Package io.helidon.security.providers.oidc.common

Class OidcConfig.Builder

java.lang.Object

io.helidon.security.providers.oidc.common.OidcConfig.Builder

All Implemented Interfaces:

Builder<OidcConfig>, Supplier<OidcConfig>

Enclosing class:

OidcConfig

public static class OidcConfig.Builder
extends Object
implements Builder<OidcConfig>

A fluent API Builder to build instances of OidcConfig.

Constructor Summary

Constructors

Constructor and Description
Builder()

Method Summary

Modifier and Type	Method and Description
OidcConfig.Builder	audience(String audience) Audience of issued tokens.
OidcConfig.Builder	authorizationEndpointUri(URI uri) URI of an authorization endpoint used to redirect users to for logging-in.
OidcConfig.Builder	baseScopes(String scopes) Configure base scopes.
OidcConfig	build() Build the instance from this builder.
OidcConfig.Builder	clientId(String clientId) Client ID as generated by OIDC server.
OidcConfig.Builder	clientSecret(String clientSecret) Client secret as generated by OIDC server.
OidcConfig.Builder	config(Config config) Update this builder with values from configuration.
OidcConfig.Builder	cookieName(String cookieName) Name of the cookie to use.
OidcConfig.Builder	frontendUri(String uri) Full URI of this application that is visible from user browser.
OidcConfig.Builder	headerTokenHandler(TokenHandler tokenHandler) A TokenHandler to process header containing a JWT.
OidcConfig.Builder	identityUri(URI uri) URI of the identity server, base used to retrieve OIDC metadata.
OidcConfig.Builder	introspectEndpointUri(URI uri) Endpoint to use to validate JWT.
OidcConfig.Builder	issuer(String issuer) Issuer of issued tokens.
OidcConfig.Builder	oidcMetadata(JsonObject metadata) JsonObject with the OIDC Metadata.
OidcConfig.Builder	oidcMetadata(Resource resource) Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.
OidcConfig.Builder	oidcMetadataWellKnown(Boolean useWellKnown) If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource.
OidcConfig.Builder	paramName(String paramName) Name of a query parameter that contains the JWT token when parameter is used.
OidcConfig.Builder	proxyHost(String proxyHost) Proxy host to use.
OidcConfig.Builder	proxyPort(int proxyPort) Proxy port.
OidcConfig.Builder	realm(String realm) Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.
OidcConfig.Builder	redirect(boolean redirect) By default the client should redirect to the identity server for the user to log in.
OidcConfig.Builder	redirectUri(String redirectUri) URI to register web server component on, used by the OIDC server to redirect authorization requests to after a user logs in or approves scopes.
OidcConfig.Builder	scopeAudience(String audience) Audience of the scope required by this application.
OidcConfig.Builder	signJwk(JwkKeys jwk) Set JwkKeys to use for JWT validation.
OidcConfig.Builder	signJwk(Resource resource) A resource pointing to JWK with public keys of signing certificates used to validate JWT.
OidcConfig.Builder	tokenEndpointUri(URI uri) URI of a token endpoint used to obtain a JWT based on the authentication code.
OidcConfig.Builder	useCookie(Boolean useCookie) Whether to use cookie to store JWT between requests.
OidcConfig.Builder	useHeader(Boolean useHeader) Whether to expect JWT in a header field.
OidcConfig.Builder	useParam(Boolean useParam) Whether to use a query parameter to send JWT token from application to this server.
OidcConfig.Builder	validateJwtWithJwk(Boolean useJwk) Use JWK (a set of keys to validate signatures of JWT) to validate tokens.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.helidon.common.Builder

get

Constructor Detail

Builder

public Builder()

Method Detail

build

public OidcConfig build()

Description copied from interface: Builder

Build the instance from this builder.

Specified by:

build in interface Builder<OidcConfig>

Returns:

instance of the built type

config

public OidcConfig.Builder config(Config config)

Update this builder with values from configuration.

Parameters:

config - configuration located on node with OIDC configuration keys (e.g. client-id)

Returns:

updated builder instance

redirect

public OidcConfig.Builder redirect(boolean redirect)

By default the client should redirect to the identity server for the user to log in. This behavior can be overridden by setting redirect to false. When token is not present in the request, the client will not redirect and just return appropriate error response code.

Parameters:

redirect - Whether to redirect to OIDC server in case the request does not contain sufficient information to authenticate the user, defaults to true

Returns:

updated builder instance

realm

public OidcConfig.Builder realm(String realm)

Realm to return when not redirecting and an error occurs that sends back WWW-Authenticate header.

Parameters:

realm - realm name

Returns:

updated builder instance

audience

public OidcConfig.Builder audience(String audience)

Audience of issued tokens.

Parameters:

audience - audience to validate

Returns:

updated builder instance

issuer

public OidcConfig.Builder issuer(String issuer)

Issuer of issued tokens.

Parameters:

issuer - expected issuer to validate

Returns:

updated builder instance

validateJwtWithJwk

public OidcConfig.Builder validateJwtWithJwk(Boolean useJwk)

Use JWK (a set of keys to validate signatures of JWT) to validate tokens. Use this method when you want to use default values for JWK or introspection endpoint URI.

Parameters:

useJwk - when set to true, jwk is used, when set to false, introspect endpoint is used

Returns:

updated builder instance

introspectEndpointUri

public OidcConfig.Builder introspectEndpointUri(URI uri)

Endpoint to use to validate JWT. Either use this or set signJwk(JwkKeys) or signJwk(Resource).

Parameters:

uri - URI of introspection endpoint

Returns:

updated builder instance

baseScopes

public OidcConfig.Builder baseScopes(String scopes)

Configure base scopes. By default this is . If scope has a qualifier, it must be used here.

