• Home
• io.helidon
• helidon-docs
• 4.0.11
• source code
• io_helidon_security_providers_oidc_common_TenantConfig.adoc

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

config.io_helidon_security_providers_oidc_common_TenantConfig.adoc Maven / Gradle / Ivy

///////////////////////////////////////////////////////////////////////////////

    Copyright (c) 2023 Oracle and/or its affiliates.

    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at

        http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.

///////////////////////////////////////////////////////////////////////////////

ifndef::rootdir[:rootdir: {docdir}/..]
:description: Configuration of io.helidon.security.providers.oidc.common.TenantConfig
:keywords: helidon, config, io.helidon.security.providers.oidc.common.TenantConfig
:basic-table-intro: The table below lists the configuration keys that configure io.helidon.security.providers.oidc.common.TenantConfig
include::{rootdir}/includes/attributes.adoc[]

= TenantConfig (security.providers.oidc.common) Configuration

// tag::config[]

Open ID Connect tenant configuration


Type: link:{javadoc-base-url}/io.helidon.security.providers.oidc.common/io/helidon/security/providers/oidc/common/TenantConfig.html[io.helidon.security.providers.oidc.common.TenantConfig]




== Configuration options

.Required configuration options
[cols="3,3a,2,5a"]
|===
|key |type |default value |description

|`name` |string |{nbsp} |Name of the tenant.

|===



.Optional configuration options
[cols="3,3a,2,5a"]

|===
|key |type |default value |description

|`audience` |string |{nbsp} |Audience of issued tokens.
|`authorization-endpoint-uri` |URI |{nbsp} |URI of an authorization endpoint used to redirect users to for logging-in.

 If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined
 an attempt is made to use #identityUri(URI)/oauth2/v1/authorize.
|`base-scopes` |string |`openid` |Configure base scopes.
 By default, this is `DEFAULT_BASE_SCOPES`.
 If scope has a qualifier, it must be used here.
|`check-audience` |boolean |`false` |Configure audience claim check.
|`client-id` |string |{nbsp} |Client ID as generated by OIDC server.
|`client-secret` |string |{nbsp} |Client secret as generated by OIDC server.
 Used to authenticate this application with the server when requesting
 JWT based on a code.
|`client-timeout-millis` |Duration |`30000` |Timeout of calls using web client.
|`identity-uri` |URI |{nbsp} |URI of the identity server, base used to retrieve OIDC metadata.
|`introspect-endpoint-uri` |URI |{nbsp} |Endpoint to use to validate JWT.
 Either use this or set #signJwk(JwkKeys) or #signJwk(Resource).
|`issuer` |string |{nbsp} |Issuer of issued tokens.
|`oidc-metadata-well-known` |boolean |`true` |If set to true, metadata will be loaded from default (well known)
 location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded
 even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g.
 token-endpoint-uri).
|`oidc-metadata.resource` |xref:{rootdir}/config/io_helidon_common_configurable_Resource.adoc[Resource] |{nbsp} |Resource configuration for OIDC Metadata
 containing endpoints to various identity services, as well as information about the identity server.
|`optional-audience` |boolean |`false` |Allow audience claim to be optional.
|`scope-audience` |string |{nbsp} |Audience of the scope required by this application. This is prefixed to
 the scope name when requesting scopes from the identity server.
 Defaults to empty string.
|`server-type` |string |`@default` |Configure one of the supported types of identity servers.

 If the type does not have an explicit mapping, a warning is logged and the default implementation is used.
|`sign-jwk.resource` |xref:{rootdir}/config/io_helidon_common_configurable_Resource.adoc[Resource] |{nbsp} |A resource pointing to JWK with public keys of signing certificates used
 to validate JWT.
|`token-endpoint-auth` |ClientAuthentication (CLIENT_SECRET_BASIC, CLIENT_SECRET_POST, CLIENT_SECRET_JWT, PRIVATE_KEY_JWT, NONE) |`CLIENT_SECRET_BASIC` |Type of authentication to use when invoking the token endpoint.
 Current supported options:

- io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#CLIENT_SECRET_BASIC
- io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#CLIENT_SECRET_POST
- io.helidon.security.providers.oidc.common.OidcConfig.ClientAuthentication#NONE


|`token-endpoint-uri` |URI |{nbsp} |URI of a token endpoint used to obtain a JWT based on the authentication
 code.
 If not defined, it is obtained from #oidcMetadata(Resource), if that is not defined
 an attempt is made to use #identityUri(URI)/oauth2/v1/token.
|`validate-jwt-with-jwk` |boolean |`true` |Use JWK (a set of keys to validate signatures of JWT) to validate tokens.
 Use this method when you want to use default values for JWK or introspection endpoint URI.

|===

// end::config[]