Package io.quarkus.oidc.common.runtime
Class OidcClientCommonConfig.Credentials.Jwt
java.lang.Object
io.quarkus.oidc.common.runtime.OidcClientCommonConfig.Credentials.Jwt
- All Implemented Interfaces:
OidcClientCommonConfig.Credentials.Jwt
- Enclosing class:
OidcClientCommonConfig.Credentials
public static class OidcClientCommonConfig.Credentials.Jwt
extends Object
implements OidcClientCommonConfig.Credentials.Jwt
Supports the client authentication `client_secret_jwt` and `private_key_jwt` methods, which involves sending a JWT
token assertion signed with a client secret or private key.
JWT Bearer client authentication is also supported.
- See Also:
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionbooleanIf true then the client authentication token is a JWT bearer grant assertion.The JWT audience (`aud`) claim value.Additional claims.The issuer of the signing key added as a JWT `iss` claim.String representation of a private key.If provided, indicates that JWT is signed using a private key in PEM or JWK format.The private key id or alias.The private key password.If provided, indicates that JWT is signed using a private key from a keystore.A parameter to specify the password of the keystore file.intThe JWT lifespan in seconds.If provided, indicates that JWT is signed using a secret key.If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.The signature algorithm used for thekeyFileproperty.JWT token source: OIDC provider client or an existing JWT bearer token.Subject of the signing key added as a JWT `sub` claim The default value is the client id.The key identifier of the signing key added as a JWT `kid` header. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanIf true then the client authentication token is a JWT bearer grant assertion.audience()The JWT audience (`aud`) claim value.claims()Additional claims.getKey()intbooleanissuer()The issuer of the signing key added as a JWT `iss` claim.key()String representation of a private key.keyFile()If provided, indicates that JWT is signed using a private key in PEM or JWK format.keyId()The private key id or alias.The private key password.If provided, indicates that JWT is signed using a private key from a keystore.A parameter to specify the password of the keystore file.intlifespan()The JWT lifespan in seconds.secret()If provided, indicates that JWT is signed using a secret key.If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.voidsetAssertion(boolean assertion) voidsetAudience(String audience) voidvoidvoidsetKeyFile(String keyFile) voidsetLifespan(int lifespan) voidvoidsetSecretProvider(OidcClientCommonConfig.Credentials.Provider secretProvider) voidsetSignatureAlgorithm(String signatureAlgorithm) voidvoidsetTokenKeyId(String tokenKeyId) The signature algorithm used for theOidcClientCommonConfig.Credentials.Jwt.keyFile()property.source()JWT token source: OIDC provider client or an existing JWT bearer token.subject()Subject of the signing key added as a JWT `sub` claim The default value is the client id.The key identifier of the signing key added as a JWT `kid` header.Path to a file with a JWT bearer token that should be used as a client assertion.
-
Field Details
-
source
JWT token source: OIDC provider client or an existing JWT bearer token. -
secret
-
secretProvider
If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider. -
key
String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withsecret,keyFileandproperties. You can use theinvalid reference
#keyStoresignatureAlgorithmproperty to override the default key algorithm, `RS256`. -
keyFile
If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withsecret,keyandproperties. You can use theinvalid reference
#keyStoresignatureAlgorithmproperty to override the default key algorithm, `RS256`. -
keyStoreFile
-
keyStorePassword
A parameter to specify the password of the keystore file. -
keyId
The private key id or alias. -
keyPassword
The private key password. -
audience
The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. -
tokenKeyId
The key identifier of the signing key added as a JWT `kid` header. -
issuer
The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. -
subject
Subject of the signing key added as a JWT `sub` claim The default value is the client id. -
claims
Additional claims. -
signatureAlgorithm
The signature algorithm used for thekeyFileproperty. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. -
lifespan
public int lifespanThe JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. -
assertion
public boolean assertionIf true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension.
