config.client.yml Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of client Show documentation
Show all versions of client Show documentation
A client module that is used by API consumer to call an API or from an API calling another API.
# This is the configuration file for Http2Client.
---
# Settings for TLS
tls:
# if the server is using self-signed certificate, this need to be false. If true, you have to use CA signed certificate or load
# truststore that contains the self-signed certificate.
verifyHostname: ${client.verifyHostname:true}
# indicate of system load default cert.
loadDefaultTrustStore: ${client.loadDefaultTrustStore:true}
# trust store contains certificates that server needs. Enable if tls is used.
loadTrustStore: ${client.loadTrustStore:true}
# trust store location can be specified here or system properties javax.net.ssl.trustStore and password javax.net.ssl.trustStorePassword
trustStore: ${client.trustStore:client.truststore}
# trust store password
trustStorePass: ${client.trustStorePass:password}
# key store contains client key and it should be loaded if two-way ssl is used.
loadKeyStore: ${client.loadKeyStore:false}
# key store location
keyStore: ${client.keyStore:client.keystore}
# key store password
keyStorePass: ${client.keyStorePass:password}
# private key password
keyPass: ${client.keyPass:password}
# public issued CA cert password
defaultCertPassword: ${client.defaultCertPassword:changeit}
# TLS version. Default is TSLv1.2, and you can downgrade to TLSv1 to support some internal old servers that support only TLSv1.1(deprecated
# and risky). You can also upgrade to TSLv1.3 for maximum security if all your servers support it.
tlsVersion: ${client.tlsVersion:TLSv1.2}
# settings for OAuth2 server communication
oauth:
# OAuth 2.0 token endpoint configuration
# If there are multiple oauth providers per serviceId, then we need to update this flag to true. In order to derive the serviceId from the
# path prefix, we need to set up the pathPrefixServices below if there is no duplicated paths between services.
multipleAuthServers: ${client.multipleAuthServers:false}
token:
cache:
#capacity of caching TOKENs
capacity: ${client.tokenCacheCapacity:200}
# The scope token will be renewed automatically 1 minute before expiry
tokenRenewBeforeExpired: ${client.tokenRenewBeforeExpired:60000}
# if scope token is expired, we need short delay so that we can retry faster.
expiredRefreshRetryDelay: ${client.expiredRefreshRetryDelay:2000}
# if scope token is not expired but in renew window, we need slow retry delay.
earlyRefreshRetryDelay: ${client.earlyRefreshRetryDelay:4000}
# token server url. The default port number for token service is 6882. If this is set,
# it will take high priority than serviceId for the direct connection
server_url: ${client.tokenServerUrl:}
# token service unique id for OAuth 2.0 provider. If server_url is not set above,
# a service discovery action will be taken to find an instance of token service.
serviceId: ${client.tokenServiceId:com.networknt.oauth2-token-1.0.0}
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used.
proxyHost: ${client.tokenProxyHost:}
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then
# the default value 443 is going to be used for the HTTP connection.
proxyPort: ${client.tokenProxyPort:}
# set to true if the oauth2 provider supports HTTP/2
enableHttp2: ${client.tokenEnableHttp2:true}
# the following section defines uri and parameters for authorization code grant type
authorization_code:
# token endpoint for authorization code grant
uri: ${client.tokenAcUri:/oauth2/token}
# client_id for authorization code grant flow.
client_id: ${client.tokenAcClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client_secret for authorization code grant flow.
client_secret: ${client.tokenAcClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# the web server uri that will receive the redirected authorization code
redirect_uri: ${client.tokenAcRedirectUri:https://localhost:3000/authorization}
# optional scope, default scope in the client registration will be used if not defined.
# If there are scopes specified here, they will be verified against the registered scopes.
# In values.yml, you define a list of strings for the scope(s).
scope: ${client.tokenAcScope:}
# - petstore.r
# - petstore.w
# the following section defines uri and parameters for client credentials grant type
client_credentials:
# token endpoint for client credentials grant
uri: ${client.tokenCcUri:/oauth2/token}
# client_id for client credentials grant flow.
client_id: ${client.tokenCcClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client_secret for client credentials grant flow.
client_secret: ${client.tokenCcClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# optional scope, default scope in the client registration will be used if not defined.
