Description
JWT authentication provider.
Usages
Configuration options
| Key | Kind | Type | Default Value | Description |
|---|---|---|---|---|
allow-impersonation | VALUE | Boolean | false | Whether to allow impersonation by explicitly overriding username from outbound requests using io.helidon.security.EndpointConfig#PROPERTY_OUTBOUND_ID property |
allow-unsigned | VALUE | Boolean | false | Configure support for unsigned JWT |
atn-token.handler | VALUE | i.h.s.u.TokenHandler | Token handler to extract username from request | |
atn-token.jwk.resource | VALUE | i.h.c.c.Resource | JWK resource used to verify JWTs created by other parties | |
atn-token.jwt-audience | VALUE | String | Audience expected in inbound JWTs | |
atn-token.jwt-issuer | VALUE | String | Issuer expected in inbound JWTs | |
atn-token.verify-signature | VALUE | Boolean | true | Configure whether to verify signatures |
authenticate | VALUE | Boolean | true | Whether to authenticate requests |
optional | VALUE | Boolean | false | Whether authentication is required |
principal-type | VALUE | i.h.s.SubjectType | USER | Principal type this provider extracts (and also propagates) |
propagate | VALUE | Boolean | true | Whether to propagate identity |
sign-token | VALUE | i.h.s.p.c.OutboundConfig | Configuration of outbound rules | |
sign-token.jwk.resource | VALUE | i.h.c.c.Resource | JWK resource used to sign JWTs created by us | |
sign-token.jwt-issuer | VALUE | String | Issuer used to create new JWTs | |
use-jwt-groups | VALUE | Boolean | true | Claim groups from JWT will be used to automatically add groups to current subject (may be used with jakarta.annotation.security.RolesAllowed annotation) |
See the manifest for all available types.