Package io.quarkus.oidc.common.runtime

Class OidcCommonConfig.Credentials.Jwt

java.lang.Object
io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Jwt
Enclosing class:
OidcCommonConfig.Credentials
public static class OidcCommonConfig.Credentials.Jwt extends Object
Supports the client authentication `client_secret_jwt` and `private_key_jwt` methods, which involves sending a JWT token assertion signed with a client secret or private key. JWT Bearer client authentication is also supported.
See Also:

  • Field Details

    • source

      @ConfigItem(defaultValue="client") public OidcCommonConfig.Credentials.Jwt.Source source
      JWT token source: OIDC provider client or an existing JWT bearer token.

    • secret

      @ConfigItem public Optional<String> secret
      If provided, indicates that JWT is signed using a secret key.

    • secretProvider

      @ConfigItem public OidcCommonConfig.Credentials.Provider secretProvider
      If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.

    • key

      @ConfigItem public Optional<String> key
      String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the signatureAlgorithm property to override the default key algorithm, `RS256`.

    • keyFile

      @ConfigItem public Optional<String> keyFile
      If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the signatureAlgorithm property to override the default key algorithm, `RS256`.

    • keyStoreFile

      @ConfigItem public Optional<String> keyStoreFile
      If provided, indicates that JWT is signed using a private key from a keystore.

    • keyStorePassword

      @ConfigItem public Optional<String> keyStorePassword
      A parameter to specify the password of the keystore file.

    • keyId

      @ConfigItem public Optional<String> keyId
      The private key id or alias.

    • keyPassword

      @ConfigItem public Optional<String> keyPassword
      The private key password.

    • audience

      @ConfigItem public Optional<String> audience
      The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.

    • tokenKeyId

      @ConfigItem public Optional<String> tokenKeyId
      The key identifier of the signing key added as a JWT `kid` header.

    • issuer

      @ConfigItem public Optional<String> issuer
      The issuer of the signing key added as a JWT `iss` claim. The default value is the client id.

    • subject

      @ConfigItem public Optional<String> subject
      Subject of the signing key added as a JWT `sub` claim The default value is the client id.

    • claims

      @ConfigItem @ConfigDocMapKey("claim-name") public Map<String,String> claims
      Additional claims.

    • signatureAlgorithm

      @ConfigItem public Optional<String> signatureAlgorithm
      The signature algorithm used for the keyFile property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`.

    • lifespan

      @ConfigItem(defaultValue="10") public int lifespan
      The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time.

    • assertion

      @ConfigItem(defaultValue="false") public boolean assertion
      If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension.

  • Constructor Details

    • Jwt

      public Jwt()

  • Method Details