Package io.quarkus.oidc.runtime

Interface OidcTenantConfig.TokenStateManager

All Known Implementing Classes:

OidcTenantConfig.TokenStateManager

Enclosing interface:

OidcTenantConfig

public static interface OidcTenantConfig.TokenStateManager

Default Authorization Code token state manager configuration

Nested Class Summary

Nested Classes

Modifier and Type	Interface	Description
static enum	OidcTenantConfig.TokenStateManager.EncryptionAlgorithm	Supported session cookie key encryption algorithms
static enum	OidcTenantConfig.TokenStateManager.Strategy

Method Summary

Modifier and Type	Method	Description
OidcTenantConfig.TokenStateManager.EncryptionAlgorithm	encryptionAlgorithm()	Session cookie key encryption algorithm
boolean	encryptionRequired()	Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens.
Optional<String>	encryptionSecret()	The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when encryptionRequired() property is enabled.
boolean	splitTokens()	Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default.
OidcTenantConfig.TokenStateManager.Strategy	strategy()	Default TokenStateManager strategy.

Method Details

strategy

@WithDefault("keep_all_tokens")
OidcTenantConfig.TokenStateManager.Strategy strategy()

Default TokenStateManager strategy.

splitTokens

@WithDefault("false")
boolean splitTokens()

Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size

encryptionRequired

@WithDefault("true")
boolean encryptionRequired()

Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens.

encryptionSecret

Optional<String> encryptionSecret()

The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when encryptionRequired() property is enabled.

If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required.

The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters.

encryptionAlgorithm

@WithDefault("A256GCMKW")
OidcTenantConfig.TokenStateManager.EncryptionAlgorithm encryptionAlgorithm()

Session cookie key encryption algorithm