Package io.quarkus.oidc

Class OidcTenantConfig

java.lang.Object

io.quarkus.oidc.common.runtime.OidcCommonConfig

io.quarkus.oidc.common.runtime.OidcClientCommonConfig

io.quarkus.oidc.OidcTenantConfig

All Implemented Interfaces:

OidcClientCommonConfig, OidcCommonConfig, OidcTenantConfig

public class OidcTenantConfig
extends OidcClientCommonConfig
implements OidcTenantConfig

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	OidcTenantConfig.ApplicationType
static class	OidcTenantConfig.Authentication	Deprecated. use the AuthenticationConfigBuilder builder
static class	OidcTenantConfig.Backchannel	Deprecated. use the OidcTenantConfigBuilder.BackchannelBuilder builder
static class	OidcTenantConfig.Binding	Deprecated. use the TokenConfigBuilder.BindingConfigBuilder builder
static class	OidcTenantConfig.CertificateChain	Deprecated. use the OidcTenantConfigBuilder.CertificateChainBuilder builder
static class	OidcTenantConfig.CodeGrant	Deprecated. use the OidcTenantConfigBuilder.CodeGrantBuilder builder
static class	OidcTenantConfig.Frontchannel	Deprecated. use the LogoutConfigBuilder builder
static class	OidcTenantConfig.IntrospectionCredentials	Deprecated. use the OidcTenantConfigBuilder.IntrospectionCredentialsBuilder
static class	OidcTenantConfig.Jwks	Deprecated. use the OidcTenantConfigBuilder.JwksBuilder builder
static class	OidcTenantConfig.Logout	Deprecated. use the LogoutConfigBuilder builder
static enum	OidcTenantConfig.Provider
static class	OidcTenantConfig.Roles	Deprecated. use the OidcTenantConfigBuilder.RolesBuilder builder
static enum	OidcTenantConfig.SignatureAlgorithm	Supported asymmetric signature algorithms
static class	OidcTenantConfig.Token	Deprecated. use the TokenConfigBuilder builder
static class	OidcTenantConfig.TokenStateManager	Deprecated. use the OidcTenantConfigBuilder.TokenStateManagerBuilder builder

Nested classes/interfaces inherited from class io.quarkus.oidc.common.runtime.OidcClientCommonConfig

OidcClientCommonConfig.Credentials

Nested classes/interfaces inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig

OidcCommonConfig.Proxy, OidcCommonConfig.Tls

Nested classes/interfaces inherited from interface io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig

OidcClientCommonConfig.Credentials

Nested classes/interfaces inherited from interface io.quarkus.oidc.common.runtime.config.OidcCommonConfig

OidcCommonConfig.Proxy, OidcCommonConfig.Tls

Field Summary

Fields

Modifier and Type	Field	Description
boolean	allowTokenIntrospectionCache	Deprecated. use the allowTokenIntrospectionCache() method
boolean	allowUserInfoCache	Deprecated. use the allowUserInfoCache() method
Optional<OidcTenantConfig.ApplicationType>	applicationType	Deprecated. use applicationType() method instead
OidcTenantConfig.Authentication	authentication	Deprecated. use the authentication() method
Optional<String>	authorizationPath	Deprecated. use authorizationPath() method instead
Optional<Boolean>	cacheUserInfoInIdtoken	Deprecated. use the cacheUserInfoInIdtoken() method
OidcTenantConfig.CertificateChain	certificateChain	Deprecated. use certificateChain() method instead
OidcTenantConfig.CodeGrant	codeGrant	Deprecated. use the codeGrant() method
Optional<String>	endSessionPath	Deprecated. use endSessionPath() method instead
OidcTenantConfig.IntrospectionCredentials	introspectionCredentials	Deprecated. use introspectionCredentials() method instead
Optional<String>	introspectionPath	Deprecated. use introspectionPath() method instead
OidcTenantConfig.Jwks	jwks	Deprecated. use the jwks() method instead
Optional<String>	jwksPath	Deprecated. use jwksPath() method instead
OidcTenantConfig.Logout	logout	Deprecated. use the logout() method
Optional<OidcTenantConfig.Provider>	provider	Deprecated. use the provider() method instead
Optional<String>	publicKey	Deprecated. use publicKey() method instead
OidcTenantConfig.Roles	roles	Deprecated. use the roles() method instead
boolean	tenantEnabled	Deprecated. use tenantEnabled() method instead
Optional<String>	tenantId	Deprecated. use tenantId() method instead
Optional<List<String>>	tenantPaths	Deprecated. use tenantPaths() method instead
OidcTenantConfig.Token	token	Deprecated. use the token() method instead
OidcTenantConfig.TokenStateManager	tokenStateManager	Deprecated. use the tokenStateManager() method
Optional<String>	userInfoPath	Deprecated. use userInfoPath() method instead