Parameters:

scopes - Space separated scopes to be required by default from OIDC server

Returns:

updated builder instance

oidcMetadataWellKnown

public OidcConfig.Builder oidcMetadataWellKnown(Boolean useWellKnown)

If set to true, metadata will be loaded from default (well known) location, unless it is explicitly defined using oidc-metadata-resource. If set to false, it would not be loaded even if oidc-metadata-resource is not defined. In such a case all URIs must be explicitly defined (e.g. token-endpoint-uri).

Parameters:

useWellKnown - whether to use well known location for OIDC metadata

Returns:

updated builder instance

signJwk

public OidcConfig.Builder signJwk(Resource resource)

A resource pointing to JWK with public keys of signing certificates used to validate JWT.

Parameters:

resource - Resource pointing to the JWK

Returns:

updated builder instance

signJwk

public OidcConfig.Builder signJwk(JwkKeys jwk)

Set JwkKeys to use for JWT validation.

Parameters:

jwk - JwkKeys instance to get public keys used to sign JWT

Returns:

udpated builder instance

oidcMetadata

public OidcConfig.Builder oidcMetadata(Resource resource)

Resource configuration for OIDC Metadata containing endpoints to various identity services, as well as information about the identity server.

Parameters:

resource - resource pointing to the JSON structure

Returns:

udpated builder instance

oidcMetadata

public OidcConfig.Builder oidcMetadata(JsonObject metadata)

JsonObject with the OIDC Metadata.

Parameters:

metadata - metadata JSON

Returns:

updated builder instance

See Also:

oidcMetadata(Resource)

headerTokenHandler

public OidcConfig.Builder headerTokenHandler(TokenHandler tokenHandler)

A TokenHandler to process header containing a JWT. Default is "Authorization" header with a prefix "bearer ".

Parameters:

tokenHandler - token handler to use

Returns:

updated builder instance

useHeader

public OidcConfig.Builder useHeader(Boolean useHeader)

Whether to expect JWT in a header field.

Parameters:

useHeader - set to true to use a header extracted with headerTokenHandler(TokenHandler)

Returns:

updated builder instance

scopeAudience

public OidcConfig.Builder scopeAudience(String audience)

Audience of the scope required by this application. This is prefixed to the scope name when requesting scopes from the identity server. Defaults to empty string.

Parameters:

audience - audience, if provided, end with "/" to append the scope correctly

Returns:

updated builder instance

frontendUri

public OidcConfig.Builder frontendUri(String uri)

Full URI of this application that is visible from user browser. Used to redirect request back from identity server after successful login.

Parameters:

uri - the frontend URI, such as "http://my.server.com/myApp

Returns:

updated builder instance

tokenEndpointUri

public OidcConfig.Builder tokenEndpointUri(URI uri)

URI of a token endpoint used to obtain a JWT based on the authentication code. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/token.

Parameters:

uri - URI to use for token endpoint

Returns:

updated builder instance

authorizationEndpointUri

public OidcConfig.Builder authorizationEndpointUri(URI uri)

URI of an authorization endpoint used to redirect users to for logging-in. If not defined, it is obtained from oidcMetadata(Resource), if that is not defined an attempt is made to use identityUri(URI)/oauth2/v1/authorize.

Parameters:

uri - URI to use for token endpoint

Returns:

updated builder instance

cookieName

public OidcConfig.Builder cookieName(String cookieName)

Name of the cookie to use. Defaults to .

Parameters:

cookieName - name of a cookie

Returns:

updated builder instance

useCookie

public OidcConfig.Builder useCookie(Boolean useCookie)

Whether to use cookie to store JWT between requests. Defaults to .

Parameters:

useCookie - whether to use cookie to store JWT (true) or not (false))

Returns:

updated builder instance

paramName

public OidcConfig.Builder paramName(String paramName)

Name of a query parameter that contains the JWT token when parameter is used.

Parameters:

paramName - name of the query parameter to expect

Returns:

updated builder instance

useParam

public OidcConfig.Builder useParam(Boolean useParam)

Whether to use a query parameter to send JWT token from application to this server.

Parameters:

useParam - whether to use a query parameter (true) or not (false)

Returns:

updated builder instance

See Also:

paramName(String)

identityUri

public OidcConfig.Builder identityUri(URI uri)

URI of the identity server, base used to retrieve OIDC metadata.

Parameters:

uri - full URI of an identity server (such as "http://tenantid.identity.oraclecloud.com")

Returns:

updated builder instance

proxyHost

public OidcConfig.Builder proxyHost(String proxyHost)

Proxy host to use. When defined, triggers usage of proxy for HTTP requests. Setting to empty String has the same meaning as setting to null - disables proxy.

Parameters:

proxyHost - host of the proxy

Returns:

updated builder instance

See Also:

proxyProtocol(String), proxyPort(int)

proxyPort

public OidcConfig.Builder proxyPort(int proxyPort)

Proxy port. Defaults to

Parameters:

proxyPort - port of the proxy server to use

Returns:

updated builder instance

clientId

public OidcConfig.Builder clientId(String clientId)

Client ID as generated by OIDC server.

Parameters:

clientId - the client id of this application.

Returns:

updated builder instance

clientSecret

public OidcConfig.Builder clientSecret(String clientSecret)

Client secret as generated by OIDC server. Used to authenticate this application with the server when requesting JWT based on a code.

Parameters:

clientSecret - secret to use

Returns:

updated builder instance

redirectUri

public OidcConfig.Builder redirectUri(String redirectUri)

URI to register web server component on, used by the OIDC server to redirect authorization requests to after a user logs in or approves scopes. Note that usually the redirect URI configured here must be the same one as configured on OIDC server.

Defaults to

Parameters:

redirectUri - the URI (path without protocol, host and port) used to redirect requests back to us

Returns:

updated builder instance