io.helidon.security.providers.oidc.common.OidcConfig
Description
Open ID Connect configuration
Configuration options
| Key | Type | Default | Description |
|---|---|---|---|
access- | Boolean | true | Whether to check if current IP address matches the one access token was issued for |
audience | String | Audience of issued tokens | |
authorization- | URI | URI of an authorization endpoint used to redirect users to for logging-in | |
base- | String | openid | Configure base scopes |
check- | Boolean | true | Configure audience claim check |
client- | Client | Set the configuration related to the client credentials flow | |
client- | String | Client ID as generated by OIDC server | |
client- | String | Client secret as generated by OIDC server | |
client- | Duration | 30000 | Timeout of calls using web client |
cookie- | String | Domain the cookie is valid for | |
cookie- | Boolean | false | Whether to encrypt token cookie created by this microservice |
cookie- | Boolean | true | Whether to encrypt id token cookie created by this microservice |
cookie- | String | Name of the encryption configuration available through Security# and Security# | |
cookie- | List< | Master password for encryption/decryption of cookies | |
cookie- | Boolean | true | Whether to encrypt refresh token cookie created by this microservice |
cookie- | Boolean | true | Whether to encrypt state cookie created by this microservice |
cookie- | Boolean | true | Whether to encrypt tenant name cookie created by this microservice |
cookie- | Boolean | true | When using cookie, if set to true, the HttpOnly attribute will be configured |
cookie- | Long | When using cookie, used to set MaxAge attribute of the cookie, defining how long the cookie is valid | |
cookie- | String | JSESSIONID | Name of the cookie to use |
cookie- | String | JSESSIONID_ | Name of the cookie to use for id token |
cookie- | String | JSESSIONID_ | The name of the cookie to use for the refresh token |
cookie- | String | JSESSIONID_ | The name of the cookie to use for the state storage |
cookie- | String | HELIDON_ | The name of the cookie to use for the tenant name |
cookie- | String | / | Path the cookie is valid for |
cookie- | Same | LAX | When using cookie, used to set the SameSite cookie value |
cookie- | Boolean | false | When using cookie, if set to true, the Secure attribute will be configured |
cookie- | Boolean | true | Whether to use cookie to store JWT between requests |
cors | Cross | Assign cross-origin resource sharing settings | |
decryption- | Configuration for decryption-keys | ||
force- | Boolean | false | Force HTTPS for redirects to identity provider |
frontend- | String | Full URI of this application that is visible from user browser | |
header- | Token | A Token to process header containing a JWT | |
header- | Boolean | true | Whether to expect JWT in a header field |
id- | Boolean | true | Whether id token signature check should be enabled |
identity- | URI | URI of the identity server, base used to retrieve OIDC metadata | |
introspect- | URI | Endpoint to use to validate JWT | |
issuer | String | Issuer of issued tokens | |
max- | Integer | 5 | Configure maximal number of redirects when redirecting to an OIDC provider within a single authentication attempt |
oidc- | Configuration for oidc-metadata | ||
oidc- | Boolean | true | If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource |
optional- | Boolean | false | Allow audience claim to be optional |
outbound- | Oidc | USER_ | Type of the OIDC outbound |
pkce- | Pkce | S256 | Proof Key Code Exchange (PKCE) challenge creation method |
pkce- | Boolean | false | Whether this provider should support PKCE |
proxy- | Integer | 80 | Proxy port |
query- | String | id_ | Name of a query parameter that contains the JWT id token when parameter is used |
query- | String | access | Name of a query parameter that contains the JWT access token when parameter is used |
query- | String | h_ | Name of a query parameter that contains the tenant name when the parameter is used |
query- | Boolean | false | Whether to use a query parameter to send JWT token from application to this server |
redirect | Boolean | false | By default, the client should redirect to the identity server for the user to log in |
redirect- | String | h_ | Configure the parameter used to store the number of attempts in redirect |
redirect- | String | /oidc/ | URI to register web server component on, used by the OIDC server to redirect authorization requests to after a user logs in or approves scopes |
scope- | String | Audience of the scope required by this application | |
server- | String | @default | Configure one of the supported types of identity servers |
sign- | Configuration for sign-jwk | ||
tenants | Tenant | Configurations of the tenants | |
token- | Client | CLIENT_ | Type of authentication to use when invoking the token endpoint |
token- | URI | URI of a token endpoint used to obtain a JWT based on the authentication code | |
token- | Boolean | true | Whether access token signature check should be enabled |
validate- | Boolean | true | Use JWK (a set of keys to validate signatures of JWT) to validate tokens |
webclient | Web | WebClient configuration used for outbound requests to the identity server. This configuration sets the values to the OIDC WebClient default configuration |
Deprecated Options
| Key | Type | Default | Description |
|---|---|---|---|
proxy- | String | Proxy host to use | |
proxy- | String | http | Proxy protocol to use when proxy is used |
relative- | Boolean | false | Can be set to true to force the use of relative URIs in all requests, regardless of the presence or absence of proxies or no-proxy lists |
Dependent Types
Usages
security.providers. idcs- role- mapper. oidc- config server.features. security. security. providers. idcs- role- mapper. oidc- config
See the manifest for all available types.