Fields inherited from class io.quarkus.oidc.common.runtime.OidcClientCommonConfig

clientId, clientName, credentials, revokePath, tokenPath

Fields inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig

authServerUrl, connectionDelay, connectionRetryCount, connectionTimeout, discoveryEnabled, followRedirects, maxPoolSize, proxy, registrationPath, tls, useBlockingDnsLookup

Constructor Summary

Constructors

Constructor	Description
OidcTenantConfig()	Deprecated. Use builder() to create this config

Method Summary

Modifier and Type	Method	Description
boolean	allowTokenIntrospectionCache()	Allow caching the token introspection data.
boolean	allowUserInfoCache()	Allow caching the user info data.
Optional<OidcTenantConfig.ApplicationType>	applicationType()	The application type, which can be one of the following OidcTenantConfig.ApplicationType values.
OidcTenantConfig.Authentication	authentication()	Configuration for managing an authorization code flow.
Optional<String>	authorizationPath()	The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users.
static OidcTenantConfigBuilder	authServerUrl(String authServerUrl)	Creates OidcTenantConfigBuilder builder populated with documented default values.
static OidcTenantConfigBuilder	builder()	Creates OidcTenantConfigBuilder builder populated with documented default values.
static OidcTenantConfigBuilder	builder(OidcTenantConfig mapping)	Creates OidcTenantConfigBuilder builder populated with staticTenantMapping values.
Optional<Boolean>	cacheUserInfoInIdtoken()	Allow inlining UserInfo in IdToken instead of caching it in the token cache.
OidcTenantConfig.CertificateChain	certificateChain()	Configuration of the certificate chain which can be used to verify tokens.
OidcTenantConfig.CodeGrant	codeGrant()	Configuration to complete an authorization code flow grant.
Optional<String>	endSessionPath()	Relative path or absolute URL of the OIDC end_session_endpoint.
Optional<OidcTenantConfig.ApplicationType>	getApplicationType()	Deprecated. use the applicationType() method instead
OidcTenantConfig.Authentication	getAuthentication()	Deprecated. use the authentication() method instead
Optional<String>	getAuthorizationPath()	Deprecated. use the authorizationPath() method instead
OidcTenantConfig.CertificateChain	getCertificateChain()	Deprecated. use the certificateChain() method instead
OidcTenantConfig.CodeGrant	getCodeGrant()	Deprecated. use the codeGrant() method instead
Optional<String>	getEndSessionPath()	Deprecated. use the endSessionPath() method instead
OidcTenantConfig.IntrospectionCredentials	getIntrospectionCredentials()	Deprecated. use the introspectionCredentials() method instead
Optional<String>	getIntrospectionPath()	Deprecated. use the introspectionPath() method instead
Optional<String>	getJwksPath()	Deprecated. use the jwksPath() method instead
OidcTenantConfig.Logout	getLogout()	Deprecated. use the logout() method instead
Optional<OidcTenantConfig.Provider>	getProvider()	Deprecated. use the provider() method instead
Optional<String>	getPublicKey()	Deprecated. use the publicKey() method instead
OidcTenantConfig.Roles	getRoles()	Deprecated. use the roles() method instead
Optional<String>	getTenantId()	Deprecated. use the tenantId() method instead
OidcTenantConfig.Token	getToken()	Deprecated. use the token() method instead
Optional<String>	getUserInfoPath()	Deprecated. use the userInfoPath() method instead
OidcTenantConfig.IntrospectionCredentials	introspectionCredentials()	Optional introspection endpoint-specific basic authentication configuration.
Optional<String>	introspectionPath()	Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens.
boolean	isAllowTokenIntrospectionCache()	Deprecated. use the allowTokenIntrospectionCache() method instead
