io.helidon.security.providers.oidc.OidcProvider
Description
Open ID Connect security provider
Configuration options
| Key | Type | Default | Description |
|---|---|---|---|
force-https-redirects | Boolean | false | Force HTTPS for redirects to identity provider |
cors | CrossOriginConfig | Assign cross-origin resource sharing settings | |
cookie-encryption-refresh-enabled | Boolean | true | Whether to encrypt refresh token cookie created by this microservice |
query-id-token-param-name | String | id_token | Name of a query parameter that contains the JWT id token when parameter is used |
header-use | Boolean | true | Whether to expect JWT in a header field |
header-token | TokenHandler | A TokenHandler to process header containing a JWT | |
cookie-name-state | String | JSESSIONID_3 | The name of the cookie to use for the state storage |
outbound | List<OutboundTarget> | Add a new target configuration | |
propagate | Boolean | false | Whether to propagate identity |
client-credentials-config | ClientCredentialsConfig | Set the configuration related to the client credentials flow | |
cookie-name-refresh-token | String | JSESSIONID_3 | The name of the cookie to use for the refresh token |
query-param-tenant-name | String | h_tenant | Name of a query parameter that contains the tenant name when the parameter is used |
query-param-name | String | accessToken | Name of a query parameter that contains the JWT access token when parameter is used |
pkce-challenge-method | PkceChallengeMethod | S256 | Proof Key Code Exchange (PKCE) challenge creation method |
optional | Boolean | false | Whether authentication is required |
cookie-domain | String | Domain the cookie is valid for | |
frontend-uri | String | Full URI of this application that is visible from user browser | |
cookie-same-site | SameSite | LAX | When using cookie, used to set the SameSite cookie value |
cookie-encryption-id-enabled | Boolean | true | Whether to encrypt id token cookie created by this microservice |
webclient | WebClient | WebClient configuration used for outbound requests to the identity server. This configuration sets the values to the OIDC WebClient default configuration | |
cookie-http-only | Boolean | true | When using cookie, if set to true, the HttpOnly attribute will be configured |
cookie-encryption-enabled | Boolean | false | Whether to encrypt token cookie created by this microservice |
pkce-enabled | Boolean | false | Whether this provider should support PKCE |
proxy-port | Integer | 80 | Proxy port |
cookie-encryption-tenant-enabled | Boolean | true | Whether to encrypt tenant name cookie created by this microservice |
use-jwt-groups | Boolean | true | Claim groups from JWT will be used to automatically add groups to current subject (may be used with jakarta.annotation.security.RolesAllowed annotation) |
token-signature-validation | Boolean | true | Whether access token signature check should be enabled |
cookie-name | String | JSESSIONID | Name of the cookie to use |
cookie-use | Boolean | true | Whether to use cookie to store JWT between requests |
outbound-type | OidcOutboundType | USER_JWT | Type of the OIDC outbound |
redirect | Boolean | false | By default, the client should redirect to the identity server for the user to log in |
redirect-uri | String | /oidc/redirect | URI to register web server component on, used by the OIDC server to redirect authorization requests to after a user logs in or approves scopes |
cookie-name-id-token | String | JSESSIONID_2 | Name of the cookie to use for id token |
tenants | TenantConfig | Configurations of the tenants | |
cookie-max-age-seconds | Long | When using cookie, used to set MaxAge attribute of the cookie, defining how long the cookie is valid | |
cookie-encryption-password | List<String> | Master password for encryption/decryption of cookies | |
cookie-encryption-state-enabled | Boolean | true | Whether to encrypt state cookie created by this microservice |
cookie-path | String | / | Path the cookie is valid for |
query-param-use | Boolean | false | Whether to use a query parameter to send JWT token from application to this server |
cookie-name-tenant | String | HELIDON_TENANT | The name of the cookie to use for the tenant name |
cookie-secure | Boolean | false | When using cookie, if set to true, the Secure attribute will be configured |
cookie-encryption-name | String | Name of the encryption configuration available through Security#encrypt(String, byte[]) and Security#decrypt(String, String) | |
id-token-signature-validation | Boolean | true | Whether id token signature check should be enabled |
max-redirects | Integer | 5 | Configure maximal number of redirects when redirecting to an OIDC provider within a single authentication attempt |
access-token-ip-check | Boolean | true | Whether to check if current IP address matches the one access token was issued for |
redirect-attempt-param | String | h_ra | Configure the parameter used to store the number of attempts in redirect |
Deprecated Options
| Key | Type | Default | Description |
|---|---|---|---|
relative-uris | Boolean | false | Can be set to true to force the use of relative URIs in all requests, regardless of the presence or absence of proxies or no-proxy lists |
proxy-host | String | Proxy host to use | |
proxy-protocol | String | http | Proxy protocol to use when proxy is used |
Usages
See the manifest for all available types.