Class OidcProvider
- java.lang.Object
-
- io.helidon.security.spi.SynchronousProvider
-
- io.helidon.security.providers.oidc.OidcProvider
-
- All Implemented Interfaces:
AuthenticationProvider,OutboundSecurityProvider,SecurityProvider
public final class OidcProvider extends SynchronousProvider implements AuthenticationProvider, OutboundSecurityProvider
Open ID Connect authentication provider. IDCS specific notes:- If you want to use JWK to validate tokens, you must give access to the endpoint (by default only admin can access it)
- If you want to use introspect endpoint to validate tokens, you must give rights to the application to do so (Client Configuration/Allowed Operations)
- If you want to retrieve groups when using IDCS, you must add "Client Credentials" in "Allowed Grant Types" in application configuration, as well as "Grant the client access to Identity Cloud Service Admin APIs." configured to "User Administrator"
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static OidcProvidercreate(Config config)Load this provider from configuration.static OidcProvidercreate(OidcConfig config)Create a new provider based on OIDC configuration.Collection<Class<? extends Annotation>>supportedAnnotations()Provide extension annotations supported by this provider (e.g.protected AuthenticationResponsesyncAuthenticate(ProviderRequest providerRequest)Synchronous authentication.-
Methods inherited from class io.helidon.security.spi.SynchronousProvider
authenticate, authorize, outboundSecurity, syncAuthorize, syncOutbound
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.helidon.security.spi.AuthenticationProvider
authenticate
-
Methods inherited from interface io.helidon.security.spi.OutboundSecurityProvider
isOutboundSupported, outboundSecurity
-
Methods inherited from interface io.helidon.security.spi.SecurityProvider
supportedAttributes, supportedConfigKeys, supportedCustomObjects
-
-
-
-
Method Detail
-
create
public static OidcProvider create(Config config)
Load this provider from configuration.- Parameters:
config- configuration of this provider- Returns:
- a new provider configured for OIDC
-
create
public static OidcProvider create(OidcConfig config)
Create a new provider based on OIDC configuration.- Parameters:
config- config of OIDC server and client- Returns:
- a new provider configured for OIDC
-
supportedAnnotations
public Collection<Class<? extends Annotation>> supportedAnnotations()
Description copied from interface:SecurityProviderProvide extension annotations supported by this provider (e.g.javax.annotation.security.RolesAllowed). Annotations will be collected according to framework in use. For JAX-RS, annotations from application class, resource class and resource methods will be collected.- Specified by:
supportedAnnotationsin interfaceSecurityProvider- Returns:
- Collection of annotations this provider expects.
- See Also:
EndpointConfig.annotations(EndpointConfig.AnnotationScope...),EndpointConfig.combineAnnotations(Class, EndpointConfig.AnnotationScope...)
-
syncAuthenticate
protected AuthenticationResponse syncAuthenticate(ProviderRequest providerRequest)
Description copied from class:SynchronousProviderSynchronous authentication.- Overrides:
syncAuthenticatein classSynchronousProvider- Parameters:
providerRequest- context with environment, subject(s) etc.- Returns:
- authentication response
- See Also:
AuthenticationProvider.authenticate(ProviderRequest)
-
-