boolean	isAllowUserInfoCache()	Deprecated. use the allowUserInfoCache() method instead
Optional<Boolean>	isCacheUserInfoInIdtoken()	Deprecated. use the cacheUserInfoInIdtoken() method instead
boolean	isTenantEnabled()	Deprecated. use the tenantEnabled() method instead
OidcTenantConfig.Jwks	jwks()	How JsonWebKey verification key set should be acquired and managed.
Optional<String>	jwksPath()	Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set.
OidcTenantConfig.Logout	logout()	RP-initiated, back-channel and front-channel logout configuration.
static OidcTenantConfig	of(OidcTenantConfig mapping)	Creates OidcTenantConfig from the mapping.
Optional<OidcTenantConfig.Provider>	provider()	Well known OpenId Connect provider identifier
Optional<String>	publicKey()	The public key for the local JWT token verification.
static OidcTenantConfigBuilder	registrationPath(String registrationPath)	Creates OidcTenantConfigBuilder builder populated with documented default values.
OidcTenantConfig.Roles	roles()	Configuration to find and parse custom claims which contain roles.
void	setAllowTokenIntrospectionCache(boolean allowTokenIntrospectionCache)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setAllowUserInfoCache(boolean allowUserInfoCache)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setApplicationType(OidcTenantConfig.ApplicationType type)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setAuthentication(OidcTenantConfig.Authentication authentication)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setAuthorizationPath(String authorizationPath)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setCacheUserInfoInIdtoken(boolean cacheUserInfoInIdtoken)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setCertificateChain(OidcTenantConfig.CertificateChain certificateChain)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setCodeGrant(OidcTenantConfig.CodeGrant codeGrant)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setEndSessionPath(String endSessionPath)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setIntrospectionCredentials(OidcTenantConfig.IntrospectionCredentials introspectionCredentials)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setIntrospectionPath(String introspectionPath)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setJwksPath(String jwksPath)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setLogout(OidcTenantConfig.Logout logout)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setProvider(OidcTenantConfig.Provider provider)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setPublicKey(String publicKey)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setRoles(OidcTenantConfig.Roles roles)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setTenantEnabled(boolean enabled)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setTenantId(String tenantId)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setToken(OidcTenantConfig.Token token)	Deprecated. build this config with the OidcTenantConfigBuilder builder
void	setUserInfoPath(String userInfoPath)	Deprecated. build this config with the OidcTenantConfigBuilder builder
boolean	tenantEnabled()	If this tenant configuration is enabled.
Optional<String>	tenantId()	A unique tenant identifier.
Optional<List<String>>	tenantPaths()	The paths which must be secured by this tenant.
OidcTenantConfig.Token	token()	Configuration to customize validation of token claims.
static OidcTenantConfigBuilder	tokenPath(String tokenPath)	Creates OidcTenantConfigBuilder builder populated with documented default values.
OidcTenantConfig.TokenStateManager	tokenStateManager()	Default token state manager configuration
Optional<String>	userInfoPath()	The relative path or absolute URL of the OIDC UserInfo endpoint.

