Package io.quarkus.oidc

Class OidcTenantConfig

java.lang.Object
io.quarkus.oidc.common.runtime.OidcCommonConfig
io.quarkus.oidc.common.runtime.OidcClientCommonConfig
io.quarkus.oidc.OidcTenantConfig
All Implemented Interfaces:
io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig, io.quarkus.oidc.common.runtime.config.OidcCommonConfig, OidcTenantConfig
public class OidcTenantConfig extends io.quarkus.oidc.common.runtime.OidcClientCommonConfig implements OidcTenantConfig

  • Field Details

    • tenantId

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> tenantId
      Deprecated, for removal: This API element is subject to removal in a future version.
      use tenantId() method instead
      A unique tenant identifier. It can be set by TenantConfigResolver providers, which resolve the tenant configuration dynamically.

    • tenantEnabled

      @Deprecated(since="3.18", forRemoval=true) public boolean tenantEnabled
      Deprecated, for removal: This API element is subject to removal in a future version.
      use tenantEnabled() method instead
      If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a TenantConfigResolver that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant.

    • applicationType

      @Deprecated(since="3.18", forRemoval=true) public Optional<OidcTenantConfig.ApplicationType> applicationType
      Deprecated, for removal: This API element is subject to removal in a future version.
      use applicationType() method instead
      The application type, which can be one of the following OidcTenantConfig.ApplicationType values.

    • authorizationPath

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> authorizationPath
      Deprecated, for removal: This API element is subject to removal in a future version.
      use authorizationPath() method instead
      The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled.

    • userInfoPath

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> userInfoPath
      Deprecated, for removal: This API element is subject to removal in a future version.
      use userInfoPath() method instead
      The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled.

    • introspectionPath

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> introspectionPath
      Deprecated, for removal: This API element is subject to removal in a future version.
      use introspectionPath() method instead
      Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled.

    • jwksPath

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> jwksPath
      Deprecated, for removal: This API element is subject to removal in a future version.
      use jwksPath() method instead
      Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled.

    • endSessionPath

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> endSessionPath
      Deprecated, for removal: This API element is subject to removal in a future version.
      use endSessionPath() method instead
      Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled.

    • tenantPaths

      @Deprecated(since="3.18", forRemoval=true) public Optional<List<String>> tenantPaths
      Deprecated, for removal: This API element is subject to removal in a future version.
      use tenantPaths() method instead
      The paths which must be secured by this tenant. Tenant with the most specific path wins. Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] section of the OIDC multitenancy guide for explanation of allowed path patterns.

    • publicKey

      @Deprecated(since="3.18", forRemoval=true) public Optional<String> publicKey
      Deprecated, for removal: This API element is subject to removal in a future version.
      use publicKey() method instead
      The public key for the local JWT token verification. OIDC server connection is not created when this property is set.

    • introspectionCredentials

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.IntrospectionCredentials introspectionCredentials
      Deprecated, for removal: This API element is subject to removal in a future version.
      use introspectionCredentials() method instead
      Introspection Basic Authentication which must be configured only if the introspection is required and OpenId Connect Provider does not support the OIDC client authentication configured with
      invalid reference 
      OidcCommonConfig#credentials
      for its introspection endpoint.

    • roles

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.Roles roles
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the roles() method instead
      Configuration to find and parse a custom claim containing the roles information.

    • token

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.Token token
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the token() method instead
      Configuration how to validate the token claims.

    • logout

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.Logout logout
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the logout() method
      RP Initiated, BackChannel and FrontChannel Logout configuration

    • certificateChain

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.CertificateChain certificateChain
      Deprecated, for removal: This API element is subject to removal in a future version.
      use certificateChain() method instead
      Configuration of the certificate chain which can be used to verify tokens. If the certificate chain truststore is configured, the tokens can be verified using the certificate chain inlined in the Base64-encoded format as an `x5c` header in the token itself.

      The certificate chain inlined in the token is verified. Signature of every certificate in the chain but the root certificate is verified by the next certificate in the chain. Thumbprint of the root certificate in the chain must match a thumbprint of one of the certificates in the truststore.

      Additionally, a direct trust in the leaf chain certificate which will be used to verify the token signature must be established. By default, the leaf certificate's thumbprint must match a thumbprint of one of the certificates in the truststore. If the truststore does not have the leaf certificate imported, then the leaf certificate must be identified by its Common Name.

    • authentication

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.Authentication authentication
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the authentication() method
      Different options to configure authorization requests

    • codeGrant

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.CodeGrant codeGrant
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the codeGrant() method
      Authorization code grant configuration

    • tokenStateManager

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.TokenStateManager tokenStateManager
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the tokenStateManager() method
      Default token state manager configuration

    • allowTokenIntrospectionCache

      @Deprecated(since="3.18", forRemoval=true) public boolean allowTokenIntrospectionCache
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the allowTokenIntrospectionCache() method
      Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

    • allowUserInfoCache

      @Deprecated(since="3.18", forRemoval=true) public boolean allowUserInfoCache
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the allowUserInfoCache() method
      Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see OidcConfig.TokenCache to enable it.

    • cacheUserInfoInIdtoken

      @Deprecated(since="3.18", forRemoval=true) public Optional<Boolean> cacheUserInfoInIdtoken
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the cacheUserInfoInIdtoken() method
      Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state.

      Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the allowUserInfoCache property set to `false`.

    • jwks

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig.Jwks jwks
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the jwks() method instead
      Configuration for controlling how JsonWebKeySet containing verification keys should be acquired and managed.

    • resourceMetadata

      @Deprecated(since="3.25", forRemoval=true) OidcTenantConfig.ResourceMetadata resourceMetadata
      Deprecated, for removal: This API element is subject to removal in a future version.

    • provider

      @Deprecated(since="3.18", forRemoval=true) public Optional<OidcTenantConfig.Provider> provider
      Deprecated, for removal: This API element is subject to removal in a future version.
      use the provider() method instead
      Well known OpenId Connect provider identifier

  • Constructor Details

    • OidcTenantConfig

      @Deprecated(since="3.18", forRemoval=true) public OidcTenantConfig()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use builder() to create this config

  • Method Details