java.lang.Object Configuration

java.lang.Object Configuration: Type: java.lang.Object

Configuration options

Optional configuration options

key	type	default value	description
`audience`	string		Audience of issued tokens.
`authorization-endpoint-uri`	URI		URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined an attempt is made to use #identityUri(URI)/oauth2/v1/authorize.
`base-scopes`	string	`openid`	Configure base scopes. By default, this is `DEFAULT_BASE_SCOPES`. If scope has a qualifier, it must be used here.
`client-id`	string		Client ID as generated by OIDC server.
`client-secret`	string		Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.
`client-timeout-millis`	Duration	`30000`	Timeout of calls using web client.
`identity-uri`	URI		URI of the identity server, base used to retrieve OIDC metadata.
`introspect-endpoint-uri`	URI		Endpoint to use to validate JWT. Either use this or set #signJwk(JwkKeys) or #signJwk(Resource).
`issuer`	string		Issuer of issued tokens.
`oidc-metadata-well-known`	boolean	`true`	If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).
`oidc-metadata.resource`	Resource		Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
`scope-audience`	string		Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.
`server-type`	string	`@default`	Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used.
`sign-jwk.resource`	Resource		A resource pointing to JWK with public keys of signing certificates used to validate JWT.
`token-endpoint-auth`	ClientAuthentication (CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, CLIENT_SECRET_JWT, PRIVATE_KEY_JWT, NONE)	`CLIENT_SECRET_BASIC`	Type of authentication to use when invoking the token endpoint. With CLIENT_SECRET_BASIC, credentials are sent only to POST requests on the resolved token endpoint scheme, host, port, path, and query and, when JWT introspection is used, to POST requests on the resolved introspection endpoint scheme, host, port, path, and query. Current supported options: io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#CLIENT_SECRET_BASIC io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#CLIENT_SECRET_POST io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#NONE
`token-endpoint-uri`	URI		URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined an attempt is made to use #identityUri(URI)/oauth2/v1/token.
`validate-jwt-with-jwk`	boolean	`true`	Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.