Methods inherited from class io.quarkus.oidc.common.runtime.OidcClientCommonConfig

clientId, clientName, credentials, getClientId, getClientName, getCredentials, getRevokePath, getTokenPath, revokePath, setClientId, setClientName, setCredentials, setRevokePath, setTokenPath, tokenPath

Methods inherited from class io.quarkus.oidc.common.runtime.OidcCommonConfig

authServerUrl, connectionDelay, connectionRetryCount, connectionTimeout, discoveryEnabled, followRedirects, getAuthServerUrl, getConnectionDelay, getConnectionTimeout, getDiscoveryEnabled, getMaxPoolSize, getProxy, getRegistrationPath, isDiscoveryEnabled, maxPoolSize, proxy, registrationPath, setAuthServerUrl, setConnectionDelay, setConnectionTimeout, setDiscoveryEnabled, setDiscoveryEnabled, setMaxPoolSize, setProxy, setRegistrationPath, tls, useBlockingDnsLookup

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig

clientId, clientName, credentials, revokePath, tokenPath

Methods inherited from interface io.quarkus.oidc.common.runtime.config.OidcCommonConfig

authServerUrl, connectionDelay, connectionRetryCount, connectionTimeout, discoveryEnabled, followRedirects, maxPoolSize, proxy, registrationPath, tls, useBlockingDnsLookup

Field Details

tenantId

@Deprecated(since="3.18")
public Optional<String> tenantId

Deprecated.

use tenantId() method instead

A unique tenant identifier. It can be set by TenantConfigResolver providers, which resolve the tenant configuration dynamically.

tenantEnabled

@Deprecated(since="3.18")
public boolean tenantEnabled

Deprecated.

use tenantEnabled() method instead

If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a TenantConfigResolver that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant.

applicationType

@Deprecated(since="3.18")
public Optional<OidcTenantConfig.ApplicationType> applicationType

Deprecated.

use applicationType() method instead

The application type, which can be one of the following OidcTenantConfig.ApplicationType values.

authorizationPath

@Deprecated(since="3.18")
public Optional<String> authorizationPath

Deprecated.

use authorizationPath() method instead

The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled.

userInfoPath

@Deprecated(since="3.18")
public Optional<String> userInfoPath

Deprecated.

use userInfoPath() method instead

The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled.

introspectionPath

@Deprecated(since="3.18")
public Optional<String> introspectionPath

Deprecated.

use introspectionPath() method instead

Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled.

jwksPath

@Deprecated(since="3.18")
public Optional<String> jwksPath

Deprecated.

use jwksPath() method instead

Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled.

endSessionPath

@Deprecated(since="3.18")
public Optional<String> endSessionPath

Deprecated.

use endSessionPath() method instead

Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled.

tenantPaths

@Deprecated(since="3.18")
public Optional<List<String>> tenantPaths

Deprecated.

use tenantPaths() method instead

The paths which must be secured by this tenant. Tenant with the most specific path wins. Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] section of the OIDC multitenancy guide for explanation of allowed path patterns.

publicKey

@Deprecated(since="3.18")
public Optional<String> publicKey

Deprecated.

use publicKey() method instead

The public key for the local JWT token verification. OIDC server connection is not created when this property is set.

introspectionCredentials

@Deprecated(since="3.18")
public OidcTenantConfig.IntrospectionCredentials introspectionCredentials

Deprecated.

use introspectionCredentials() method instead

Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured with OidcCommonConfig#credentials for its introspection endpoint.

roles

@Deprecated(since="3.18")
public OidcTenantConfig.Roles roles

Deprecated.

use the roles() method instead

Configuration to find and parse a custom claim containing the roles information.

token

@Deprecated(since="3.18")
public OidcTenantConfig.Token token

Deprecated.

use the token() method instead

Configuration how to validate the token claims.

logout

@Deprecated(since="3.18")
public OidcTenantConfig.Logout logout

Deprecated.

use the logout() method

RP Initiated, BackChannel and FrontChannel Logout configuration

certificateChain

@Deprecated(since="3.18")
public OidcTenantConfig.CertificateChain certificateChain

Deprecated.

use certificateChain() method instead

Configuration of the certificate chain which can be used to verify tokens. If the certificate chain truststore is configured, the tokens can be verified using the certificate chain inlined in the Base64-encoded format as an `x5c` header in the token itself.