# If there are scopes specified here, they will be verified against the registered scopes.
# In values.yml, you define a list of strings for the scope(s).
scope: ${client.tokenCcScope:}
# - petstore.r
# - petstore.w
# The serviceId to the service specific OAuth 2.0 configuration. Used only when multipleOAuthServer is
# set as true. For detailed config options, please see the values.yml in the client module test.
serviceIdAuthServers: ${client.tokenCcServiceIdAuthServers:}
refresh_token:
# token endpoint for refresh token grant
uri: ${client.tokenRtUri:/oauth2/token}
# client_id for refresh token grant flow.
client_id: ${client.tokenRtClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client_secret for refresh token grant flow
client_secret: ${client.tokenRtClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# optional scope, default scope in the client registration will be used if not defined.
# If there are scopes specified here, they will be verified against the registered scopes.
# In values.yml, you define a list of strings for the scope(s).
scope: ${client.tokenRtScope:}
# - petstore.r
# - petstore.w
# light-oauth2 key distribution endpoint configuration for token verification
key:
# key distribution server url for token verification. It will be used if it is configured.
# If it is not set, a service lookup will be taken with serviceId to find an instance.
server_url: ${client.tokenKeyServerUrl:}
# key serviceId for key distribution service, it will be used if above server_url is not configured.
serviceId: ${client.tokenKeyServiceId:com.networknt.oauth2-key-1.0.0}
# the path for the key distribution endpoint
uri: ${client.tokenKeyUri:/oauth2/key}
# client_id used to access key distribution service. It can be the same client_id with token service or not.
client_id: ${client.tokenKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client secret used to access the key distribution service.
client_secret: ${client.tokenKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# set to true if the oauth2 provider supports HTTP/2
enableHttp2: ${client.tokenKeyEnableHttp2:true}
# The serviceId to the service specific OAuth 2.0 configuration. Used only when multipleOAuthServer is
# set as true. For detailed config options, please see the values.yml in the client module test.
serviceIdAuthServers: ${client.tokenKeyServiceIdAuthServers:}
# sign endpoint configuration
sign:
# token server url. The default port number for token service is 6882. If this url exists, it will be used.
# if it is not set, then a service lookup against serviceId will be taken to discover an instance.
# server_url: ${client.signServerUrl:https://localhost:6882}
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used.
# proxyHost: ${client.signProxyHost:proxy.lightapi.net}
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then
# the default value 443 is going to be used for the HTTP connection.
# proxyPort: ${client.signProxyPort:3128}
# token serviceId. If server_url doesn't exist, the serviceId will be used to lookup the token service.
serviceId: ${client.signServiceId:com.networknt.oauth2-token-1.0.0}
# signing endpoint for the sign request
uri: ${client.signUri:/oauth2/token}
# timeout in milliseconds
timeout: ${client.signTimeout:2000}
# set to true if the oauth2 provider supports HTTP/2
enableHttp2: ${client.signEnableHttp2:true}
# client_id for client authentication
client_id: ${client.signClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client secret for client authentication and it can be encrypted here.
client_secret: ${client.signClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# the key distribution sever config for sign. It can be different then token key distribution server.
key:
# key distribution server url. It will be used to establish connection if it exists.
# if it is not set, then a service lookup against serviceId will be taken to discover an instance.
# server_url: ${client.signKeyServerUrl:https://localhost:6886}
# the unique service id for key distribution service, it will be used to lookup key service if above url doesn't exist.
serviceId: ${client.signKeyServiceId:com.networknt.oauth2-key-1.0.0}
# the path for the key distribution endpoint
uri: ${client.signKeyUri:/oauth2/key}
# client_id used to access key distribution service. It can be the same client_id with token service or not.
client_id: ${client.signKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client secret used to access the key distribution service.
