Package io.quarkus.oidc.common.runtime

Class OidcCommonConfig.Credentials.Jwt

java.lang.Object

io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Jwt

Enclosing class:

OidcCommonConfig.Credentials

public static class OidcCommonConfig.Credentials.Jwt
extends Object

Supports the client authentication 'client_secret_jwt' and 'private_key_jwt' methods which involve sending a JWT token assertion signed with either a client secret or private key.

See Also:

https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication

Field Summary

Fields

Modifier and Type	Field	Description
Optional<String>	audience	JWT audience ('aud') claim value.
Optional<String>	issuer	Issuer of the signing key added as a JWT 'iss' claim (default: client id)
Optional<String>	keyFile	If provided, indicates that JWT is signed using a private key in PEM or JWK format.
Optional<String>	keyId	The private key id/alias
String	keyPassword	The private key password
Optional<String>	keyStoreFile	If provided, indicates that JWT is signed using a private key from a key store
String	keyStorePassword	A parameter to specify the password of the key store file.
int	lifespan	JWT life-span in seconds.
Optional<String>	secret	If provided, indicates that JWT is signed using a secret key
OidcCommonConfig.Credentials.Provider	secretProvider	If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider
Optional<String>	signatureAlgorithm	Signature algorithm, also used for the keyFile property.
Optional<String>	subject	Subject of the signing key added as a JWT 'sub' claim (default: client id)
Optional<String>	tokenKeyId	Key identifier of the signing key added as a JWT 'kid' header

Constructor Summary

Constructors

Constructor	Description
Jwt()

Method Summary

Modifier and Type	Method	Description
Optional<String>	getAudience()
Optional<String>	getKeyFile()
int	getLifespan()
Optional<String>	getSecret()
OidcCommonConfig.Credentials.Provider	getSecretProvider()
Optional<String>	getSignatureAlgorithm()
Optional<String>	getTokenKeyId()
void	setAudience(String audience)
void	setKeyFile(String keyFile)
void	setLifespan(int lifespan)
void	setSecret(String secret)
void	setSecretProvider(OidcCommonConfig.Credentials.Provider secretProvider)
void	setSignatureAlgorithm(String signatureAlgorithm)
void	setTokenKeyId(String tokenKeyId)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

secret

@ConfigItem
public Optional<String> secret

If provided, indicates that JWT is signed using a secret key

secretProvider

@ConfigItem
public OidcCommonConfig.Credentials.Provider secretProvider

If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider

keyFile

@ConfigItem
public Optional<String> keyFile

If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use the signatureAlgorithm property to specify the key algorithm.

keyStoreFile

@ConfigItem
public Optional<String> keyStoreFile

If provided, indicates that JWT is signed using a private key from a key store

keyStorePassword

@ConfigItem(defaultValue="password")
public String keyStorePassword

A parameter to specify the password of the key store file. If not given, the default ("password") is used.

keyId

@ConfigItem
public Optional<String> keyId

The private key id/alias

keyPassword

@ConfigItem(defaultValue="password")
public String keyPassword

The private key password

audience

@ConfigItem
public Optional<String> audience

JWT audience ('aud') claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint.

tokenKeyId

@ConfigItem
public Optional<String> tokenKeyId

Key identifier of the signing key added as a JWT 'kid' header

issuer

@ConfigItem
public Optional<String> issuer

Issuer of the signing key added as a JWT 'iss' claim (default: client id)

subject

@ConfigItem
public Optional<String> subject

Subject of the signing key added as a JWT 'sub' claim (default: client id)

signatureAlgorithm

@ConfigItem
public Optional<String> signatureAlgorithm

Signature algorithm, also used for the keyFile property. Supported values: RS256, RS384, RS512, PS256, PS384, PS512, ES256, ES384, ES512, HS256, HS384, HS512.

lifespan

@ConfigItem(defaultValue="10")
public int lifespan

JWT life-span in seconds. It will be added to the time it was issued at to calculate the expiration time.

Constructor Detail

Jwt

public Jwt()

Method Detail

getSecret

public Optional<String> getSecret()

setSecret

public void setSecret(String secret)

getLifespan

public int getLifespan()

setLifespan

public void setLifespan(int lifespan)

getTokenKeyId

public Optional<String> getTokenKeyId()

setTokenKeyId

public void setTokenKeyId(String tokenKeyId)

getSecretProvider

public OidcCommonConfig.Credentials.Provider getSecretProvider()

setSecretProvider

public void setSecretProvider(OidcCommonConfig.Credentials.Provider secretProvider)

getSignatureAlgorithm

public Optional<String> getSignatureAlgorithm()

setSignatureAlgorithm

public void setSignatureAlgorithm(String signatureAlgorithm)

getAudience

public Optional<String> getAudience()

setAudience

public void setAudience(String audience)

getKeyFile

public Optional<String> getKeyFile()

setKeyFile

public void setKeyFile(String keyFile)