The certificate chain inlined in the token is verified. Signature of every certificate in the chain but the root certificate is verified by the next certificate in the chain. Thumbprint of the root certificate in the chain must match a thumbprint of one of the certificates in the truststore.

Additionally, a direct trust in the leaf chain certificate which will be used to verify the token signature must be established. By default, the leaf certificate's thumbprint must match a thumbprint of one of the certificates in the truststore. If the truststore does not have the leaf certificate imported, then the leaf certificate must be identified by its Common Name.

authentication

@Deprecated(since="3.18")
public OidcTenantConfig.Authentication authentication

Deprecated.

use the authentication() method

Different options to configure authorization requests

codeGrant

@Deprecated(since="3.18")
public OidcTenantConfig.CodeGrant codeGrant

Deprecated.

use the codeGrant() method

Authorization code grant configuration

tokenStateManager

@Deprecated(since="3.18")
public OidcTenantConfig.TokenStateManager tokenStateManager

Deprecated.

use the tokenStateManager() method

Default token state manager configuration

allowTokenIntrospectionCache

@Deprecated(since="3.18")
public boolean allowTokenIntrospectionCache

Deprecated.

use the allowTokenIntrospectionCache() method

Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

allowUserInfoCache

@Deprecated(since="3.18")
public boolean allowUserInfoCache

Deprecated.

use the allowUserInfoCache() method

Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

cacheUserInfoInIdtoken

@Deprecated(since="3.18")
public Optional<Boolean> cacheUserInfoInIdtoken

Deprecated.

use the cacheUserInfoInIdtoken() method

Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.

Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the allowUserInfoCache property set to `false`.

jwks

@Deprecated(since="3.18")
public OidcTenantConfig.Jwks jwks

Deprecated.

use the jwks() method instead

Configuration for controlling how JsonWebKeySet containing verification keys should be acquired and managed.

provider

@Deprecated(since="3.18")
public Optional<OidcTenantConfig.Provider> provider

Deprecated.

use the provider() method instead

Well known OpenId Connect provider identifier

Constructor Details

OidcTenantConfig

@Deprecated(since="3.18")
public OidcTenantConfig()

Deprecated.

Use builder() to create this config

Method Details

getAuthorizationPath

@Deprecated(since="3.18")
public Optional<String> getAuthorizationPath()

Deprecated.

use the authorizationPath() method instead

setAuthorizationPath

@Deprecated(since="3.18")
public void setAuthorizationPath(String authorizationPath)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getUserInfoPath

@Deprecated(since="3.18")
public Optional<String> getUserInfoPath()

Deprecated.

use the userInfoPath() method instead

setUserInfoPath

@Deprecated(since="3.18")
public void setUserInfoPath(String userInfoPath)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getIntrospectionPath

@Deprecated(since="3.18")
public Optional<String> getIntrospectionPath()

Deprecated.

use the introspectionPath() method instead

setIntrospectionPath

@Deprecated(since="3.18")
public void setIntrospectionPath(String introspectionPath)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getJwksPath

@Deprecated(since="3.18")
public Optional<String> getJwksPath()

Deprecated.

use the jwksPath() method instead

setJwksPath

@Deprecated(since="3.18")
public void setJwksPath(String jwksPath)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getEndSessionPath

@Deprecated(since="3.18")
public Optional<String> getEndSessionPath()

Deprecated.

use the endSessionPath() method instead

setEndSessionPath

@Deprecated(since="3.18")
public void setEndSessionPath(String endSessionPath)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getPublicKey

@Deprecated(since="3.18")
public Optional<String> getPublicKey()

Deprecated.

