC server |
oidc-metadata-type | WELL_KNOWN | How to obtain OIDC metadata. Can be WELL_KNOWN, URI, PATH or NONE |
oidc-metadata-uri | N/A | URI of the metadata if type set to URI |
oidc-metadata-path | N/A | Path on the filesystem if type set to PATH |
token-endpoint-type | WELL_KNOWN | Where is the token endpoint? WELL_KNOWN reads the location from OIDC Metadata |
token-endpoint-uri | N/A | URI of the token endpoint if type set to URI |
cookie-use | true | Whether to use cookie to provide the token to subsequent requests |
cookie-name | OIDCTOKEN | Name of the cookie to set (and expect) |
query-param-use | false | Whether to use query parameter to add to the request when redirecting to original URI |
query-param-name | accessToken | Name of the query parameter to set (and expect) |
-
Nested Class Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic OidcSupport.Builder
builder()
A new builder instance to configure OIDC support.static OidcSupport
Load OIDC support for webserver from config.static OidcSupport
Load OIDC support for webserver from config.static OidcSupport
create
(OidcConfig oidcConfig) Load OIDC support for webserver fromOidcConfig
instance.void
update
(Routing.Rules rules) UpdatesRouting.Rules
withhandlers
representing this service.
-
Method Details
-
create
Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers.providerName under current key) or from the key itself (e.g. providerName is the current key).- Parameters:
config
- Config instance on expected nodeproviderName
- name of the node that contains OIDC configuration- Returns:
- OIDC webserver integration based on the config
-
create
Load OIDC support for webserver from config. This works from two places in config tree - either from root (expecting security.providers."oidc" under current key) or from the provider's configuration. (expecting OIDC keys directly under current key).- Parameters:
config
- Config instance on expected node- Returns:
- OIDC webserver integration based on the config
-
create
Load OIDC support for webserver fromOidcConfig
instance. When programmatically configuring your environment, this is the best approach, to share configuration between this class andOidcProvider
.- Parameters:
oidcConfig
- configuration of OIDC integration- Returns:
- OIDC webserver integration based on the configuration
-
builder
A new builder instance to configure OIDC support.- Returns:
- a new builder
-
update
Description copied from interface:Service
UpdatesRouting.Rules
withhandlers
representing this service.
-