Description
Open ID Connect tenant configuration.
Usages
Configuration options
| Key | Kind | Type | Default Value | Description |
|---|---|---|---|---|
audience | VALUE | String | Audience of issued tokens | |
authorization-endpoint-uri | VALUE | URI | URI of an authorization endpoint used to redirect users to for logging-in | |
base-scopes | VALUE | String | openid | Configure base scopes |
check-audience | VALUE | Boolean | true | Configure audience claim check |
client-id | VALUE | String | Client ID as generated by OIDC server | |
client-secret | VALUE | String | Client secret as generated by OIDC server | |
client-timeout-millis | VALUE | Duration | 30000 | Timeout of calls using web client |
decryption-keys.resource | VALUE | i.h.c.c.Resource | A resource pointing to JWK with private keys used for JWE content key decryption | |
identity-uri | VALUE | URI | URI of the identity server, base used to retrieve OIDC metadata | |
introspect-endpoint-uri | VALUE | URI | Endpoint to use to validate JWT | |
issuer | VALUE | String | Issuer of issued tokens | |
name | VALUE | String | Name of the tenant | |
oidc-metadata-well-known | VALUE | Boolean | true | If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource |
oidc-metadata.resource | VALUE | i.h.c.c.Resource | Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server | |
optional-audience | VALUE | Boolean | false | Allow audience claim to be optional |
scope-audience | VALUE | String | Audience of the scope required by this application | |
server-type | VALUE | String | @default | Configure one of the supported types of identity servers |
sign-jwk.resource | VALUE | i.h.c.c.Resource | A resource pointing to JWK with public keys of signing certificates used to validate JWT | |
token-endpoint-auth | VALUE | i.h.s.p.o.c.O.ClientAuthentication | CLIENT_SECRET_BASIC | Type of authentication to use when invoking the token endpoint |
token-endpoint-uri | VALUE | URI | URI of a token endpoint used to obtain a JWT based on the authentication code | |
validate-jwt-with-jwk | VALUE | Boolean | true | Use JWK (a set of keys to validate signatures of JWT) to validate tokens |
See the manifest for all available types.