• Home
• io.quarkus
• quarkus-oidc
• 2.13.8.Final
• source code
• OidcTenantConfig$Token.jdp

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.quarkus.oidc.OidcTenantConfig$Token.jdp Maven / Gradle / Ivy

#
#Thu May 25 10:16:12 CEST 2023
io.quarkus.oidc.OidcTenantConfig.Token.tokenType=Expected token type
io.quarkus.oidc.OidcTenantConfig.Token.issuer=Expected issuer 'iss' claim value.\nNote this property overrides the `issuer` property which may be set in OpenId Connect provider's well-known\nconfiguration.\nIf the `iss` claim value varies depending on the host/IP address or tenant id of the provider then you may skip the\nissuer verification by setting this property to 'any' but it should be done only when other options (such as\nconfiguring\nthe provider to use the fixed `iss` claim value) are not possible.
io.quarkus.oidc.OidcTenantConfig.Token.allowJwtIntrospection=Allow the remote introspection of JWT tokens when no matching JWK key is available.\n\nNote this property is set to 'true' by default for backward-compatibility reasons and will be set to `false`\ninstead in one of the next releases.\n\nAlso note this property will be ignored if JWK endpoint URI is not available and introspecting the tokens is\nthe only verification option.
io.quarkus.oidc.OidcTenantConfig.Token.requiredClaims=A map of required claims and their expected values.\nFor example, `quarkus.oidc.token.required-claims.org_id \= org_xyz` would require tokens to have the `org_id` claim to\nbe present and set to `org_xyz`.\nStrings are the only supported types. Use {@linkplain SecurityIdentityAugmentor} to verify claims of other types or\ncomplex claims.
io.quarkus.oidc.OidcTenantConfig.Token.forcedJwkRefreshInterval=Forced JWK set refresh interval in minutes.
io.quarkus.oidc.OidcTenantConfig.Token.audience=Expected audience 'aud' claim value which may be a string or an array of strings.
io.quarkus.oidc.OidcTenantConfig.Token.requireJwtIntrospectionOnly=Require that JWT tokens are only introspected remotely.
io.quarkus.oidc.OidcTenantConfig.Token.age=Token age.\n\nIt allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time.\nA small leeway to account for clock skew which can be configured with 'quarkus.oidc.token.lifespan-grace' to verify\nthe token expiry time\ncan also be used to verify the token age property.\n\nNote that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens\nmust have a valid ('exp') expiry claim value. The only exception where setting this property relaxes the requirement\nis when a logout token is sent with a back-channel logout request since the current\nOpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an 'exp' claim.\nHowever, even if the current logout token is allowed to have no 'exp' claim, the `exp` claim will be still verified\nif the logout token contains it.
io.quarkus.oidc.OidcTenantConfig.Token.principalClaim=Name of the claim which contains a principal name. By default, the 'upn', 'preferred_username' and `sub` claims are\nchecked.
io.quarkus.oidc.OidcTenantConfig.Token.refreshExpired=Refresh expired ID tokens.\nIf this property is enabled then a refresh token request will be performed if the ID token has expired\nand, if successful, the local session will be updated with the new set of tokens.\nOtherwise, the local session will be invalidated and the user redirected to the OpenID Provider to re-authenticate.\nIn this case the user may not be challenged again if the OIDC provider session is still active.\n\nFor this option be effective the `authentication.session-age-extension` property should also be set to a non-zero\nvalue since the refresh token is currently kept in the user session.\n\nThis option is valid only when the application is of type {@link ApplicationType\#WEB_APP}}.
io.quarkus.oidc.OidcTenantConfig.Token.refreshTokenTimeSkew=Refresh token time skew in seconds.\nIf this property is enabled then the configured number of seconds is added to the current time\nwhen checking whether the access token should be refreshed. If the sum is greater than this access token's\nexpiration time then a refresh is going to happen.\n\nThis property will be ignored if the 'refresh-expired' property is not enabled.
io.quarkus.oidc.OidcTenantConfig.Token.header=Custom HTTP header that contains a bearer token.\nThis option is valid only when the application is of type {@link ApplicationType\#SERVICE}}.
io.quarkus.oidc.OidcTenantConfig.Token.decryptionKeyLocation=Decryption key location.\nJWT tokens can be inner-signed and encrypted by OpenId Connect providers.\nHowever, it is not always possible to remotely introspect such tokens because\nthe providers may not control the private decryption keys.\nIn such cases set this property to point to the file containing the decryption private key in\nPEM or JSON Web Key (JWK) format.\nNote that if a 'private_key_jwt' client authentication method is used then the private key\nwhich is used to sign client authentication JWT tokens will be used to try to decrypt an encrypted ID token\nif this property is not set.
io.quarkus.oidc.OidcTenantConfig.Token.allowOpaqueTokenIntrospection=Allow the remote introspection of the opaque tokens.\n\nSet this property to 'false' if only JWT tokens are expected.
io.quarkus.oidc.OidcTenantConfig.Token.lifespanGrace=Life span grace period in seconds.\nWhen checking token expiry, current time is allowed to be later than token expiration time by at most the configured\nnumber of seconds.\nWhen checking token issuance, current time is allowed to be sooner than token issue time by at most the configured\nnumber of seconds.