client_secret: ${client.signKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# set to true if the oauth2 provider supports HTTP/2
enableHttp2: ${client.signKeyEnableHttp2:true}
# de-ref by reference token to JWT token. It is separate service as it might be the external OAuth 2.0 provider.
deref:
# Token service server url, this might be different than the above token server url. The static url will be used if it is configured.
# server_url: ${client.derefServerUrl:https://localhost:6882}
# For users who leverage SaaS OAuth 2.0 provider in the public cloud and has an internal
# proxy server to access code, token and key services of OAuth 2.0, set up the proxyHost
# here for the HTTPS traffic. This option is only working with server_url and serviceId
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy is used.
# proxyHost: ${client.derefProxyHost:proxy.lightapi.net}
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then
# the default value 443 is going to be used for the HTTP connection.
# proxyPort: ${client.derefProxyPort:3128}
# token service unique id for OAuth 2.0 provider. Need for service lookup/discovery. It will be used if above server_url is not configured.
serviceId: ${client.derefServiceId:com.networknt.oauth2-token-1.0.0}
# set to true if the oauth2 provider supports HTTP/2
enableHttp2: ${client.derefEnableHttp2:true}
# the path for the key distribution endpoint
uri: ${client.derefUri:/oauth2/deref}
# client_id used to access key distribution service. It can be the same client_id with token service or not.
client_id: ${client.derefClientId:f7d42348-c647-4efb-a52d-4c5787421e72}
# client_secret for deref
client_secret: ${client.derefClientSecret:f6h1FTI8Q3-7UScPZDzfXA}
# If you have multiple OAuth 2.0 providers and use path prefix to decide which OAuth 2.0 server
# to get the token or JWK. If two or more services have the same path, you must use serviceId in
# the request header to use the serviceId to find the OAuth 2.0 provider configuration.
pathPrefixServices: ${client.pathPrefixServices:}
# circuit breaker configuration for the client
request:
# number of timeouts/errors to break the circuit
errorThreshold: ${client.errorThreshold:2}
# timeout in millisecond to indicate a client error.
timeout: ${client.timeout:3000}
# reset the circuit after this timeout in millisecond
resetTimeout: ${client.resetTimeout:7000}
# if open tracing is enabled. traceability, correlation and metrics should not be in the chain if opentracing is used.
injectOpenTracing: ${client.injectOpenTracing:false}
# inject serviceId as callerId into the http header for metrics to collect the caller. The serviceId is from server.yml
injectCallerId: ${client.injectCallerId:false}
# the flag to indicate whether http/2 is enabled when calling client.callService()
enableHttp2: ${client.enableHttp2:true}
# the maximum host capacity of connection pool
connectionPoolSize: ${client.connectionPoolSize:1000}
# Connection expire time when connection pool is used. By default, the cached connection will be closed after 30 minutes.
# This is one way to force the connection to be closed so that the client-side discovery can be balanced.
connectionExpireTime: ${client.connectionExpireTime:1800000}
# The maximum request limitation for each connection in the connection pool. By default, a connection will be closed after
# sending 1 million requests. This is one way to force the client-side discovery to re-balance the connections.
maxReqPerConn: ${client.maxReqPerConn:1000000}
# maximum quantity of connection in connection pool for each host
maxConnectionNumPerHost: ${client.maxConnectionNumPerHost:1000}
# minimum quantity of connection in connection pool for each host. The corresponding connection number will shrink to minConnectionNumPerHost
# by remove least recently used connections when the connection number of a host reach 0.75 * maxConnectionNumPerHost.
minConnectionNumPerHost: ${client.minConnectionNumPerHost:250}