use the publicKey() method instead

setPublicKey

@Deprecated(since="3.18")
public void setPublicKey(String publicKey)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getRoles

@Deprecated(since="3.18")
public OidcTenantConfig.Roles getRoles()

Deprecated.

use the roles() method instead

setRoles

@Deprecated(since="3.18")
public void setRoles(OidcTenantConfig.Roles roles)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getToken

@Deprecated(since="3.18")
public OidcTenantConfig.Token getToken()

Deprecated.

use the token() method instead

setToken

@Deprecated(since="3.18")
public void setToken(OidcTenantConfig.Token token)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getAuthentication

@Deprecated(since="3.18")
public OidcTenantConfig.Authentication getAuthentication()

Deprecated.

use the authentication() method instead

setAuthentication

@Deprecated(since="3.18")
public void setAuthentication(OidcTenantConfig.Authentication authentication)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getTenantId

@Deprecated(since="3.18")
public Optional<String> getTenantId()

Deprecated.

use the tenantId() method instead

setTenantId

@Deprecated(since="3.18")
public void setTenantId(String tenantId)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

isTenantEnabled

@Deprecated(since="3.18")
public boolean isTenantEnabled()

Deprecated.

use the tenantEnabled() method instead

setTenantEnabled

@Deprecated(since="3.18")
public void setTenantEnabled(boolean enabled)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

setLogout

@Deprecated(since="3.18")
public void setLogout(OidcTenantConfig.Logout logout)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getLogout

@Deprecated(since="3.18")
public OidcTenantConfig.Logout getLogout()

Deprecated.

use the logout() method instead

getProvider

@Deprecated(since="3.18")
public Optional<OidcTenantConfig.Provider> getProvider()

Deprecated.

use the provider() method instead

setProvider

@Deprecated(since="3.18")
public void setProvider(OidcTenantConfig.Provider provider)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getApplicationType

@Deprecated(since="3.18")
public Optional<OidcTenantConfig.ApplicationType> getApplicationType()

Deprecated.

use the applicationType() method instead

setApplicationType

@Deprecated(since="3.18")
public void setApplicationType(OidcTenantConfig.ApplicationType type)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

isAllowTokenIntrospectionCache

@Deprecated(since="3.18")
public boolean isAllowTokenIntrospectionCache()

Deprecated.

use the allowTokenIntrospectionCache() method instead

setAllowTokenIntrospectionCache

@Deprecated(since="3.18")
public void setAllowTokenIntrospectionCache(boolean allowTokenIntrospectionCache)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

isAllowUserInfoCache

@Deprecated(since="3.18")
public boolean isAllowUserInfoCache()

Deprecated.

use the allowUserInfoCache() method instead

setAllowUserInfoCache

@Deprecated(since="3.18")
public void setAllowUserInfoCache(boolean allowUserInfoCache)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

isCacheUserInfoInIdtoken

@Deprecated(since="3.18")
public Optional<Boolean> isCacheUserInfoInIdtoken()

Deprecated.

use the cacheUserInfoInIdtoken() method instead

setCacheUserInfoInIdtoken

@Deprecated(since="3.18")
public void setCacheUserInfoInIdtoken(boolean cacheUserInfoInIdtoken)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getIntrospectionCredentials

@Deprecated(since="3.18")
public OidcTenantConfig.IntrospectionCredentials getIntrospectionCredentials()

Deprecated.

use the introspectionCredentials() method instead

setIntrospectionCredentials

@Deprecated(since="3.18")
public void setIntrospectionCredentials(OidcTenantConfig.IntrospectionCredentials introspectionCredentials)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getCodeGrant

@Deprecated(since="3.18")
public OidcTenantConfig.CodeGrant getCodeGrant()

Deprecated.

use the codeGrant() method instead

setCodeGrant

@Deprecated(since="3.18")
public void setCodeGrant(OidcTenantConfig.CodeGrant codeGrant)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

getCertificateChain

@Deprecated(since="3.18")
public OidcTenantConfig.CertificateChain getCertificateChain()

Deprecated.

use the certificateChain() method instead

setCertificateChain

@Deprecated(since="3.18")
public void setCertificateChain(OidcTenantConfig.CertificateChain certificateChain)

Deprecated.

build this config with the OidcTenantConfigBuilder builder

tenantId

public Optional<String> tenantId()

Description copied from interface: OidcTenantConfig

A unique tenant identifier. It can be set by TenantConfigResolver providers, which resolve the tenant configuration dynamically.