-
-
Constructor Details
-
Jwt
public Jwt()
-
-
Method Details
-
source
Description copied from interface:OidcClientCommonConfig.Credentials.JwtJWT token source: OIDC provider client or an existing JWT bearer token.- Specified by:
sourcein interfaceOidcClientCommonConfig.Credentials.Jwt
-
tokenPath
Description copied from interface:OidcClientCommonConfig.Credentials.JwtPath to a file with a JWT bearer token that should be used as a client assertion. This path can only be set when JWT source (OidcClientCommonConfig.Credentials.Jwt.source()) is set toOidcClientCommonConfig.Credentials.Jwt.Source.BEARER.- Specified by:
tokenPathin interfaceOidcClientCommonConfig.Credentials.Jwt
-
secret
Description copied from interface:OidcClientCommonConfig.Credentials.JwtIf provided, indicates that JWT is signed using a secret key. It is mutually exclusive withOidcClientCommonConfig.Credentials.Jwt.key(),OidcClientCommonConfig.Credentials.Jwt.keyFile()andproperties.invalid reference
#keyStore- Specified by:
secretin interfaceOidcClientCommonConfig.Credentials.Jwt
-
secretProvider
Description copied from interface:OidcClientCommonConfig.Credentials.JwtIf provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.- Specified by:
secretProviderin interfaceOidcClientCommonConfig.Credentials.Jwt
-
key
Description copied from interface:OidcClientCommonConfig.Credentials.JwtString representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withOidcClientCommonConfig.Credentials.Jwt.secret(),OidcClientCommonConfig.Credentials.Jwt.keyFile()andproperties. You can use theinvalid reference
#keyStoreOidcClientCommonConfig.Credentials.Jwt.signatureAlgorithm()property to override the default key algorithm, `RS256`.- Specified by:
keyin interfaceOidcClientCommonConfig.Credentials.Jwt
-
keyFile
Description copied from interface:OidcClientCommonConfig.Credentials.JwtIf provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive withOidcClientCommonConfig.Credentials.Jwt.secret(),OidcClientCommonConfig.Credentials.Jwt.key()andproperties. You can use theinvalid reference
#keyStoreOidcClientCommonConfig.Credentials.Jwt.signatureAlgorithm()property to override the default key algorithm, `RS256`.- Specified by:
keyFilein interfaceOidcClientCommonConfig.Credentials.Jwt
-
keyStoreFile
Description copied from interface:OidcClientCommonConfig.Credentials.JwtIf provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive withOidcClientCommonConfig.Credentials.Jwt.secret(),OidcClientCommonConfig.Credentials.Jwt.key()andOidcClientCommonConfig.Credentials.Jwt.keyFile()properties.- Specified by:
keyStoreFilein interfaceOidcClientCommonConfig.Credentials.Jwt
-
keyStorePassword
Description copied from interface:OidcClientCommonConfig.Credentials.JwtA parameter to specify the password of the keystore file.- Specified by:
keyStorePasswordin interfaceOidcClientCommonConfig.Credentials.Jwt
-
keyId
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe private key id or alias.- Specified by:
keyIdin interfaceOidcClientCommonConfig.Credentials.Jwt
-
keyPassword
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe private key password.- Specified by:
keyPasswordin interfaceOidcClientCommonConfig.Credentials.Jwt
-
audience
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.- Specified by:
audiencein interfaceOidcClientCommonConfig.Credentials.Jwt
-
tokenKeyId
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe key identifier of the signing key added as a JWT `kid` header.- Specified by:
tokenKeyIdin interfaceOidcClientCommonConfig.Credentials.Jwt
-
issuer
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe issuer of the signing key added as a JWT `iss` claim. The default value is the client id.- Specified by:
issuerin interfaceOidcClientCommonConfig.Credentials.Jwt
-
subject
Description copied from interface:OidcClientCommonConfig.Credentials.JwtSubject of the signing key added as a JWT `sub` claim The default value is the client id.- Specified by:
subjectin interfaceOidcClientCommonConfig.Credentials.Jwt
-
claims
Description copied from interface:OidcClientCommonConfig.Credentials.JwtAdditional claims.- Specified by:
claimsin interfaceOidcClientCommonConfig.Credentials.Jwt
-
signatureAlgorithm
Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe signature algorithm used for theOidcClientCommonConfig.Credentials.Jwt.keyFile()property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`.- Specified by:
signatureAlgorithmin interfaceOidcClientCommonConfig.Credentials.Jwt
-
lifespan
public int lifespan()Description copied from interface:OidcClientCommonConfig.Credentials.JwtThe JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time.- Specified by:
lifespanin interfaceOidcClientCommonConfig.Credentials.Jwt
-
assertion
public boolean assertion()Description copied from interface:OidcClientCommonConfig.Credentials.JwtIf true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension.- Specified by:
assertionin interfaceOidcClientCommonConfig.Credentials.Jwt
-
getSecret
-
setSecret
-
getLifespan
public int getLifespan() -
setLifespan
public void setLifespan(int lifespan) -
getTokenKeyId
-
setTokenKeyId
-
getSecretProvider
-
setSecretProvider
-
getSignatureAlgorithm
-
setSignatureAlgorithm
-
getAudience
-
setAudience
-
getKey
-
setKey
-
getKeyFile
-
setKeyFile
-
getClaims
-
setClaims
-
getSource
-
setSource
-
isAssertion
public boolean isAssertion() -
setAssertion
public void setAssertion(boolean assertion)
-