io.helidon.security.providers.oidc.common.TenantConfig

Description

Open ID Connect tenant configuration

Configuration options

Key	Type	Default	Description
audience	String		Audience of issued tokens
authorization-endpoint-uri	URI		URI of an authorization endpoint used to redirect users to for logging-in
base-scopes	String	openid	Configure base scopes
check-audience	Boolean	true	Configure audience claim check
client-id	String		Client ID as generated by OIDC server
client-secret	String		Client secret as generated by OIDC server
client-timeout-millis	Duration	30000	Timeout of calls using web client
decryption-keys			Configuration for decryption-keys
identity-uri	URI		URI of the identity server, base used to retrieve OIDC metadata
introspect-endpoint-uri	URI		Endpoint to use to validate JWT
issuer	String		Issuer of issued tokens
name	String		Name of the tenant
oidc-metadata			Configuration for oidc-metadata
oidc-metadata-well-known	Boolean	true	If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource
optional-audience	Boolean	false	Allow audience claim to be optional
scope-audience	String		Audience of the scope required by this application
server-type	String	@default	Configure one of the supported types of identity servers
sign-jwk			Configuration for sign-jwk
token-endpoint-auth	ClientAuthentication	CLIENT_SECRET_BASIC	Type of authentication to use when invoking the token endpoint
token-endpoint-uri	URI		URI of a token endpoint used to obtain a JWT based on the authentication code
validate-jwt-with-jwk	Boolean	true	Use JWK (a set of keys to validate signatures of JWT) to validate tokens

Usages

• security.providers.idcs-role-mapper.oidc-config.tenants
• security.providers.oidc.tenants
• server.features.security.security.providers.idcs-role-mapper.oidc-config.tenants
• server.features.security.security.providers.oidc.tenants

---

See the manifest for all available types.