OidcTenantConfig.Authentication (Quarkus - OpenID Connect Adapter

java.lang.Object
- io.quarkus.oidc.OidcTenantConfig.Authentication

Enclosing class:

OidcTenantConfig
```
public static class OidcTenantConfig.Authentication
extends Object
```
Defines the authorization request properties when authenticating users using the Authorization Code Grant Type.

Field Summary

Fields
Modifier and Type	Field and Description
`Optional<String>`	`cookieDomain` Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.
`Optional<String>`	`cookiePath` Cookie path parameter value which, if set, will be used for the session, state and post logout cookies.
`Map<String,String>`	`extraParams` Additional properties which will be added as the query parameters to the authentication redirect URI.
`boolean`	`forceRedirectHttpsScheme` Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy.
`boolean`	`javaScriptAutoRedirect` If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single Page Applications since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS.
`Optional<String>`	`redirectPath` Relative path for calculating a "redirect_uri" query parameter.
`boolean`	`removeRedirectParameters` Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.
`boolean`	`restorePathAfterRedirect` If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application.
`Optional<List<String>>`	`scopes` List of scopes
`Duration`	`sessionAgeExtension` Session age extension in minutes.
`boolean`	`userInfoRequired` If this property is set to 'true' then an OIDC UserInfo endpoint will be called
`boolean`	`verifyAccessToken` Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow.
`boolean`	`xhrAutoRedirect` Deprecated.

Constructor Summary

Constructors
Constructor and Description

Authentication()

Constructors
Constructor and Description
`Authentication()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`Optional<String>`	`getCookieDomain()`
`Optional<String>`	`getCookiePath()`
`Map<String,String>`	`getExtraParams()`
`Optional<String>`	`getRedirectPath()`
`Optional<List<String>>`	`getScopes()`
`Duration`	`getSessionAgeExtension()`
`boolean`	`isForceRedirectHttpsScheme()`
`boolean`	`isJavaScriptAutoRedirect()`
`boolean`	`isRemoveRedirectParameters()`
`boolean`	`isRestorePathAfterRedirect()`
`boolean`	`isUserInfoRequired()`
`boolean`	`isVerifyAccessToken()`
`boolean`	`isXhrAutoRedirect()`
`void`	`setCookieDomain(String cookieDomain)`
`void`	`setCookiePath(String cookiePath)`
`void`	`setExtraParams(Map<String,String> extraParams)`
`void`	`setForceRedirectHttpsScheme(boolean forceRedirectHttpsScheme)`
`void`	`setJavaScriptAutoredirect(boolean autoRedirect)`
`void`	`setRedirectPath(String redirectPath)`
`void`	`setRemoveRedirectParameters(boolean removeRedirectParameters)`
`void`	`setRestorePathAfterRedirect(boolean restorePathAfterRedirect)`
`void`	`setScopes(Optional<List<String>> scopes)`
`void`	`setSessionAgeExtension(Duration sessionAgeExtension)`
`void`	`setUserInfoRequired(boolean userInfoRequired)`
`void`	`setVerifyAccessToken(boolean verifyAccessToken)`
`void`	`setXhrAutoredirect(boolean autoRedirect)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - redirectPath
```
@ConfigItem
public Optional<String> redirectPath
```
    Relative path for calculating a "redirect_uri" query parameter. It has to start from a forward slash and will be appended to the request URI's host and port. For example, if the current request URI is 'https://localhost:8080/service' then a 'redirect_uri' parameter will be set to 'https://localhost:8080/' if this property is set to '/' and be the same as the request URI if this property has not been configured. Note the original request URI will be restored after the user has authenticated.
  - restorePathAfterRedirect
```
@ConfigItem(defaultValue="true")
public boolean restorePathAfterRedirect
```
    If this property is set to 'true' then the original request URI which was used before the authentication will be restored after the user has been redirected back to the application.
  - removeRedirectParameters
```
@ConfigItem(defaultValue="true")
public boolean removeRedirectParameters
```
    Remove the query parameters such as 'code' and 'state' set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters.
  - verifyAccessToken
```
@ConfigItem(defaultValue="false")
public boolean verifyAccessToken
```
    Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. Access token is not verified by default since it is meant to be propagated to the downstream services. The verification of the access token should be enabled if it is injected as a JWT token. Access tokens obtained as part of the code flow will always be verified if `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision will be based on the roles extracted from the access token. Bearer access tokens are always verified.
  - forceRedirectHttpsScheme
```
@ConfigItem(defaultValue="false")
public boolean forceRedirectHttpsScheme
```
    Force 'https' as the 'redirect_uri' parameter scheme when running behind an SSL terminating reverse proxy. This property, if enabled, will also affect the logout `post_logout_redirect_uri` and the local redirect requests.
  - scopes
```
@ConfigItem
public Optional<List<String>> scopes
```
    List of scopes
  - extraParams
```
@ConfigItem
public Map<String,String> extraParams
```
    Additional properties which will be added as the query parameters to the authentication redirect URI.
  - cookiePath
```
@ConfigItem
public Optional<String> cookiePath
```
    Cookie path parameter value which, if set, will be used for the session, state and post logout cookies. It may need to be set when the redirect path has a root different to that of the original request URL.
  - cookieDomain
```
@ConfigItem
public Optional<String> cookieDomain
```
    Cookie domain parameter value which, if set, will be used for the session, state and post logout cookies.
  - userInfoRequired
```
@ConfigItem(defaultValue="false")
public boolean userInfoRequired
```
    If this property is set to 'true' then an OIDC UserInfo endpoint will be called
  - sessionAgeExtension
```
@ConfigItem(defaultValue="5M")
public Duration sessionAgeExtension
```
    Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user will be redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a non-zero value then the expired ID token can be refreshed before the session has expired. This property will be ignored if the `token.refresh-expired` property has not been enabled.
  - xhrAutoRedirect
```
@Deprecated
 @ConfigItem(defaultValue="true")
public boolean xhrAutoRedirect
```
    Deprecated.
    