Specified by:

tenantId in interface OidcTenantConfig

tenantEnabled

public boolean tenantEnabled()

Description copied from interface: OidcTenantConfig

If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a TenantConfigResolver that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant.

Specified by:

tenantEnabled in interface OidcTenantConfig

applicationType

public Optional<OidcTenantConfig.ApplicationType> applicationType()

Description copied from interface: OidcTenantConfig

The application type, which can be one of the following OidcTenantConfig.ApplicationType values.

Specified by:

applicationType in interface OidcTenantConfig

authorizationPath

public Optional<String> authorizationPath()

Description copied from interface: OidcTenantConfig

The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled.

Specified by:

authorizationPath in interface OidcTenantConfig

userInfoPath

public Optional<String> userInfoPath()

Description copied from interface: OidcTenantConfig

The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled.

Specified by:

userInfoPath in interface OidcTenantConfig

introspectionPath

public Optional<String> introspectionPath()

Description copied from interface: OidcTenantConfig

Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled.

Specified by:

introspectionPath in interface OidcTenantConfig

jwksPath

public Optional<String> jwksPath()

Description copied from interface: OidcTenantConfig

Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled.

Specified by:

jwksPath in interface OidcTenantConfig

endSessionPath

public Optional<String> endSessionPath()

Description copied from interface: OidcTenantConfig

Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled.

Specified by:

endSessionPath in interface OidcTenantConfig

tenantPaths

public Optional<List<String>> tenantPaths()

Description copied from interface: OidcTenantConfig

The paths which must be secured by this tenant. Tenant with the most specific path wins. Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] section of the OIDC multitenancy guide for explanation of allowed path patterns.

Specified by:

tenantPaths in interface OidcTenantConfig

publicKey

public Optional<String> publicKey()

Description copied from interface: OidcTenantConfig

The public key for the local JWT token verification. OIDC server connection is not created when this property is set.

Specified by:

publicKey in interface OidcTenantConfig

introspectionCredentials

public OidcTenantConfig.IntrospectionCredentials introspectionCredentials()

Description copied from interface: OidcTenantConfig

Optional introspection endpoint-specific basic authentication configuration. It must be configured only if the introspection is required but OpenId Connect Provider does not support the OIDC client authentication configured with OidcCommonConfig#credentials for its introspection endpoint.

Specified by:

introspectionCredentials in interface OidcTenantConfig

roles

public OidcTenantConfig.Roles roles()

Description copied from interface: OidcTenantConfig

Configuration to find and parse custom claims which contain roles.

Specified by:

roles in interface OidcTenantConfig

token

public OidcTenantConfig.Token token()

Description copied from interface: OidcTenantConfig

Configuration to customize validation of token claims.

Specified by:

token in interface OidcTenantConfig

logout

public OidcTenantConfig.Logout logout()

Description copied from interface: OidcTenantConfig

RP-initiated, back-channel and front-channel logout configuration.

Specified by:

logout in interface OidcTenantConfig

certificateChain

public OidcTenantConfig.CertificateChain certificateChain()

Description copied from interface: OidcTenantConfig

Configuration of the certificate chain which can be used to verify tokens. If the certificate chain truststore is configured, the tokens can be verified using the certificate chain inlined in the Base64-encoded format as an `x5c` header in the token itself.

The certificate chain inlined in the token is verified. Signature of every certificate in the chain but the root certificate is verified by the next certificate in the chain. Thumbprint of the root certificate in the chain must match a thumbprint of one of the certificates in the truststore.

