Package io.quarkus.oidc

Class OidcTenantConfig.TokenStateManager

java.lang.Object
io.quarkus.oidc.OidcTenantConfig.TokenStateManager
All Implemented Interfaces:
OidcTenantConfig.TokenStateManager
Enclosing class:
OidcTenantConfig
@Deprecated(since="3.18", forRemoval=true) public static class OidcTenantConfig.TokenStateManager extends Object implements OidcTenantConfig.TokenStateManager
Deprecated, for removal: This API element is subject to removal in a future version.
use the OidcTenantConfigBuilder.TokenStateManagerBuilder builder
Default Authorization Code token state manager configuration

  • Field Details

    • strategy

      public OidcTenantConfig.TokenStateManager.Strategy strategy
      Deprecated, for removal: This API element is subject to removal in a future version.
      Default TokenStateManager strategy.

    • splitTokens

      public boolean splitTokens
      Deprecated, for removal: This API element is subject to removal in a future version.
      Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size

    • encryptionRequired

      public boolean encryptionRequired
      Deprecated, for removal: This API element is subject to removal in a future version.
      Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens.

    • encryptionSecret

      public Optional<String> encryptionSecret
      Deprecated, for removal: This API element is subject to removal in a future version.
      The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when encryptionRequired property is enabled.

      If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required.

      The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters.

    • encryptionAlgorithm

      public OidcTenantConfig.TokenStateManager.EncryptionAlgorithm encryptionAlgorithm
      Deprecated, for removal: This API element is subject to removal in a future version.
      Session cookie key encryption algorithm

  • Constructor Details

    • TokenStateManager

      public TokenStateManager()
      Deprecated, for removal: This API element is subject to removal in a future version.

  • Method Details

    • strategy

      public OidcTenantConfig.TokenStateManager.Strategy strategy()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: OidcTenantConfig.TokenStateManager
      Default TokenStateManager strategy.
      Specified by:
      strategy in interface OidcTenantConfig.TokenStateManager

    • splitTokens

      public boolean splitTokens()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: OidcTenantConfig.TokenStateManager
      Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size
      Specified by:
      splitTokens in interface OidcTenantConfig.TokenStateManager

    • encryptionRequired

      public boolean encryptionRequired()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: OidcTenantConfig.TokenStateManager
      Mandates that the TokenStateManager stores tokens in the encrypted form. Default TokenStateManager encrypts a session cookie that keeps the tokens. Custom TokenStateManager do not have to encrypt tokens, they will already be encrypted by the time it is asked to store tokens.
      Specified by:
      encryptionRequired in interface OidcTenantConfig.TokenStateManager

    • encryptionSecret

      public Optional<String> encryptionSecret()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: OidcTenantConfig.TokenStateManager
      The secret used by the TokenStateManager to encrypt the session cookie storing the tokens when OidcTenantConfig.TokenStateManager.encryptionRequired() property is enabled.

      If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie or token encrypted before the restart, therefore a user re-authentication will be required.

      The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters.

      Specified by:
      encryptionSecret in interface OidcTenantConfig.TokenStateManager

    • encryptionAlgorithm

      public OidcTenantConfig.TokenStateManager.EncryptionAlgorithm encryptionAlgorithm()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Description copied from interface: OidcTenantConfig.TokenStateManager
      Session cookie or token key encryption algorithm
      Specified by:
      encryptionAlgorithm in interface OidcTenantConfig.TokenStateManager

    • isEncryptionRequired

      public boolean isEncryptionRequired()
      Deprecated, for removal: This API element is subject to removal in a future version.

    • setEncryptionRequired

      public void setEncryptionRequired(boolean encryptionRequired)
      Deprecated, for removal: This API element is subject to removal in a future version.

    • getEncryptionSecret

      public Optional<String> getEncryptionSecret()
      Deprecated, for removal: This API element is subject to removal in a future version.

    • setEncryptionSecret

      public void setEncryptionSecret(String encryptionSecret)
      Deprecated, for removal: This API element is subject to removal in a future version.

    • isSplitTokens

      public boolean isSplitTokens()
      Deprecated, for removal: This API element is subject to removal in a future version.

    • setSplitTokens

      public void setSplitTokens(boolean splitTokens)
      Deprecated, for removal: This API element is subject to removal in a future version.

    • getStrategy

      public OidcTenantConfig.TokenStateManager.Strategy getStrategy()
      Deprecated, for removal: This API element is subject to removal in a future version.

    • setStrategy

      public void setStrategy(OidcTenantConfig.TokenStateManager.Strategy strategy)
      Deprecated, for removal: This API element is subject to removal in a future version.

    • getEncryptionAlgorithm

      public OidcTenantConfig.TokenStateManager.EncryptionAlgorithm getEncryptionAlgorithm()
      Deprecated, for removal: This API element is subject to removal in a future version.

    • setEncryptionAlgorithm

      public void setEncryptionAlgorithm(OidcTenantConfig.TokenStateManager.EncryptionAlgorithm encryptionAlgorithm)
      Deprecated, for removal: This API element is subject to removal in a future version.