    If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via XMLHttpRequest and the current user needs to be (re)authenticated which may not be desirable for Single Page Applications since XMLHttpRequest automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS. If this property is set to `false` then a status code of '499' will be returned to allow the client to handle the redirect manually This property is deprecated. Please use a 'javaScriptAutoRedirect' property instead.
  - javaScriptAutoRedirect
```
@ConfigItem(defaultValue="true")
public boolean javaScriptAutoRedirect
```
    If this property is set to 'true' then a normal 302 redirect response will be returned if the request was initiated via JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated which may not be desirable for Single Page Applications since it automatically following the redirect may not work given that OIDC authorization endpoints typically do not support CORS. If this property is set to `false` then a status code of '499' will be returned to allow the client to handle the redirect manually
- Constructor Detail
  - Authentication
```
public Authentication()
```
- Method Detail
  - isXhrAutoRedirect
```
public boolean isXhrAutoRedirect()
```
  - setXhrAutoredirect
```
public void setXhrAutoredirect(boolean autoRedirect)
```
  - isJavaScriptAutoRedirect
```
public boolean isJavaScriptAutoRedirect()
```
  - setJavaScriptAutoredirect
```
public void setJavaScriptAutoredirect(boolean autoRedirect)
```
  - getRedirectPath
```
public Optional<String> getRedirectPath()
```
  - setRedirectPath
```
public void setRedirectPath(String redirectPath)
```
  - getScopes
```
public Optional<List<String>> getScopes()
```
  - setScopes
```
public void setScopes(Optional<List<String>> scopes)
```
  - getExtraParams
```
public Map<String,String> getExtraParams()
```
  - setExtraParams
```
public void setExtraParams(Map<String,String> extraParams)
```
  - isForceRedirectHttpsScheme
```
public boolean isForceRedirectHttpsScheme()
```
  - setForceRedirectHttpsScheme
```
public void setForceRedirectHttpsScheme(boolean forceRedirectHttpsScheme)
```
  - isRestorePathAfterRedirect
```
public boolean isRestorePathAfterRedirect()
```
  - setRestorePathAfterRedirect
```
public void setRestorePathAfterRedirect(boolean restorePathAfterRedirect)
```
  - getCookiePath
```
public Optional<String> getCookiePath()
```
  - setCookiePath
```
public void setCookiePath(String cookiePath)
```
  - getCookieDomain
```
public Optional<String> getCookieDomain()
```
  - setCookieDomain
```
public void setCookieDomain(String cookieDomain)
```
  - isUserInfoRequired
```
public boolean isUserInfoRequired()
```
  - setUserInfoRequired
```
public void setUserInfoRequired(boolean userInfoRequired)
```
  - isRemoveRedirectParameters
```
public boolean isRemoveRedirectParameters()
```
  - setRemoveRedirectParameters
```
public void setRemoveRedirectParameters(boolean removeRedirectParameters)
```
  - isVerifyAccessToken
```
public boolean isVerifyAccessToken()
```
  - setVerifyAccessToken
```
public void setVerifyAccessToken(boolean verifyAccessToken)
```
  - getSessionAgeExtension
```
public Duration getSessionAgeExtension()
```
  - setSessionAgeExtension
```
public void setSessionAgeExtension(Duration sessionAgeExtension)
```

Class OidcTenantConfig.Authentication

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

redirectPath

restorePathAfterRedirect

removeRedirectParameters

verifyAccessToken

forceRedirectHttpsScheme

scopes

extraParams

cookiePath

cookieDomain

userInfoRequired

sessionAgeExtension

xhrAutoRedirect

javaScriptAutoRedirect

Constructor Detail

Authentication

Method Detail

isXhrAutoRedirect

setXhrAutoredirect

isJavaScriptAutoRedirect

setJavaScriptAutoredirect

getRedirectPath

setRedirectPath

getScopes

setScopes

getExtraParams

setExtraParams

isForceRedirectHttpsScheme

setForceRedirectHttpsScheme

isRestorePathAfterRedirect

setRestorePathAfterRedirect

getCookiePath

setCookiePath

getCookieDomain

setCookieDomain

isUserInfoRequired

setUserInfoRequired

isRemoveRedirectParameters

setRemoveRedirectParameters

isVerifyAccessToken

setVerifyAccessToken

getSessionAgeExtension

setSessionAgeExtension