Additionally, a direct trust in the leaf chain certificate which will be used to verify the token signature must be established. By default, the leaf certificate's thumbprint must match a thumbprint of one of the certificates in the truststore. If the truststore does not have the leaf certificate imported, then the leaf certificate must be identified by its Common Name.

Specified by:

certificateChain in interface OidcTenantConfig

authentication

public OidcTenantConfig.Authentication authentication()

Description copied from interface: OidcTenantConfig

Configuration for managing an authorization code flow.

Specified by:

authentication in interface OidcTenantConfig

codeGrant

public OidcTenantConfig.CodeGrant codeGrant()

Description copied from interface: OidcTenantConfig

Configuration to complete an authorization code flow grant.

Specified by:

codeGrant in interface OidcTenantConfig

tokenStateManager

public OidcTenantConfig.TokenStateManager tokenStateManager()

Description copied from interface: OidcTenantConfig

Default token state manager configuration

Specified by:

tokenStateManager in interface OidcTenantConfig

allowTokenIntrospectionCache

public boolean allowTokenIntrospectionCache()

Description copied from interface: OidcTenantConfig

Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

Specified by:

allowTokenIntrospectionCache in interface OidcTenantConfig

allowUserInfoCache

public boolean allowUserInfoCache()

Description copied from interface: OidcTenantConfig

Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

Specified by:

allowUserInfoCache in interface OidcTenantConfig

cacheUserInfoInIdtoken

public Optional<Boolean> cacheUserInfoInIdtoken()

Description copied from interface: OidcTenantConfig

Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.

Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the OidcTenantConfig.allowUserInfoCache() property set to `false`.

Specified by:

cacheUserInfoInIdtoken in interface OidcTenantConfig

jwks

public OidcTenantConfig.Jwks jwks()

Description copied from interface: OidcTenantConfig

How JsonWebKey verification key set should be acquired and managed.

Specified by:

jwks in interface OidcTenantConfig

provider

public Optional<OidcTenantConfig.Provider> provider()

Description copied from interface: OidcTenantConfig

Well known OpenId Connect provider identifier

Specified by:

provider in interface OidcTenantConfig

builder

public static OidcTenantConfigBuilder builder()

Creates OidcTenantConfigBuilder builder populated with documented default values.

Returns:

OidcTenantConfigBuilder builder

builder

public static OidcTenantConfigBuilder builder(OidcTenantConfig mapping)

Creates OidcTenantConfigBuilder builder populated with staticTenantMapping values. You want to use this constructor when you have configured static tenant in the application.properties and your dynamic tenant only differ in a couple of the configuration properties.

Parameters:

mapping - OidcTenantConfig created by the SmallRye Config; must not be null

of

public static OidcTenantConfig of(OidcTenantConfig mapping)

Creates OidcTenantConfig from the mapping. This method is more efficient than the builder() method if you don't need to modify the mapping.

Parameters:

mapping - tenant config as returned from the SmallRye Config; must not be null

Returns:

OidcTenantConfig

authServerUrl

public static OidcTenantConfigBuilder authServerUrl(String authServerUrl)

Creates OidcTenantConfigBuilder builder populated with documented default values.

Parameters:

authServerUrl - OidcCommonConfig.authServerUrl()

Returns:

OidcTenantConfigBuilder builder

registrationPath

public static OidcTenantConfigBuilder registrationPath(String registrationPath)

Creates OidcTenantConfigBuilder builder populated with documented default values.

Parameters:

registrationPath - OidcCommonConfig.registrationPath()

Returns:

OidcTenantConfigBuilder builder

tokenPath

public static OidcTenantConfigBuilder tokenPath(String tokenPath)

Creates OidcTenantConfigBuilder builder populated with documented default values.

Parameters:

tokenPath - OidcClientCommonConfig.tokenPath()

Returns:

OidcTenantConfigBuilder builder