- TenantConfig (security.providers.oidc.common) Configuration
Open ID Connect tenant configuration
Type: io.helidon.security.providers.oidc.common.TenantConfig
Configuration options
| key | type | default value | description |
|---|---|---|---|
name | string | Name of the tenant. |
| key | type | default value | description |
|---|---|---|---|
audience | string | Audience of issued tokens. | |
authorization-endpoint-uri | URI | URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined an attempt is made to use #identityUri(URI)/oauth2/v1/authorize. | |
base-scopes | string | openid | Configure base scopes. By default, this is |
client-id | string | Client ID as generated by OIDC server. | |
client-secret | string | Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code. | |
client-timeout-millis | Duration | 30000 | Timeout of calls using web client. |
identity-uri | URI | URI of the identity server, base used to retrieve OIDC metadata. | |
introspect-endpoint-uri | URI | Endpoint to use to validate JWT. Either use this or set #signJwk(JwkKeys) or #signJwk(Resource). | |
issuer | string | Issuer of issued tokens. | |
oidc-metadata-well-known | boolean | true | If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri). |
oidc-metadata.resource | Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server. | ||
scope-audience | string | Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string. | |
server-type | string | @default | Configure one of the supported types of identity servers. If the type does not have an explicit mapping, a warning is logged and the default implementation is used. |
sign-jwk.resource | A resource pointing to JWK with public keys of signing certificates used to validate JWT. | ||
token-endpoint-auth | ClientAuthentication (CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, CLIENT_SECRET_JWT, PRIVATE_KEY_JWT, NONE) | CLIENT_SECRET_BASIC | Type of authentication to use when invoking the token endpoint. Current supported options:
|
token-endpoint-uri | URI | URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined an attempt is made to use #identityUri(URI)/oauth2/v1/token. | |
validate-jwt-with-jwk | boolean | true | Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI. |