From 7826aeb8d8317ff97dd2d43217bbdea69fb9b6c8 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 10 Nov 2024 01:55:08 +0000 Subject: [PATCH] Sync documentation of main branch --- .../main/config/quarkus-all-config.adoc | 4687 +++++------------ .../config/quarkus-keycloak-admin-client.adoc | 2 +- ...eycloak-admin-client_quarkus.keycloak.adoc | 2 +- .../quarkus-kubernetes_quarkus.knative.adoc | 34 + ...quarkus-kubernetes_quarkus.kubernetes.adoc | 34 + .../quarkus-kubernetes_quarkus.openshift.adoc | 34 + .../quarkus-oidc-client-registration.adoc | 156 +- ...tion_quarkus.oidc-client-registration.adoc | 156 +- .../main/config/quarkus-oidc-client.adoc | 586 ++- ...arkus-oidc-client_quarkus.oidc-client.adoc | 586 ++- _generated-doc/main/config/quarkus-oidc.adoc | 3849 +++----------- .../config/quarkus-oidc_quarkus.oidc.adoc | 3849 +++----------- .../main/guides/deploying-to-kubernetes.adoc | 21 + 13 files changed, 4043 insertions(+), 9953 deletions(-) diff --git a/_generated-doc/main/config/quarkus-all-config.adoc b/_generated-doc/main/config/quarkus-all-config.adoc index ce07324ac00..6d25dc8d0f4 100644 --- a/_generated-doc/main/config/quarkus-all-config.adoc +++ b/_generated-doc/main/config/quarkus-all-config.adoc @@ -27306,7 +27306,7 @@ a| [[quarkus-keycloak-admin-client_quarkus-keycloak-admin-client-server-url]] [. [.description] -- -Keycloak server URL, for example, `https://host:port`. If this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create it instead. +Keycloak server URL, for example, `https://host:port`. When the Keycloak Dev Services is started and this property is not configured, Quarkus points the 'quarkus.keycloak.admin-client.server-url' configuration property to started Keycloak container. In other cases, when this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create the client instead. ifdef::add-copy-button-to-env-var[] @@ -31946,6 +31946,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-node-selector-key[`quarkus.knative.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KNATIVE_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KNATIVE_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-node-selector-value[`quarkus.knative.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KNATIVE_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KNATIVE_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-resources-limits-cpu[`quarkus.knative.resources.limits.cpu`]## [.description] @@ -37183,6 +37217,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-node-selector-key[`quarkus.kubernetes.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KUBERNETES_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KUBERNETES_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-node-selector-value[`quarkus.kubernetes.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KUBERNETES_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KUBERNETES_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-resources-limits-cpu[`quarkus.kubernetes.resources.limits.cpu`]## [.description] @@ -42964,6 +43032,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-node-selector-key[`quarkus.openshift.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OPENSHIFT_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OPENSHIFT_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-node-selector-value[`quarkus.openshift.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OPENSHIFT_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OPENSHIFT_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-resources-limits-cpu[`quarkus.openshift.resources.limits.cpu`]## [.description] @@ -53036,76 +53138,44 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## - -[.description] --- -Grant type which will be used to acquire a token to test the OIDC 'service' applications - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## - -[.description] --- -Grant options - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map> -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## [.description] -- -The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. +Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` +Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`4S` +|boolean +|`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## [.description] -- -Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. +If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` endif::add-copy-button-to-env-var[] -- |boolean -|`true` +|`false` a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-auth-server-url[`quarkus.oidc.auth-server-url`]## +`quarkus.oidc."tenant".auth-server-url` + [.description] -- The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. @@ -53123,6 +53193,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-discovery-enabled[`quarkus.oidc.discovery-enabled`]## +`quarkus.oidc."tenant".discovery-enabled` + [.description] -- Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. @@ -53140,6 +53212,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-registration-path[`quarkus.oidc.registration-path`]## +`quarkus.oidc."tenant".registration-path` + [.description] -- The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. @@ -53157,6 +53231,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-delay[`quarkus.oidc.connection-delay`]## +`quarkus.oidc."tenant".connection-delay` + [.description] -- The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. @@ -53174,6 +53250,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-retry-count[`quarkus.oidc.connection-retry-count`]## +`quarkus.oidc."tenant".connection-retry-count` + [.description] -- The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. @@ -53191,6 +53269,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-timeout[`quarkus.oidc.connection-timeout`]## +`quarkus.oidc."tenant".connection-timeout` + [.description] -- The number of seconds after which the current OIDC connection request times out. @@ -53208,6 +53288,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup[`quarkus.oidc.use-blocking-dns-lookup`]## +`quarkus.oidc."tenant".use-blocking-dns-lookup` + [.description] -- Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. @@ -53225,6 +53307,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-max-pool-size[`quarkus.oidc.max-pool-size`]## +`quarkus.oidc."tenant".max-pool-size` + [.description] -- The maximum size of the connection pool used by the WebClient. @@ -53242,6 +53326,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-follow-redirects[`quarkus.oidc.follow-redirects`]## +`quarkus.oidc."tenant".follow-redirects` + [.description] -- Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. @@ -53257,3276 +53343,1005 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## +a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## + +`quarkus.oidc."tenant".token-path` [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## +a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## + +`quarkus.oidc."tenant".revoke-path` [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## +a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## + +`quarkus.oidc."tenant".client-id` [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## +a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## + +`quarkus.oidc."tenant".client-name` [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## + +`quarkus.oidc."tenant".tenant-id` [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## + +`quarkus.oidc."tenant".tenant-enabled` [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## +a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## + +`quarkus.oidc."tenant".application-type` [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +The application type, which can be one of the following `ApplicationType` values. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] +|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] -a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## +a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## + +`quarkus.oidc."tenant".authorization-path` [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## +a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## + +`quarkus.oidc."tenant".user-info-path` [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## + +`quarkus.oidc."tenant".introspection-path` [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## + +`quarkus.oidc."tenant".jwks-path` [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## - -[.description] --- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## - -[.description] --- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## - -[.description] --- -The CredentialsProvider client secret key - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## - -[.description] --- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## - -[.description] --- -JWT token source: OIDC provider client or an existing JWT bearer token. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|`client`, `bearer` -|`client` - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## - -[.description] --- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## - -[.description] --- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## - -[.description] --- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## - -[.description] --- -The CredentialsProvider client secret key - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## - -[.description] --- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## - -[.description] --- -A parameter to specify the password of the keystore file. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## - -[.description] --- -The private key id or alias. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## - -[.description] --- -The private key password. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## - -[.description] --- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## - -[.description] --- -The key identifier of the signing key added as a JWT `kid` header. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## - -[.description] --- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## - -[.description] --- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## - -[.description] --- -Additional claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## - -[.description] --- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## - -[.description] --- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## - -[.description] --- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## - -[.description] --- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## - -[.description] --- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## - -[.description] --- -The application type, which can be one of the following `ApplicationType` values. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] - -a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## - -[.description] --- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## - -[.description] --- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## - -[.description] --- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## - -[.description] --- -Name - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## - -[.description] --- -Secret - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## - -[.description] --- -Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## - -[.description] --- -A list of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments. Each segment represents a JSON object name only; for example: "realm/groups". Use double quotes with the namespace-qualified claim names. This property can be used if a token has no `groups` claim but has the groups set in one or more different claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## - -[.description] --- -The separator for splitting strings that contain multiple group values. It is only used if the "role-claim-path" property points to one or more custom claims whose values are strings. A single space is used by default because the standard `scope` claim can contain a space-separated sequence. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## - -[.description] --- -Source of the principal roles. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## - -[.description] --- -The expected issuer `iss` claim value. This property overrides the `issuer` property, which might be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host, IP address, or tenant id of the provider, you can skip the issuer verification by setting this property to `any`, but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## - -[.description] --- -The expected audience `aud` claim value, which can be a string or an array of strings. Note the audience claim is verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens is only done if this property is configured. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## - -[.description] --- -Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required, both the token and UserInfo `sub` claims must be present and match each other. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## - -[.description] --- -A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## - -[.description] --- -Expected token type - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## - -[.description] --- -Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` -endif::add-copy-button-to-env-var[] --- -|int -| - -a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## - -[.description] --- -Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with `quarkus.oidc.token.lifespan-grace` to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid (`exp`) expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an `exp` claim. However, even if the current logout token is allowed to have no `exp` claim, the `exp` claim is still verified if the logout token contains it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## - -[.description] --- -Require that the token includes a `iat` (issued at) claim Set this property to `false` if your JWT token does not contain an `iat` (issued at) claim. Note that ID token is always required to have an `iat` claim and therefore this property has no impact on the ID token verification process. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## - -[.description] --- -Name of the claim which contains a principal name. By default, the `upn`, `preferred_username` and `sub` claims are checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## - -[.description] --- -Refresh expired authorization code flow ID or access tokens. If this property is enabled, a refresh token request is performed if the authorization code ID or access token has expired and, if successful, the local session is updated with the new set of tokens. Otherwise, the local session is invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case, the user might not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a nonzero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property is enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not need to enable this property manually in this case. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## - -[.description] --- -The refresh token time skew, in seconds. If this property is enabled, the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time, a refresh is going to happen. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## - -[.description] --- -The forced JWK set refresh interval in minutes. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## - -[.description] --- -Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## - -[.description] --- -HTTP Authorization header scheme. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|string -|`Bearer` - -a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## - -[.description] --- -Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` -| - -a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## - -[.description] --- -Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers might not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. If this property is not set and the `private_key_jwt` client authentication method is used, the private key used to sign the client authentication JWT tokens are also used to decrypt the encrypted ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## - -[.description] --- -Allow the remote introspection of JWT tokens when no matching JWK key is available. This property is set to `true` by default for backward-compatibility reasons. It is planned that this default value will be changed to `false` in an upcoming release. Also note this property is ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## - -[.description] --- -Require that JWT tokens are only introspected remotely. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## - -[.description] --- -Allow the remote introspection of the opaque tokens. Set this property to `false` if only JWT tokens are expected. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## - -[.description] --- -Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## - -[.description] --- -Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens must be accepted but OpenId Connect provider does not have a token introspection endpoint. This property has no effect when JWT tokens must be verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## - -[.description] --- -The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## - -[.description] --- -Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## - -[.description] --- -Name of the post logout URI parameter which is added as a query parameter to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|string -|`post_logout_redirect_uri` - -a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## - -[.description] --- -Additional properties which is added as the query parameters to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## - -[.description] --- -The relative path of the Back-Channel Logout endpoint at the application. It must start with the forward slash '/', for example, '/back-channel-logout'. This value is always resolved relative to 'quarkus.http.root-path'. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## - -[.description] --- -Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## - -[.description] --- -Number of minutes a logout token can be cached for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## - -[.description] --- -Token cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## - -[.description] --- -Logout token claim whose value is used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`sub` - -a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## - -[.description] --- -The relative path of the Front-Channel Logout endpoint at the application. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## - -[.description] --- -Common name of the leaf certificate. It must be set if the `trust-store-file` does not have this certificate imported. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## - -[.description] --- -Truststore file which keeps thumbprints of the trusted certificates. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|path -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## - -[.description] --- -A parameter to specify the password of the truststore file if it is configured with `trust-store-file`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## - -[.description] --- -A parameter to specify the alias of the truststore certificate. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## - -[.description] --- -An optional parameter to specify type of the truststore file. If not given, the type is automatically detected based on the file name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## - -[.description] --- -Authorization code flow response mode. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] -|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] - -a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## - -[.description] --- -The relative path for calculating a `redirect_uri` query parameter. It has to start from a forward slash and is appended to the request URI's host and port. For example, if the current request URI is `https://localhost:8080/service`, a `redirect_uri` parameter is set to `https://localhost:8080/` if this property is set to `/` and be the same as the request URI if this property has not been configured. Note the original request URI is restored after the user has authenticated if `restorePathAfterRedirect` is set to `true`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## - -[.description] --- -If this property is set to `true`, the original request URI which was used before the authentication is restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI is restored even if this property is disabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## - -[.description] --- -Remove the query parameters such as `code` and `state` set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## - -[.description] --- -Relative path to the public endpoint which processes the error response from the OIDC authorization endpoint. If the user authentication has failed, the OIDC provider returns an `error` and an optional `error_description` parameters, instead of the expected authorization `code`. If this property is set, the user is redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and is appended to the request URI's host and port. For example, if it is set as `/error` and the current request URI is `https://localhost:8080/callback?error=invalid_scope`, a redirect is made to `https://localhost:8080/error?error=invalid_scope`. If this property is not set, HTTP 401 status is returned in case of the user authentication failure. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## - -[.description] --- -Relative path to the public endpoint which an authenticated user is redirected to when the session has expired. - -When the OIDC session has expired and the session can not be refreshed, a user is redirected to the OIDC provider to re-authenticate. The user experience may not be ideal in this case as it may not be obvious to the authenticated user why an authentication challenge is returned. - -Set this property if you would like the user whose session has expired be redirected to a public application specific page instead, which can inform that the session has expired and advise the user to re-authenticated by following a link to the secured initial entry page. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## - -[.description] --- -Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. - -ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. - -Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. - -Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required. - -Bearer access token is always verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when access token is injected as the JsonWebToken bean, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## - -[.description] --- -Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/TLS terminating reverse proxy. This property, if enabled, also affects the logout `post_logout_redirect_uri` and the local redirect requests. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## - -[.description] --- -List of scopes - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## - -[.description] --- -The separator which is used when more than one scope is configured. A single space is used by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## - -[.description] --- -Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## - -[.description] --- -Add the `openid` scope automatically to the list of scopes. This is required for OpenId Connect providers, but does not work for OAuth2 providers such as Twitter OAuth2, which do not accept this scope and throw errors. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## - -[.description] --- -Additional properties added as query parameters to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## - -[.description] --- -Request URL query parameters which, if present, are added to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## - -[.description] --- -If enabled the state, session, and post logout cookies have their `secure` parameter set to `true` when HTTP is used. It might be necessary when running behind an SSL/TLS terminating reverse proxy. The cookies are always secure if HTTPS is used, even if this property is set to false. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## - -[.description] --- -Cookie name suffix. For example, a session cookie name for the default OIDC tenant is `q_session` but can be changed to `q_session_test` if this property is set to `test`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## - -[.description] --- -Cookie path parameter value which, if set, is used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, is checked first. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -|`/` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## - -[.description] --- -Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value is used to set a path parameter for the session, state and post logout cookies. If the header is missing, the `cookie-path` property is checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## - -[.description] --- -Cookie domain parameter value which, if set, is used for the session, state and post logout cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## - -[.description] --- -SameSite attribute for the session cookie. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` -endif::add-copy-button-to-env-var[] --- -a|`strict`, `lax`, `none` -|`lax` - -a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## - -[.description] --- -If a state cookie is present, a `state` query parameter must also be present and both the state cookie name suffix and state cookie value must match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie might represent the authentication flow initiated from another tab and not related to the current request. Disable this property to permit only a single authorization code flow in the same browser. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## - -[.description] --- -Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present. - -When either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser blocks it and the state cookie created by Quarkus remains in the browser cache. Quarkus reports an authentication failure when it detects such an old state cookie but find no matching state query parameter. - -Reporting HTTP 401 error is usually the right thing to do in such cases, it minimizes a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` might be needed to avoid such errors. - -However, setting this property to `false` might help if the above options are not suitable. It causes a new authentication redirect to OpenId Connect provider. Doing so might increase the risk of browser redirect loops. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## - -[.description] --- -If this property is set to `true`, an OIDC UserInfo endpoint is called. - -This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases. - -It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when UserInfo bean is injected, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## - -[.description] --- -Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user is redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a nonzero value, then the expired ID token can be refreshed before the session has expired. This property is ignored if the `token.refresh-expired` property has not been enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## - -[.description] --- -State cookie age in minutes. State cookie is created every time a new authorization code flow redirect starts and removed when this flow is completed. State cookie name is unique by default, see `allow-multiple-code-flows`. Keep its age to the reasonable minimum value such as 5 minutes or less. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## - -[.description] --- -If this property is set to `true`, a normal 302 redirect response is returned if the request was initiated by a JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated, which might not be desirable for Single-page applications (SPA) since it automatically following the redirect might not work given that OIDC authorization endpoints typically do not support CORS. - -If this property is set to `false`, a status code of `499` is returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. `X-Requested-With` request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## - -[.description] --- -Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken is generated in such cases. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## - -[.description] --- -Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## - -[.description] --- -Requires that a Proof Key for Code Exchange (PKCE) is used. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## - -[.description] --- -Secret used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. A client secret is not be used as a state encryption secret if it is less than 32 characters long. - -The secret is auto-generated if it remains uninitialized after checking all of these properties. - -Error is reported if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## - -[.description] --- -Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which must be included to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## - -[.description] --- -Custom HTTP headers which must be sent to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## - -[.description] --- -Default TokenStateManager strategy. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] -|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## - -[.description] --- -Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## - -[.description] --- -Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## - -[.description] --- -The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when `encryption-required` property is enabled. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required. - -The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## - -[.description] --- -Session cookie key encryption algorithm - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] -|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] - -a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## - -[.description] --- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## - -[.description] --- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## - -[.description] --- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## - -[.description] --- -If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. - -Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## - -[.description] --- -Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## - -[.description] --- -Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## - -[.description] --- -Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## - -[.description] --- -In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## - -[.description] --- -Well known OpenId Connect provider identifier - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` -endif::add-copy-button-to-env-var[] --- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` -| - -a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## - -[.description] --- -Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`0` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## - -[.description] --- -Maximum amount of time a given cache entry is valid for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`3M` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## - -[.description] --- -Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## - -[.description] --- -If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -h|[[quarkus-oidc_section_quarkus-oidc]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc[Additional named tenants]## -h|Type -h|Default - -a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-auth-server-url[`quarkus.oidc."tenant".auth-server-url`]## - -[.description] --- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-discovery-enabled[`quarkus.oidc."tenant".discovery-enabled`]## - -[.description] --- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-registration-path[`quarkus.oidc."tenant".registration-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-delay[`quarkus.oidc."tenant".connection-delay`]## - -[.description] --- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-retry-count[`quarkus.oidc."tenant".connection-retry-count`]## - -[.description] --- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++` -endif::add-copy-button-to-env-var[] --- -|int -|`3` - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-timeout[`quarkus.oidc."tenant".connection-timeout`]## - -[.description] --- -The number of seconds after which the current OIDC connection request times out. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] -|`10S` - -a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup[`quarkus.oidc."tenant".use-blocking-dns-lookup`]## - -[.description] --- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-max-pool-size[`quarkus.oidc."tenant".max-pool-size`]## - -[.description] --- -The maximum size of the connection pool used by the WebClient. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` endif::add-copy-button-to-env-var[] -- -|int +|string | -a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-follow-redirects[`quarkus.oidc."tenant".follow-redirects`]## - -[.description] --- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` +a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-host[`quarkus.oidc."tenant".proxy.host`]## +`quarkus.oidc."tenant".end-session-path` [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-port[`quarkus.oidc."tenant".proxy.port`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## + +`quarkus.oidc."tenant".tenant-paths` [.description] -- -The port number of the Proxy. The default value is `80`. +The paths which must be secured by this tenant. Tenant with the most specific path wins. +Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] +section of the OIDC multitenancy guide for explanation of allowed path patterns. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|list of string +| -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-username[`quarkus.oidc."tenant".proxy.username`]## +a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## + +`quarkus.oidc."tenant".public-key` [.description] -- -The username, if the Proxy needs authentication. +The public key for the local JWT token verification. OIDC server connection is not created when this property is set. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-password[`quarkus.oidc."tenant".proxy.password`]## +a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## + +`quarkus.oidc."tenant".allow-token-introspection-cache` [.description] -- -The password, if the Proxy needs authentication. +Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name[`quarkus.oidc."tenant".tls.tls-configuration-name`]## +a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## + +`quarkus.oidc."tenant".allow-user-info-cache` [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` + +a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-path[`quarkus.oidc."tenant".token-path`]## +`quarkus.oidc."tenant".cache-user-info-in-idtoken` [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. + +Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` endif::add-copy-button-to-env-var[] -- -|string +|boolean | -a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-revoke-path[`quarkus.oidc."tenant".revoke-path`]## +a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## + +`quarkus.oidc."tenant".provider` [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +Well known OpenId Connect provider identifier ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- -|string +a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-id[`quarkus.oidc."tenant".client-id`]## +h|[[quarkus-oidc_section_quarkus-oidc-devui]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-devui[OIDC Dev UI configuration which is effective in dev mode only]## +h|Type +h|Default + +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +Grant type which will be used to acquire a token to test the OIDC 'service' applications ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-name[`quarkus.oidc."tenant".client-name`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +Grant options ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map> | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-secret[`quarkus.oidc."tenant".credentials.secret`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` endif::add-copy-button-to-env-var[] -- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value[`quarkus.oidc."tenant".credentials.client-secret.value`]## +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] +|`4S` -[.description] --- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +h|[[quarkus-oidc_section_quarkus-oidc-proxy]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-proxy[HTTP proxy configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name[`quarkus.oidc."tenant".credentials.client-secret.provider.name`]## +`quarkus.oidc."tenant".proxy.host` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## + +`quarkus.oidc."tenant".proxy.port` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` + +a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key[`quarkus.oidc."tenant".credentials.client-secret.provider.key`]## +`quarkus.oidc."tenant".proxy.username` [.description] -- -The CredentialsProvider client secret key +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method[`quarkus.oidc."tenant".credentials.client-secret.method`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## + +`quarkus.oidc."tenant".proxy.password` [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] +|string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## - -[.description] --- -JWT token source: OIDC provider client or an existing JWT bearer token. +h|[[quarkus-oidc_section_quarkus-oidc-tls]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-tls[TLS configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|`client`, `bearer` -|`client` +a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret[`quarkus.oidc."tenant".credentials.jwt.secret`]## +`quarkus.oidc."tenant".tls.tls-configuration-name` [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| +The name of the TLS configuration to use. -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.name`]## +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. -[.description] --- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name`]## - -[.description] --- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +h|[[quarkus-oidc_section_quarkus-oidc-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key[`quarkus.oidc."tenant".credentials.jwt.secret-provider.key`]## +`quarkus.oidc."tenant".credentials.secret` [.description] -- -The CredentialsProvider client secret key +The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key[`quarkus.oidc."tenant".credentials.jwt.key`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## + +`quarkus.oidc."tenant".credentials.client-secret.value` [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file[`quarkus.oidc."tenant".credentials.jwt.key-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.name` [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file[`quarkus.oidc."tenant".credentials.jwt.key-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name` [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password[`quarkus.oidc."tenant".credentials.jwt.key-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.key` [.description] -- -A parameter to specify the password of the keystore file. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id[`quarkus.oidc."tenant".credentials.jwt.key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## + +`quarkus.oidc."tenant".credentials.client-secret.method` [.description] -- -The private key id or alias. +The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password[`quarkus.oidc."tenant".credentials.jwt.key-password`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## + +`quarkus.oidc."tenant".credentials.jwt.source` [.description] -- -The private key password. +JWT token source: OIDC provider client or an existing JWT bearer token. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|`client`, `bearer` +|`client` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience[`quarkus.oidc."tenant".credentials.jwt.audience`]## +`quarkus.oidc."tenant".credentials.jwt.secret` [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. +If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id[`quarkus.oidc."tenant".credentials.jwt.token-key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.name` [.description] -- -The key identifier of the signing key added as a JWT `kid` header. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer[`quarkus.oidc."tenant".credentials.jwt.issuer`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name` [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject[`quarkus.oidc."tenant".credentials.jwt.subject`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.key` [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name[`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## + +`quarkus.oidc."tenant".credentials.jwt.key` [.description] -- -Additional claims. +String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm[`quarkus.oidc."tenant".credentials.jwt.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-file` [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. +If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan[`quarkus.oidc."tenant".credentials.jwt.lifespan`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-store-file` [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. +If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- -|int -|`10` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion[`quarkus.oidc."tenant".credentials.jwt.assertion`]## +`quarkus.oidc."tenant".credentials.jwt.key-store-password` [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. +A parameter to specify the password of the keystore file. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-id[`quarkus.oidc."tenant".tenant-id`]## +`quarkus.oidc."tenant".credentials.jwt.key-id` [.description] -- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. +The private key id or alias. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-enabled[`quarkus.oidc."tenant".tenant-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## + +`quarkus.oidc."tenant".credentials.jwt.key-password` [.description] -- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. +The private key password. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-application-type[`quarkus.oidc."tenant".application-type`]## +`quarkus.oidc."tenant".credentials.jwt.audience` [.description] -- -The application type, which can be one of the following `ApplicationType` values. +The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authorization-path[`quarkus.oidc."tenant".authorization-path`]## +`quarkus.oidc."tenant".credentials.jwt.token-key-id` [.description] -- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. +The key identifier of the signing key added as a JWT `kid` header. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-user-info-path[`quarkus.oidc."tenant".user-info-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## + +`quarkus.oidc."tenant".credentials.jwt.issuer` [.description] -- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. +The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-path[`quarkus.oidc."tenant".introspection-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## + +`quarkus.oidc."tenant".credentials.jwt.subject` [.description] -- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. +Subject of the signing key added as a JWT `sub` claim The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-path[`quarkus.oidc."tenant".jwks-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## + +`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"` [.description] -- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. +Additional claims. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-end-session-path[`quarkus.oidc."tenant".end-session-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## + +`quarkus.oidc."tenant".credentials.jwt.signature-algorithm` [.description] -- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. +The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-paths[`quarkus.oidc."tenant".tenant-paths`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## + +`quarkus.oidc."tenant".credentials.jwt.lifespan` [.description] -- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. +The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- -|list of string -| +|int +|`10` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-public-key[`quarkus.oidc."tenant".public-key`]## +`quarkus.oidc."tenant".credentials.jwt.assertion` [.description] -- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. +If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`false` + -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name[`quarkus.oidc."tenant".introspection-credentials.name`]## +h|[[quarkus-oidc_section_quarkus-oidc-introspection-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-introspection-credentials[Optional introspection endpoint-specific basic authentication configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## + +`quarkus.oidc."tenant".introspection-credentials.name` [.description] -- @@ -56534,16 +54349,18 @@ Name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret[`quarkus.oidc."tenant".introspection-credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## + +`quarkus.oidc."tenant".introspection-credentials.secret` [.description] -- @@ -56551,16 +54368,18 @@ Secret ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id[`quarkus.oidc."tenant".introspection-credentials.include-client-id`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## + +`quarkus.oidc."tenant".introspection-credentials.include-client-id` [.description] -- @@ -56568,16 +54387,23 @@ Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path[`quarkus.oidc."tenant".roles.role-claim-path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-roles]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-roles[Configuration to find and parse custom claims which contain roles]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## + +`quarkus.oidc."tenant".roles.role-claim-path` [.description] -- @@ -56585,16 +54411,18 @@ A list of paths to claims containing an array of groups. Each path starts from t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator[`quarkus.oidc."tenant".roles.role-claim-separator`]## +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## + +`quarkus.oidc."tenant".roles.role-claim-separator` [.description] -- @@ -56602,16 +54430,18 @@ The separator for splitting strings that contain multiple group values. It is on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-source[`quarkus.oidc."tenant".roles.source`]## +a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## + +`quarkus.oidc."tenant".roles.source` [.description] -- @@ -56619,16 +54449,23 @@ Source of the principal roles. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issuer[`quarkus.oidc."tenant".token.issuer`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token[Configuration to customize validation of token claims]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## + +`quarkus.oidc."tenant".token.issuer` [.description] -- @@ -56636,16 +54473,18 @@ The expected issuer `iss` claim value. This property overrides the `issuer` prop ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-audience[`quarkus.oidc."tenant".token.audience`]## +a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## + +`quarkus.oidc."tenant".token.audience` [.description] -- @@ -56653,16 +54492,18 @@ The expected audience `aud` claim value, which can be a string or an array of st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-subject-required[`quarkus.oidc."tenant".token.subject-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## + +`quarkus.oidc."tenant".token.subject-required` [.description] -- @@ -56670,16 +54511,18 @@ Require that the token includes a `sub` (subject) claim which is a unique and ne ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name[`quarkus.oidc."tenant".token.required-claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## + +`quarkus.oidc."tenant".token.required-claims."claim-name"` [.description] -- @@ -56687,16 +54530,18 @@ A map of required claims and their expected values. For example, `quarkus.oidc.t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-token-type[`quarkus.oidc."tenant".token.token-type`]## +a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## + +`quarkus.oidc."tenant".token.token-type` [.description] -- @@ -56704,16 +54549,18 @@ Expected token type ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace[`quarkus.oidc."tenant".token.lifespan-grace`]## +a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## + +`quarkus.oidc."tenant".token.lifespan-grace` [.description] -- @@ -56721,16 +54568,18 @@ Life span grace period in seconds. When checking token expiry, current time is a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` endif::add-copy-button-to-env-var[] -- |int | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-age[`quarkus.oidc."tenant".token.age`]## +a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## + +`quarkus.oidc."tenant".token.age` [.description] -- @@ -56738,16 +54587,18 @@ Token age. It allows for the number of seconds to be specified that must not ela ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required[`quarkus.oidc."tenant".token.issued-at-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## + +`quarkus.oidc."tenant".token.issued-at-required` [.description] -- @@ -56755,16 +54606,18 @@ Require that the token includes a `iat` (issued at) claim Set this property to ` ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-principal-claim[`quarkus.oidc."tenant".token.principal-claim`]## +a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## + +`quarkus.oidc."tenant".token.principal-claim` [.description] -- @@ -56772,16 +54625,18 @@ Name of the claim which contains a principal name. By default, the `upn`, `prefe ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired[`quarkus.oidc."tenant".token.refresh-expired`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## + +`quarkus.oidc."tenant".token.refresh-expired` [.description] -- @@ -56789,16 +54644,18 @@ Refresh expired authorization code flow ID or access tokens. If this property is ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew[`quarkus.oidc."tenant".token.refresh-token-time-skew`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## + +`quarkus.oidc."tenant".token.refresh-token-time-skew` [.description] -- @@ -56806,16 +54663,18 @@ The refresh token time skew, in seconds. If this property is enabled, the config ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval[`quarkus.oidc."tenant".token.forced-jwk-refresh-interval`]## +a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## + +`quarkus.oidc."tenant".token.forced-jwk-refresh-interval` [.description] -- @@ -56823,16 +54682,18 @@ The forced JWK set refresh interval in minutes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-header[`quarkus.oidc."tenant".token.header`]## +a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## + +`quarkus.oidc."tenant".token.header` [.description] -- @@ -56840,16 +54701,18 @@ Custom HTTP header that contains a bearer token. This option is valid only when ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme[`quarkus.oidc."tenant".token.authorization-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## + +`quarkus.oidc."tenant".token.authorization-scheme` [.description] -- @@ -56857,16 +54720,18 @@ HTTP Authorization header scheme. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` endif::add-copy-button-to-env-var[] -- |string |`Bearer` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm[`quarkus.oidc."tenant".token.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## + +`quarkus.oidc."tenant".token.signature-algorithm` [.description] -- @@ -56874,16 +54739,18 @@ Required signature algorithm. OIDC providers support many signature algorithms b ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location[`quarkus.oidc."tenant".token.decryption-key-location`]## +a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## + +`quarkus.oidc."tenant".token.decryption-key-location` [.description] -- @@ -56891,16 +54758,18 @@ Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection[`quarkus.oidc."tenant".token.allow-jwt-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## + +`quarkus.oidc."tenant".token.allow-jwt-introspection` [.description] -- @@ -56908,16 +54777,18 @@ Allow the remote introspection of JWT tokens when no matching JWK key is availab ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only[`quarkus.oidc."tenant".token.require-jwt-introspection-only`]## +a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## + +`quarkus.oidc."tenant".token.require-jwt-introspection-only` [.description] -- @@ -56925,16 +54796,18 @@ Require that JWT tokens are only introspected remotely. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection[`quarkus.oidc."tenant".token.allow-opaque-token-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## + +`quarkus.oidc."tenant".token.allow-opaque-token-introspection` [.description] -- @@ -56942,16 +54815,18 @@ Allow the remote introspection of the opaque tokens. Set this property to `false ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-customizer-name[`quarkus.oidc."tenant".token.customizer-name`]## +a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## + +`quarkus.oidc."tenant".token.customizer-name` [.description] -- @@ -56959,16 +54834,18 @@ Token customizer name. Allows to select a tenant specific token customizer as a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info[`quarkus.oidc."tenant".token.verify-access-token-with-user-info`]## +a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## + +`quarkus.oidc."tenant".token.verify-access-token-with-user-info` [.description] -- @@ -56976,16 +54853,23 @@ Indirectly verify that the opaque (binary) access token is valid by using it to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-path[`quarkus.oidc."tenant".logout.path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-logout]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-logout[RP-initiated, back-channel and front-channel logout configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## + +`quarkus.oidc."tenant".logout.path` [.description] -- @@ -56993,16 +54877,18 @@ The relative path of the logout endpoint at the application. If provided, the ap ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path[`quarkus.oidc."tenant".logout.post-logout-path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## + +`quarkus.oidc."tenant".logout.post-logout-path` [.description] -- @@ -57010,16 +54896,18 @@ Relative path of the application endpoint where the user should be redirected to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param[`quarkus.oidc."tenant".logout.post-logout-uri-param`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## + +`quarkus.oidc."tenant".logout.post-logout-uri-param` [.description] -- @@ -57027,16 +54915,18 @@ Name of the post logout URI parameter which is added as a query parameter to the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` endif::add-copy-button-to-env-var[] -- |string |`post_logout_redirect_uri` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name[`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## + +`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"` [.description] -- @@ -57044,16 +54934,18 @@ Additional properties which is added as the query parameters to the logout redir ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path[`quarkus.oidc."tenant".logout.backchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## + +`quarkus.oidc."tenant".logout.backchannel.path` [.description] -- @@ -57061,16 +54953,18 @@ The relative path of the Back-Channel Logout endpoint at the application. It mus ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size[`quarkus.oidc."tenant".logout.backchannel.token-cache-size`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-size` [.description] -- @@ -57078,16 +54972,18 @@ Maximum number of logout tokens that can be cached before they are matched again ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- |int |`10` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live[`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live` [.description] -- @@ -57095,16 +54991,18 @@ Number of minutes a logout token can be cached for. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval[`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## + +`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval` [.description] -- @@ -57112,16 +55010,18 @@ Token cache timer interval. If this property is set, a timer checks and removes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key[`quarkus.oidc."tenant".logout.backchannel.logout-token-key`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## + +`quarkus.oidc."tenant".logout.backchannel.logout-token-key` [.description] -- @@ -57129,16 +55029,18 @@ Logout token claim whose value is used as a key for caching the tokens. Only `su ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` endif::add-copy-button-to-env-var[] -- |string |`sub` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path[`quarkus.oidc."tenant".logout.frontchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## + +`quarkus.oidc."tenant".logout.frontchannel.path` [.description] -- @@ -57146,16 +55048,23 @@ The relative path of the Front-Channel Logout endpoint at the application. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name[`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name`]## + +h|[[quarkus-oidc_section_quarkus-oidc-certificate-chain]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-certificate-chain[Configuration of the certificate chain which can be used to verify tokens]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## + +`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name` [.description] -- @@ -57163,16 +55072,18 @@ Common name of the leaf certificate. It must be set if the `trust-store-file` do ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file[`quarkus.oidc."tenant".certificate-chain.trust-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file` [.description] -- @@ -57180,16 +55091,18 @@ Truststore file which keeps thumbprints of the trusted certificates. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- |path | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password[`quarkus.oidc."tenant".certificate-chain.trust-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-password` [.description] -- @@ -57197,16 +55110,18 @@ A parameter to specify the password of the truststore file if it is configured w ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias[`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias` [.description] -- @@ -57214,16 +55129,18 @@ A parameter to specify the alias of the truststore certificate. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type[`quarkus.oidc."tenant".certificate-chain.trust-store-file-type`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file-type` [.description] -- @@ -57231,16 +55148,23 @@ An optional parameter to specify type of the truststore file. If not given, the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode[`quarkus.oidc."tenant".authentication.response-mode`]## + +h|[[quarkus-oidc_section_quarkus-oidc-authentication]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-authentication[Configuration for managing an authorization code flow]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## + +`quarkus.oidc."tenant".authentication.response-mode` [.description] -- @@ -57248,16 +55172,18 @@ Authorization code flow response mode. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] |tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path[`quarkus.oidc."tenant".authentication.redirect-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## + +`quarkus.oidc."tenant".authentication.redirect-path` [.description] -- @@ -57265,16 +55191,18 @@ The relative path for calculating a `redirect_uri` query parameter. It has to st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect[`quarkus.oidc."tenant".authentication.restore-path-after-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## + +`quarkus.oidc."tenant".authentication.restore-path-after-redirect` [.description] -- @@ -57282,16 +55210,18 @@ If this property is set to `true`, the original request URI which was used befor ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters[`quarkus.oidc."tenant".authentication.remove-redirect-parameters`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## + +`quarkus.oidc."tenant".authentication.remove-redirect-parameters` [.description] -- @@ -57299,16 +55229,18 @@ Remove the query parameters such as `code` and `state` set by the OIDC server on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-error-path[`quarkus.oidc."tenant".authentication.error-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## + +`quarkus.oidc."tenant".authentication.error-path` [.description] -- @@ -57316,16 +55248,18 @@ Relative path to the public endpoint which processes the error response from the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path[`quarkus.oidc."tenant".authentication.session-expired-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## + +`quarkus.oidc."tenant".authentication.session-expired-path` [.description] -- @@ -57337,16 +55271,18 @@ Set this property if you would like the user whose session has expired be redire ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token[`quarkus.oidc."tenant".authentication.verify-access-token`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## + +`quarkus.oidc."tenant".authentication.verify-access-token` [.description] -- @@ -57362,16 +55298,18 @@ Bearer access token is always verified. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when access token is injected as the JsonWebToken bean, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme[`quarkus.oidc."tenant".authentication.force-redirect-https-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## + +`quarkus.oidc."tenant".authentication.force-redirect-https-scheme` [.description] -- @@ -57379,16 +55317,18 @@ Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/ ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scopes[`quarkus.oidc."tenant".authentication.scopes`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## + +`quarkus.oidc."tenant".authentication.scopes` [.description] -- @@ -57396,16 +55336,18 @@ List of scopes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator[`quarkus.oidc."tenant".authentication.scope-separator`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## + +`quarkus.oidc."tenant".authentication.scope-separator` [.description] -- @@ -57413,16 +55355,18 @@ The separator which is used when more than one scope is configured. A single spa ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required[`quarkus.oidc."tenant".authentication.nonce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## + +`quarkus.oidc."tenant".authentication.nonce-required` [.description] -- @@ -57430,16 +55374,18 @@ Require that ID token includes a `nonce` claim which must match `nonce` authenti ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope[`quarkus.oidc."tenant".authentication.add-openid-scope`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## + +`quarkus.oidc."tenant".authentication.add-openid-scope` [.description] -- @@ -57447,16 +55393,18 @@ Add the `openid` scope automatically to the list of scopes. This is required for ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name[`quarkus.oidc."tenant".authentication.extra-params."parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".authentication.extra-params."parameter-name"` [.description] -- @@ -57464,16 +55412,18 @@ Additional properties added as query parameters to the authentication redirect U ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params[`quarkus.oidc."tenant".authentication.forward-params`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## + +`quarkus.oidc."tenant".authentication.forward-params` [.description] -- @@ -57481,16 +55431,18 @@ Request URL query parameters which, if present, are added to the authentication ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure[`quarkus.oidc."tenant".authentication.cookie-force-secure`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## + +`quarkus.oidc."tenant".authentication.cookie-force-secure` [.description] -- @@ -57498,16 +55450,18 @@ If enabled the state, session, and post logout cookies have their `secure` param ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix[`quarkus.oidc."tenant".authentication.cookie-suffix`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## + +`quarkus.oidc."tenant".authentication.cookie-suffix` [.description] -- @@ -57515,16 +55469,18 @@ Cookie name suffix. For example, a session cookie name for the default OIDC tena ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path[`quarkus.oidc."tenant".authentication.cookie-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## + +`quarkus.oidc."tenant".authentication.cookie-path` [.description] -- @@ -57532,16 +55488,18 @@ Cookie path parameter value which, if set, is used to set a path parameter for t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` endif::add-copy-button-to-env-var[] -- |string |`/` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header[`quarkus.oidc."tenant".authentication.cookie-path-header`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## + +`quarkus.oidc."tenant".authentication.cookie-path-header` [.description] -- @@ -57549,16 +55507,18 @@ Cookie path header parameter value which, if set, identifies the incoming HTTP h ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain[`quarkus.oidc."tenant".authentication.cookie-domain`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## + +`quarkus.oidc."tenant".authentication.cookie-domain` [.description] -- @@ -57566,16 +55526,18 @@ Cookie domain parameter value which, if set, is used for the session, state and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site[`quarkus.oidc."tenant".authentication.cookie-same-site`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## + +`quarkus.oidc."tenant".authentication.cookie-same-site` [.description] -- @@ -57583,16 +55545,18 @@ SameSite attribute for the session cookie. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` endif::add-copy-button-to-env-var[] -- a|`strict`, `lax`, `none` |`lax` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows[`quarkus.oidc."tenant".authentication.allow-multiple-code-flows`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## + +`quarkus.oidc."tenant".authentication.allow-multiple-code-flows` [.description] -- @@ -57600,16 +55564,18 @@ If a state cookie is present, a `state` query parameter must also be present and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param[`quarkus.oidc."tenant".authentication.fail-on-missing-state-param`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## + +`quarkus.oidc."tenant".authentication.fail-on-missing-state-param` [.description] -- @@ -57623,16 +55589,18 @@ However, setting this property to `false` might help if the above options are no ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required[`quarkus.oidc."tenant".authentication.user-info-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## + +`quarkus.oidc."tenant".authentication.user-info-required` [.description] -- @@ -57644,16 +55612,18 @@ It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point i ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when UserInfo bean is injected, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension[`quarkus.oidc."tenant".authentication.session-age-extension`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## + +`quarkus.oidc."tenant".authentication.session-age-extension` [.description] -- @@ -57661,16 +55631,18 @@ Session age extension in minutes. The user session age property is set to the va ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age[`quarkus.oidc."tenant".authentication.state-cookie-age`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## + +`quarkus.oidc."tenant".authentication.state-cookie-age` [.description] -- @@ -57678,16 +55650,18 @@ State cookie age in minutes. State cookie is created every time a new authorizat ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect[`quarkus.oidc."tenant".authentication.java-script-auto-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## + +`quarkus.oidc."tenant".authentication.java-script-auto-redirect` [.description] -- @@ -57697,16 +55671,18 @@ If this property is set to `false`, a status code of `499` is returned to allow ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required[`quarkus.oidc."tenant".authentication.id-token-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## + +`quarkus.oidc."tenant".authentication.id-token-required` [.description] -- @@ -57714,16 +55690,18 @@ Requires that ID token is available when the authorization code flow completes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan[`quarkus.oidc."tenant".authentication.internal-id-token-lifespan`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## + +`quarkus.oidc."tenant".authentication.internal-id-token-lifespan` [.description] -- @@ -57731,16 +55709,18 @@ Internal ID token lifespan. This property is only checked when an internal IdTok ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required[`quarkus.oidc."tenant".authentication.pkce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## + +`quarkus.oidc."tenant".authentication.pkce-required` [.description] -- @@ -57748,16 +55728,18 @@ Requires that a Proof Key for Code Exchange (PKCE) is used. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret[`quarkus.oidc."tenant".authentication.state-secret`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## + +`quarkus.oidc."tenant".authentication.state-secret` [.description] -- @@ -57771,16 +55753,23 @@ Error is reported if the secret length is less than 16 characters. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name[`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"`]## + +h|[[quarkus-oidc_section_quarkus-oidc-code-grant]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-code-grant[Configuration to complete an authorization code flow grant]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"` [.description] -- @@ -57788,16 +55777,18 @@ Additional parameters, in addition to the required `code` and `redirect-uri` par ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name[`quarkus.oidc."tenant".code-grant.headers."header-name"`]## +a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## + +`quarkus.oidc."tenant".code-grant.headers."header-name"` [.description] -- @@ -57805,16 +55796,23 @@ Custom HTTP headers which must be sent to complete the authorization code grant ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy[`quarkus.oidc."tenant".token-state-manager.strategy`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token-state-manager]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-state-manager[Default token state manager configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## + +`quarkus.oidc."tenant".token-state-manager.strategy` [.description] -- @@ -57822,16 +55820,18 @@ Default TokenStateManager strategy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` endif::add-copy-button-to-env-var[] -- a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] |tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens[`quarkus.oidc."tenant".token-state-manager.split-tokens`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## + +`quarkus.oidc."tenant".token-state-manager.split-tokens` [.description] -- @@ -57839,124 +55839,84 @@ Default TokenStateManager keeps all tokens (ID, access and refresh) returned in ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required[`quarkus.oidc."tenant".token-state-manager.encryption-required`]## - -[.description] --- -Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret[`quarkus.oidc."tenant".token-state-manager.encryption-secret`]## - -[.description] --- -The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when `encryption-required` property is enabled. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required. - -The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm[`quarkus.oidc."tenant".token-state-manager.encryption-algorithm`]## - -[.description] --- -Session cookie key encryption algorithm - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] -|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache[`quarkus.oidc."tenant".allow-token-introspection-cache`]## +`quarkus.oidc."tenant".token-state-manager.encryption-required` [.description] -- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache[`quarkus.oidc."tenant".allow-user-info-cache`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-secret` [.description] -- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when `encryption-required` property is enabled. + +If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required. + +The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken[`quarkus.oidc."tenant".cache-user-info-in-idtoken`]## +`quarkus.oidc."tenant".token-state-manager.encryption-algorithm` [.description] -- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. +Session cookie key encryption algorithm ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- -|boolean -| +a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] +|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] + + +h|[[quarkus-oidc_section_quarkus-oidc-jwks]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-jwks[How JsonWebKey verification key set should be acquired and managed]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early[`quarkus.oidc."tenant".jwks.resolve-early`]## +`quarkus.oidc."tenant".jwks.resolve-early` [.description] -- @@ -57966,16 +55926,18 @@ Disabling this property delays the key acquisition until the moment the current ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size[`quarkus.oidc."tenant".jwks.cache-size`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## + +`quarkus.oidc."tenant".jwks.cache-size` [.description] -- @@ -57983,16 +55945,18 @@ Maximum number of JWK keys that can be cached. This property is ignored if the ` ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- |int |`10` -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live[`quarkus.oidc."tenant".jwks.cache-time-to-live`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## + +`quarkus.oidc."tenant".jwks.cache-time-to-live` [.description] -- @@ -58000,16 +55964,18 @@ Number of minutes a JWK key can be cached for. This property is ignored if the ` ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval[`quarkus.oidc."tenant".jwks.clean-up-timer-interval`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## + +`quarkus.oidc."tenant".jwks.clean-up-timer-interval` [.description] -- @@ -58017,16 +55983,18 @@ Cache timer interval. If this property is set, a timer checks and removes the st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-try-all[`quarkus.oidc."tenant".jwks.try-all`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## + +`quarkus.oidc."tenant".jwks.try-all` [.description] -- @@ -58034,30 +56002,69 @@ In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-provider[`quarkus.oidc."tenant".provider`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token-cache]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-cache[Default TokenIntrospection and UserInfo Cache configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## [.description] -- -Well known OpenId Connect provider identifier +Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROVIDER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` endif::add-copy-button-to-env-var[] -- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` +|int +|`0` + +a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## + +[.description] +-- +Maximum amount of time a given cache entry is valid for. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] +|`3M` + +a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## + +[.description] +-- +Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | @@ -58236,826 +56243,841 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +If this client configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +List of access token scopes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` endif::add-copy-button-to-env-var[] -- -|string +|list of string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` endif::add-copy-button-to-env-var[] -- -|string +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` endif::add-copy-button-to-env-var[] -- -|string +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-secret[`quarkus.oidc-client.credentials.secret`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`false` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value[`quarkus.oidc-client.credentials.client-secret.value`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +Grant type ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] +|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-name[`quarkus.oidc-client.credentials.client-secret.provider.name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Access token property name in a token grant response ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- |string -| +|`access_token` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-keyring-name[`quarkus.oidc-client.credentials.client-secret.provider.keyring-name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +Refresh token property name in a token grant response ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- |string -| +|`refresh_token` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-key[`quarkus.oidc-client.credentials.client-secret.provider.key`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## [.description] -- -The CredentialsProvider client secret key +Access token expiry property name in a token grant response ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- |string -| +|`expires_in` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method[`quarkus.oidc-client.credentials.client-secret.method`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +Refresh token expiry property name in a token grant response ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| +|string +|`refresh_expires_in` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source[`quarkus.oidc-client.credentials.jwt.source`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. +Grant options ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` endif::add-copy-button-to-env-var[] -- -a|`client`, `bearer` -|`client` +|Map> +| -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret[`quarkus.oidc-client.credentials.jwt.secret`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. +Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-name[`quarkus.oidc-client.credentials.jwt.secret-provider.name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Custom HTTP headers which have to be sent to the token endpoint ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc-client.credentials.jwt.secret-provider.keyring-name`]## +h|[[quarkus-oidc-client_section_quarkus-oidc-client-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key[`quarkus.oidc-client.credentials.jwt.secret-provider.key`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## [.description] -- -The CredentialsProvider client secret key +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key[`quarkus.oidc-client.credentials.jwt.key`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file[`quarkus.oidc-client.credentials.jwt.key-file`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file[`quarkus.oidc-client.credentials.jwt.key-store-file`]## + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password[`quarkus.oidc-client.credentials.jwt.key-store-password`]## + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-credentials]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-secret[`quarkus.oidc-client.credentials.secret`]## [.description] -- -A parameter to specify the password of the keystore file. +The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id[`quarkus.oidc-client.credentials.jwt.key-id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-value[`quarkus.oidc-client.credentials.client-secret.value`]## [.description] -- -The private key id or alias. +The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_VALUE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password[`quarkus.oidc-client.credentials.jwt.key-password`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-name[`quarkus.oidc-client.credentials.client-secret.provider.name`]## [.description] -- -The private key password. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience[`quarkus.oidc-client.credentials.jwt.audience`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-keyring-name[`quarkus.oidc-client.credentials.client-secret.provider.keyring-name`]## [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id[`quarkus.oidc-client.credentials.jwt.token-key-id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-provider-key[`quarkus.oidc-client.credentials.client-secret.provider.key`]## [.description] -- -The key identifier of the signing key added as a JWT `kid` header. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer[`quarkus.oidc-client.credentials.jwt.issuer`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-client-secret-method[`quarkus.oidc-client.credentials.client-secret.method`]## [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. +The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject[`quarkus.oidc-client.credentials.jwt.subject`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-source[`quarkus.oidc-client.credentials.jwt.source`]## [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. +JWT token source: OIDC provider client or an existing JWT bearer token. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SOURCE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|`client`, `bearer` +|`client` -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name[`quarkus.oidc-client.credentials.jwt.claims."claim-name"`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret[`quarkus.oidc-client.credentials.jwt.secret`]## [.description] -- -Additional claims. +If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm[`quarkus.oidc-client.credentials.jwt.signature-algorithm`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-name[`quarkus.oidc-client.credentials.jwt.secret-provider.name`]## [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan[`quarkus.oidc-client.credentials.jwt.lifespan`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc-client.credentials.jwt.secret-provider.keyring-name`]## [.description] -- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- -|int -|`10` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion[`quarkus.oidc-client.credentials.jwt.assertion`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-secret-provider-key[`quarkus.oidc-client.credentials.jwt.secret-provider.key`]## [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key[`quarkus.oidc-client.credentials.jwt.key`]## [.description] -- -A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. +String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-file[`quarkus.oidc-client.credentials.jwt.key-file`]## [.description] -- -If this client configuration is enabled. +If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_FILE+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-file[`quarkus.oidc-client.credentials.jwt.key-store-file`]## [.description] -- -List of access token scopes +If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- -|list of string +|string | -a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-store-password[`quarkus.oidc-client.credentials.jwt.key-store-password`]## [.description] -- -Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. +A parameter to specify the password of the keystore file. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] +|string | -a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-id[`quarkus.oidc-client.credentials.jwt.key-id`]## [.description] -- -Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. +The private key id or alias. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_ID+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]] +|string | -a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-key-password[`quarkus.oidc-client.credentials.jwt.key-password`]## [.description] -- -If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. +The private key password. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_KEY_PASSWORD+++` endif::add-copy-button-to-env-var[] --- -|boolean -|`false` +-- +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-audience[`quarkus.oidc-client.credentials.jwt.audience`]## [.description] -- -Grant type +The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] -|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-token-key-id[`quarkus.oidc-client.credentials.jwt.token-key-id`]## [.description] -- -Access token property name in a token grant response +The key identifier of the signing key added as a JWT `kid` header. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_TOKEN_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string -|`access_token` +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-issuer[`quarkus.oidc-client.credentials.jwt.issuer`]## [.description] -- -Refresh token property name in a token grant response +The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string -|`refresh_token` +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-subject[`quarkus.oidc-client.credentials.jwt.subject`]## [.description] -- -Access token expiry property name in a token grant response +Subject of the signing key added as a JWT `sub` claim The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SUBJECT+++` endif::add-copy-button-to-env-var[] -- |string -|`expires_in` +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-claims-claim-name[`quarkus.oidc-client.credentials.jwt.claims."claim-name"`]## [.description] -- -Refresh token expiry property name in a token grant response +Additional claims. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string -|`refresh_expires_in` +|Map +| -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-signature-algorithm[`quarkus.oidc-client.credentials.jwt.signature-algorithm`]## [.description] -- -Grant options +The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- -|Map> +|string | -a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-lifespan[`quarkus.oidc-client.credentials.jwt.lifespan`]## [.description] -- -Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. +The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|int +|`10` -a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-jwt-assertion[`quarkus.oidc-client.credentials.jwt.assertion`]## [.description] -- -Custom HTTP headers which have to be sent to the token endpoint +If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CREDENTIALS_JWT_ASSERTION+++` endif::add-copy-button-to-env-var[] -- -|Map -| +|boolean +|`false` + h|[[quarkus-oidc-client_section_quarkus-oidc-client]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client[Additional named clients]## h|Type @@ -59214,6 +57236,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-proxy-host[`quarkus.oidc-client."id".proxy.host`]## [.description] @@ -59283,6 +57309,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name[`quarkus.oidc-client."id".tls.tls-configuration-name`]## [.description] @@ -59304,6 +57335,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-token-path[`quarkus.oidc-client."id".token-path`]## [.description] @@ -59372,6 +57404,10 @@ endif::add-copy-button-to-env-var[] |string | +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-credentials]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret[`quarkus.oidc-client."id".credentials.secret`]## [.description] @@ -59797,6 +57833,7 @@ endif::add-copy-button-to-env-var[] |boolean |`false` + a| [[quarkus-oidc-client_quarkus-oidc-client-id-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-id[`quarkus.oidc-client."id".id`]## [.description] @@ -60289,232 +58326,242 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +OIDC Client Registration id ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## [.description] -- -The port number of the Proxy. The default value is `80`. +If this client registration configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## [.description] -- -The username, if the Proxy needs authentication. +If the client configured with `metadata` must be registered at startup. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## [.description] -- -The password, if the Proxy needs authentication. +Initial access token ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +Client name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## [.description] -- -OIDC Client Registration id +Redirect URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## [.description] -- -If this client registration configuration is enabled. +Post Logout URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## [.description] -- -If the client configured with `metadata` must be registered at startup. +Additional metadata properties ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|Map +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## [.description] -- -Initial access token +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## [.description] -- -Client name +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## [.description] -- -Redirect URI +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## [.description] -- -Post Logout URI +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## [.description] -- -Additional metadata properties +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | + h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration[Additional named client registrations]## h|Type h|Default @@ -60672,6 +58719,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host[`quarkus.oidc-client-registration."id".proxy.host`]## [.description] @@ -60741,6 +58792,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name[`quarkus.oidc-client-registration."id".tls.tls-configuration-name`]## [.description] @@ -60762,6 +58818,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id[`quarkus.oidc-client-registration."id".id`]## [.description] diff --git a/_generated-doc/main/config/quarkus-keycloak-admin-client.adoc b/_generated-doc/main/config/quarkus-keycloak-admin-client.adoc index 29fcd3d9dd3..1f513d169e3 100644 --- a/_generated-doc/main/config/quarkus-keycloak-admin-client.adoc +++ b/_generated-doc/main/config/quarkus-keycloak-admin-client.adoc @@ -28,7 +28,7 @@ a| [[quarkus-keycloak-admin-client_quarkus-keycloak-admin-client-server-url]] [. [.description] -- -Keycloak server URL, for example, `https://host:port`. If this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create it instead. +Keycloak server URL, for example, `https://host:port`. When the Keycloak Dev Services is started and this property is not configured, Quarkus points the 'quarkus.keycloak.admin-client.server-url' configuration property to started Keycloak container. In other cases, when this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create the client instead. ifdef::add-copy-button-to-env-var[] diff --git a/_generated-doc/main/config/quarkus-keycloak-admin-client_quarkus.keycloak.adoc b/_generated-doc/main/config/quarkus-keycloak-admin-client_quarkus.keycloak.adoc index 29fcd3d9dd3..1f513d169e3 100644 --- a/_generated-doc/main/config/quarkus-keycloak-admin-client_quarkus.keycloak.adoc +++ b/_generated-doc/main/config/quarkus-keycloak-admin-client_quarkus.keycloak.adoc @@ -28,7 +28,7 @@ a| [[quarkus-keycloak-admin-client_quarkus-keycloak-admin-client-server-url]] [. [.description] -- -Keycloak server URL, for example, `https://host:port`. If this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create it instead. +Keycloak server URL, for example, `https://host:port`. When the Keycloak Dev Services is started and this property is not configured, Quarkus points the 'quarkus.keycloak.admin-client.server-url' configuration property to started Keycloak container. In other cases, when this property is not set then the Keycloak Admin Client injection will fail - use `org.keycloak.admin.client.KeycloakBuilder` to create the client instead. ifdef::add-copy-button-to-env-var[] diff --git a/_generated-doc/main/config/quarkus-kubernetes_quarkus.knative.adoc b/_generated-doc/main/config/quarkus-kubernetes_quarkus.knative.adoc index 3c19053529f..29cf229aae0 100644 --- a/_generated-doc/main/config/quarkus-kubernetes_quarkus.knative.adoc +++ b/_generated-doc/main/config/quarkus-kubernetes_quarkus.knative.adoc @@ -3918,6 +3918,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-node-selector-key[`quarkus.knative.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KNATIVE_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KNATIVE_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-node-selector-value[`quarkus.knative.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KNATIVE_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KNATIVE_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-knative-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-knative-resources-limits-cpu[`quarkus.knative.resources.limits.cpu`]## [.description] diff --git a/_generated-doc/main/config/quarkus-kubernetes_quarkus.kubernetes.adoc b/_generated-doc/main/config/quarkus-kubernetes_quarkus.kubernetes.adoc index 31783597dae..dc6df910e23 100644 --- a/_generated-doc/main/config/quarkus-kubernetes_quarkus.kubernetes.adoc +++ b/_generated-doc/main/config/quarkus-kubernetes_quarkus.kubernetes.adoc @@ -3918,6 +3918,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-node-selector-key[`quarkus.kubernetes.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KUBERNETES_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KUBERNETES_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-node-selector-value[`quarkus.kubernetes.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_KUBERNETES_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_KUBERNETES_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-kubernetes-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-kubernetes-resources-limits-cpu[`quarkus.kubernetes.resources.limits.cpu`]## [.description] diff --git a/_generated-doc/main/config/quarkus-kubernetes_quarkus.openshift.adoc b/_generated-doc/main/config/quarkus-kubernetes_quarkus.openshift.adoc index ddee57d1c09..b5264d2e040 100644 --- a/_generated-doc/main/config/quarkus-kubernetes_quarkus.openshift.adoc +++ b/_generated-doc/main/config/quarkus-kubernetes_quarkus.openshift.adoc @@ -3918,6 +3918,40 @@ endif::add-copy-button-to-env-var[] |list of string | +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-node-selector-key]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-node-selector-key[`quarkus.openshift.node-selector.key`]## + +[.description] +-- +The key of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OPENSHIFT_NODE_SELECTOR_KEY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OPENSHIFT_NODE_SELECTOR_KEY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + +a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-node-selector-value]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-node-selector-value[`quarkus.openshift.node-selector.value`]## + +[.description] +-- +The value of the nodeSelector. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OPENSHIFT_NODE_SELECTOR_VALUE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OPENSHIFT_NODE_SELECTOR_VALUE+++` +endif::add-copy-button-to-env-var[] +-- +|string +|required icon:exclamation-circle[title=Configuration property is required] + a|icon:lock[title=Fixed at build time] [[quarkus-kubernetes_quarkus-openshift-resources-limits-cpu]] [.property-path]##link:#quarkus-kubernetes_quarkus-openshift-resources-limits-cpu[`quarkus.openshift.resources.limits.cpu`]## [.description] diff --git a/_generated-doc/main/config/quarkus-oidc-client-registration.adoc b/_generated-doc/main/config/quarkus-oidc-client-registration.adoc index fa03b5b63ed..6b15f408665 100644 --- a/_generated-doc/main/config/quarkus-oidc-client-registration.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client-registration.adoc @@ -177,232 +177,242 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +OIDC Client Registration id ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## [.description] -- -The port number of the Proxy. The default value is `80`. +If this client registration configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## [.description] -- -The username, if the Proxy needs authentication. +If the client configured with `metadata` must be registered at startup. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## [.description] -- -The password, if the Proxy needs authentication. +Initial access token ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +Client name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## [.description] -- -OIDC Client Registration id +Redirect URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## [.description] -- -If this client registration configuration is enabled. +Post Logout URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## [.description] -- -If the client configured with `metadata` must be registered at startup. +Additional metadata properties ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|Map +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## [.description] -- -Initial access token +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## [.description] -- -Client name +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## [.description] -- -Redirect URI +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## [.description] -- -Post Logout URI +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## [.description] -- -Additional metadata properties +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | + h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration[Additional named client registrations]## h|Type h|Default @@ -560,6 +570,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host[`quarkus.oidc-client-registration."id".proxy.host`]## [.description] @@ -629,6 +643,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name[`quarkus.oidc-client-registration."id".tls.tls-configuration-name`]## [.description] @@ -650,6 +669,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id[`quarkus.oidc-client-registration."id".id`]## [.description] diff --git a/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc b/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc index fa03b5b63ed..6b15f408665 100644 --- a/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client-registration_quarkus.oidc-client-registration.adoc @@ -177,232 +177,242 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +OIDC Client Registration id ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## [.description] -- -The port number of the Proxy. The default value is `80`. +If this client registration configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## [.description] -- -The username, if the Proxy needs authentication. +If the client configured with `metadata` must be registered at startup. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## [.description] -- -The password, if the Proxy needs authentication. +Initial access token ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +Client name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id[`quarkus.oidc-client-registration.id`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## [.description] -- -OIDC Client Registration id +Redirect URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-registration-enabled[`quarkus.oidc-client-registration.registration-enabled`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## [.description] -- -If this client registration configuration is enabled. +Post Logout URI ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTRATION_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-register-early[`quarkus.oidc-client-registration.register-early`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## [.description] -- -If the client configured with `metadata` must be registered at startup. +Additional metadata properties ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_REGISTER_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|Map +| -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-initial-token[`quarkus.oidc-client-registration.initial-token`]## +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-host[`quarkus.oidc-client-registration.proxy.host`]## [.description] -- -Initial access token +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_INITIAL_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-client-name[`quarkus.oidc-client-registration.metadata.client-name`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-port[`quarkus.oidc-client-registration.proxy.port`]## [.description] -- -Client name +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-redirect-uri[`quarkus.oidc-client-registration.metadata.redirect-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-username[`quarkus.oidc-client-registration.proxy.username`]## [.description] -- -Redirect URI +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_REDIRECT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-post-logout-uri[`quarkus.oidc-client-registration.metadata.post-logout-uri`]## +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-proxy-password[`quarkus.oidc-client-registration.proxy.password`]## [.description] -- -Post Logout URI +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_POST_LOGOUT_URI+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-metadata-extra-props-extra-props[`quarkus.oidc-client-registration.metadata.extra-props."extra-props"`]## + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-tls-tls-configuration-name[`quarkus.oidc-client-registration.tls.tls-configuration-name`]## [.description] -- -Additional metadata properties +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_METADATA_EXTRA_PROPS__EXTRA_PROPS_+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REGISTRATION_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | + h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration]] [.section-name.section-level0]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration[Additional named client registrations]## h|Type h|Default @@ -560,6 +570,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-proxy-host[`quarkus.oidc-client-registration."id".proxy.host`]## [.description] @@ -629,6 +643,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client-registration_section_quarkus-oidc-client-registration-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-tls-tls-configuration-name[`quarkus.oidc-client-registration."id".tls.tls-configuration-name`]## [.description] @@ -650,6 +669,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id]] [.property-path]##link:#quarkus-oidc-client-registration_quarkus-oidc-client-registration-id-id[`quarkus.oidc-client-registration."id".id`]## [.description] diff --git a/_generated-doc/main/config/quarkus-oidc-client.adoc b/_generated-doc/main/config/quarkus-oidc-client.adoc index 4b16e500989..1f2fd6350ad 100644 --- a/_generated-doc/main/config/quarkus-oidc-client.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client.adoc @@ -177,164 +177,416 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## [.description] -- -The name of the TLS configuration to use. +A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. -The default TLS configuration is *not* used by default. +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +endif::add-copy-button-to-env-var[] +-- +|string +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## + +[.description] +-- +If this client configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`true` + +a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## + +[.description] +-- +List of access token scopes + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` +endif::add-copy-button-to-env-var[] +-- +|list of string +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## + +[.description] +-- +Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## + +[.description] +-- +Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## + +[.description] +-- +If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`false` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## + +[.description] +-- +Grant type + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` +endif::add-copy-button-to-env-var[] +-- +a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] +|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## + +[.description] +-- +Access token property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- |string +|`access_token` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## + +[.description] +-- +Refresh token property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`refresh_token` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## + +[.description] +-- +Access token expiry property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`expires_in` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## + +[.description] +-- +Refresh token expiry property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`refresh_expires_in` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## + +[.description] +-- +Grant options + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` +endif::add-copy-button-to-env-var[] +-- +|Map> | -a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`true` + +a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## + +[.description] +-- +Custom HTTP headers which have to be sent to the token endpoint + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` +endif::add-copy-button-to-env-var[] +-- +|Map +| + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## + +[.description] +-- +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` +endif::add-copy-button-to-env-var[] +-- +|int +|`80` + +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## + +[.description] +-- +The username, if the Proxy needs authentication. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-credentials]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-secret[`quarkus.oidc-client.credentials.secret`]## [.description] @@ -760,243 +1012,6 @@ endif::add-copy-button-to-env-var[] |boolean |`false` -a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## - -[.description] --- -A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## - -[.description] --- -If this client configuration is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## - -[.description] --- -List of access token scopes - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## - -[.description] --- -Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## - -[.description] --- -Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## - -[.description] --- -If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## - -[.description] --- -Grant type - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] -|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## - -[.description] --- -Access token property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`access_token` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## - -[.description] --- -Refresh token property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`refresh_token` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## - -[.description] --- -Access token expiry property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`expires_in` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## - -[.description] --- -Refresh token expiry property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`refresh_expires_in` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## - -[.description] --- -Grant options - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map> -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## - -[.description] --- -Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## - -[.description] --- -Custom HTTP headers which have to be sent to the token endpoint - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| h|[[quarkus-oidc-client_section_quarkus-oidc-client]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client[Additional named clients]## h|Type @@ -1155,6 +1170,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-proxy-host[`quarkus.oidc-client."id".proxy.host`]## [.description] @@ -1224,6 +1243,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name[`quarkus.oidc-client."id".tls.tls-configuration-name`]## [.description] @@ -1245,6 +1269,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-token-path[`quarkus.oidc-client."id".token-path`]## [.description] @@ -1313,6 +1338,10 @@ endif::add-copy-button-to-env-var[] |string | +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-credentials]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret[`quarkus.oidc-client."id".credentials.secret`]## [.description] @@ -1738,6 +1767,7 @@ endif::add-copy-button-to-env-var[] |boolean |`false` + a| [[quarkus-oidc-client_quarkus-oidc-client-id-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-id[`quarkus.oidc-client."id".id`]## [.description] diff --git a/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc b/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc index 4b16e500989..1f2fd6350ad 100644 --- a/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc +++ b/_generated-doc/main/config/quarkus-oidc-client_quarkus.oidc-client.adoc @@ -177,164 +177,416 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## [.description] -- -The name of the TLS configuration to use. +A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. -The default TLS configuration is *not* used by default. +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +endif::add-copy-button-to-env-var[] +-- +|string +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## + +[.description] +-- +If this client configuration is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`true` + +a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## + +[.description] +-- +List of access token scopes + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` +endif::add-copy-button-to-env-var[] +-- +|list of string +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## + +[.description] +-- +Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## + +[.description] +-- +Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` +endif::add-copy-button-to-env-var[] +-- +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## + +[.description] +-- +If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`false` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## + +[.description] +-- +Grant type + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` +endif::add-copy-button-to-env-var[] +-- +a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] +|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## + +[.description] +-- +Access token property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` endif::add-copy-button-to-env-var[] -- |string +|`access_token` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## + +[.description] +-- +Refresh token property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`refresh_token` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## + +[.description] +-- +Access token expiry property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`expires_in` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## + +[.description] +-- +Refresh token expiry property name in a token grant response + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` +endif::add-copy-button-to-env-var[] +-- +|string +|`refresh_expires_in` + +a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## + +[.description] +-- +Grant options + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` +endif::add-copy-button-to-env-var[] +-- +|Map> | -a| [[quarkus-oidc-client_quarkus-oidc-client-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-token-path[`quarkus.oidc-client.token-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` +endif::add-copy-button-to-env-var[] +-- +|boolean +|`true` + +a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## + +[.description] +-- +Custom HTTP headers which have to be sent to the token endpoint + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` +endif::add-copy-button-to-env-var[] +-- +|Map +| + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-proxy]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-proxy[HTTP proxy configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-host[`quarkus.oidc-client.proxy.host`]## + +[.description] +-- +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-revoke-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-revoke-path[`quarkus.oidc-client.revoke-path`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-port]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-port[`quarkus.oidc-client.proxy.port`]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PORT+++` +endif::add-copy-button-to-env-var[] +-- +|int +|`80` + +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-username]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-username[`quarkus.oidc-client.proxy.username`]## + +[.description] +-- +The username, if the Proxy needs authentication. + + +ifdef::add-copy-button-to-env-var[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++[] +endif::add-copy-button-to-env-var[] +ifndef::add-copy-button-to-env-var[] +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-id[`quarkus.oidc-client.client-id`]## +a| [[quarkus-oidc-client_quarkus-oidc-client-proxy-password]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-proxy-password[`quarkus.oidc-client.proxy.password`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc-client_quarkus-oidc-client-client-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-name[`quarkus.oidc-client.client-name`]## + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-tls]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-tls[TLS configuration]## +h|Type +h|Default + +a| [[quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-tls-tls-configuration-name[`quarkus.oidc-client.tls.tls-configuration-name`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The name of the TLS configuration to use. + +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. + +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-credentials]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-credentials-secret[`quarkus.oidc-client.credentials.secret`]## [.description] @@ -760,243 +1012,6 @@ endif::add-copy-button-to-env-var[] |boolean |`false` -a| [[quarkus-oidc-client_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id[`quarkus.oidc-client.id`]## - -[.description] --- -A unique OIDC client identifier. It must be set when OIDC clients are created dynamically and is optional in all other cases. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-client-enabled]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-client-enabled[`quarkus.oidc-client.client-enabled`]## - -[.description] --- -If this client configuration is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_CLIENT_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc-client_quarkus-oidc-client-scopes]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-scopes[`quarkus.oidc-client.scopes`]## - -[.description] --- -List of access token scopes - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_SCOPES+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_SCOPES+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-refresh-token-time-skew[`quarkus.oidc-client.refresh-token-time-skew`]## - -[.description] --- -Refresh token time skew. If this property is enabled then the configured duration is converted to seconds and is added to the current time when checking whether the access token should be refreshed. If the sum is greater than this access token's expiration time then a refresh is going to happen. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_REFRESH_TOKEN_TIME_SKEW+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-access-token-expires-in[`quarkus.oidc-client.access-token-expires-in`]## - -[.description] --- -Access token expiration period relative to the current time. This property is only checked when an access token grant response does not include an access token expiration property. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ACCESS_TOKEN_EXPIRES_IN+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc-client_quarkus-oidc-client[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-absolute-expires-in[`quarkus.oidc-client.absolute-expires-in`]## - -[.description] --- -If the access token 'expires_in' property should be checked as an absolute time value as opposed to a duration relative to the current time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ABSOLUTE_EXPIRES_IN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-type]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-type[`quarkus.oidc-client.grant.type`]## - -[.description] --- -Grant type - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:client['client_credentials' grant requiring an OIDC client authentication only], tooltip:password['password' grant requiring both OIDC client and user ('username' and 'password') authentications], tooltip:code['authorization_code' grant requiring an OIDC client authentication as well as at least 'code' and 'redirect_uri' parameters which must be passed to OidcClient at the token request time.], tooltip:exchange['urn\:ietf\:params\:oauth\:grant-type\:token-exchange' grant requiring an OIDC client authentication as well as at least 'subject_token' parameter which must be passed to OidcClient at the token request time.], tooltip:jwt['urn\:ietf\:params\:oauth\:grant-type\:jwt-bearer' grant requiring an OIDC client authentication as well as at least an 'assertion' parameter which must be passed to OidcClient at the token request time.], tooltip:refresh['refresh_token' grant requiring an OIDC client authentication and a refresh token. Note, OidcClient supports this grant by default if an access token acquisition response contained a refresh token. However, in some cases, the refresh token is provided out of band, for example, it can be shared between several of the confidential client's services, etc. If 'quarkus.oidc-client.grant-type' is set to 'refresh' then `OidcClient` will only support refreshing the tokens.], tooltip:ciba['urn\:openid\:params\:grant-type\:ciba' grant requiring an OIDC client authentication as well as 'auth_req_id' parameter which must be passed to OidcClient at the token request time.], tooltip:device['urn\:ietf\:params\:oauth\:grant-type\:device_code' grant requiring an OIDC client authentication as well as 'device_code' parameter which must be passed to OidcClient at the token request time.] -|tooltip:client['client_credentials' grant requiring an OIDC client authentication only] - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-access-token-property[`quarkus.oidc-client.grant.access-token-property`]## - -[.description] --- -Access token property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_ACCESS_TOKEN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`access_token` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-token-property[`quarkus.oidc-client.grant.refresh-token-property`]## - -[.description] --- -Refresh token property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_TOKEN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`refresh_token` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-expires-in-property[`quarkus.oidc-client.grant.expires-in-property`]## - -[.description] --- -Access token expiry property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_EXPIRES_IN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`expires_in` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-refresh-expires-in-property[`quarkus.oidc-client.grant.refresh-expires-in-property`]## - -[.description] --- -Refresh token expiry property name in a token grant response - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_REFRESH_EXPIRES_IN_PROPERTY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`refresh_expires_in` - -a| [[quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-grant-options-grant-name[`quarkus.oidc-client.grant-options."grant-name"`]## - -[.description] --- -Grant options - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_GRANT_OPTIONS__GRANT_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map> -| - -a| [[quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-early-tokens-acquisition[`quarkus.oidc-client.early-tokens-acquisition`]## - -[.description] --- -Requires that all filters which use 'OidcClient' acquire the tokens at the post-construct initialization time, possibly long before these tokens are used. This property should be disabled if the access token may expire before it is used for the first time and no refresh token is available. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_EARLY_TOKENS_ACQUISITION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc-client_quarkus-oidc-client-headers-headers]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-headers-headers[`quarkus.oidc-client.headers."headers"`]## - -[.description] --- -Custom HTTP headers which have to be sent to the token endpoint - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_HEADERS__HEADERS_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| h|[[quarkus-oidc-client_section_quarkus-oidc-client]] [.section-name.section-level0]##link:#quarkus-oidc-client_section_quarkus-oidc-client[Additional named clients]## h|Type @@ -1155,6 +1170,10 @@ endif::add-copy-button-to-env-var[] |boolean |`true` +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-proxy]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-proxy[HTTP proxy configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-proxy-host]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-proxy-host[`quarkus.oidc-client."id".proxy.host`]## [.description] @@ -1224,6 +1243,11 @@ endif::add-copy-button-to-env-var[] |string | + +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-tls]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-tls[TLS configuration]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-tls-tls-configuration-name[`quarkus.oidc-client."id".tls.tls-configuration-name`]## [.description] @@ -1245,6 +1269,7 @@ endif::add-copy-button-to-env-var[] |string | + a| [[quarkus-oidc-client_quarkus-oidc-client-id-token-path]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-token-path[`quarkus.oidc-client."id".token-path`]## [.description] @@ -1313,6 +1338,10 @@ endif::add-copy-button-to-env-var[] |string | +h|[[quarkus-oidc-client_section_quarkus-oidc-client-id-credentials]] [.section-name.section-level1]##link:#quarkus-oidc-client_section_quarkus-oidc-client-id-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default + a| [[quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-credentials-secret[`quarkus.oidc-client."id".credentials.secret`]## [.description] @@ -1738,6 +1767,7 @@ endif::add-copy-button-to-env-var[] |boolean |`false` + a| [[quarkus-oidc-client_quarkus-oidc-client-id-id]] [.property-path]##link:#quarkus-oidc-client_quarkus-oidc-client-id-id[`quarkus.oidc-client."id".id`]## [.description] diff --git a/_generated-doc/main/config/quarkus-oidc.adoc b/_generated-doc/main/config/quarkus-oidc.adoc index abff84fbb93..9d48a18d9b7 100644 --- a/_generated-doc/main/config/quarkus-oidc.adoc +++ b/_generated-doc/main/config/quarkus-oidc.adoc @@ -24,76 +24,44 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## - -[.description] --- -Grant type which will be used to acquire a token to test the OIDC 'service' applications - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## - -[.description] --- -Grant options - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map> -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## [.description] -- -The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. +Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` +Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`4S` +|boolean +|`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## [.description] -- -Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. +If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` endif::add-copy-button-to-env-var[] -- |boolean -|`true` +|`false` a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-auth-server-url[`quarkus.oidc.auth-server-url`]## +`quarkus.oidc."tenant".auth-server-url` + [.description] -- The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. @@ -111,6 +79,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-discovery-enabled[`quarkus.oidc.discovery-enabled`]## +`quarkus.oidc."tenant".discovery-enabled` + [.description] -- Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. @@ -128,6 +98,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-registration-path[`quarkus.oidc.registration-path`]## +`quarkus.oidc."tenant".registration-path` + [.description] -- The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. @@ -145,6 +117,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-delay[`quarkus.oidc.connection-delay`]## +`quarkus.oidc."tenant".connection-delay` + [.description] -- The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. @@ -162,6 +136,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-retry-count[`quarkus.oidc.connection-retry-count`]## +`quarkus.oidc."tenant".connection-retry-count` + [.description] -- The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. @@ -179,6 +155,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-timeout[`quarkus.oidc.connection-timeout`]## +`quarkus.oidc."tenant".connection-timeout` + [.description] -- The number of seconds after which the current OIDC connection request times out. @@ -196,6 +174,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup[`quarkus.oidc.use-blocking-dns-lookup`]## +`quarkus.oidc."tenant".use-blocking-dns-lookup` + [.description] -- Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. @@ -213,6 +193,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-max-pool-size[`quarkus.oidc.max-pool-size`]## +`quarkus.oidc."tenant".max-pool-size` + [.description] -- The maximum size of the connection pool used by the WebClient. @@ -230,6 +212,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-follow-redirects[`quarkus.oidc.follow-redirects`]## +`quarkus.oidc."tenant".follow-redirects` + [.description] -- Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. @@ -245,3276 +229,1005 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## +a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## + +`quarkus.oidc."tenant".token-path` [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## +a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## + +`quarkus.oidc."tenant".revoke-path` [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## +a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## + +`quarkus.oidc."tenant".client-id` [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## +a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## + +`quarkus.oidc."tenant".client-name` [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## + +`quarkus.oidc."tenant".tenant-id` [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## + +`quarkus.oidc."tenant".tenant-enabled` [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## +a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## + +`quarkus.oidc."tenant".application-type` [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +The application type, which can be one of the following `ApplicationType` values. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] +|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] -a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## +a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## + +`quarkus.oidc."tenant".authorization-path` [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## +a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## + +`quarkus.oidc."tenant".user-info-path` [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## + +`quarkus.oidc."tenant".introspection-path` [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## + +`quarkus.oidc."tenant".jwks-path` [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## + +`quarkus.oidc."tenant".end-session-path` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## + +`quarkus.oidc."tenant".tenant-paths` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The paths which must be secured by this tenant. Tenant with the most specific path wins. +Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] +section of the OIDC multitenancy guide for explanation of allowed path patterns. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` endif::add-copy-button-to-env-var[] -- -|string +|list of string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## + +`quarkus.oidc."tenant".public-key` [.description] -- -The CredentialsProvider client secret key +The public key for the local JWT token verification. OIDC server connection is not created when this property is set. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## +a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## + +`quarkus.oidc."tenant".allow-token-introspection-cache` [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## +a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## + +`quarkus.oidc."tenant".allow-user-info-cache` [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. +Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` endif::add-copy-button-to-env-var[] -- -a|`client`, `bearer` -|`client` +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## +a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## + +`quarkus.oidc."tenant".cache-user-info-in-idtoken` [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. +Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. + +Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` endif::add-copy-button-to-env-var[] -- -|string +|boolean | -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## + +`quarkus.oidc."tenant".provider` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Well known OpenId Connect provider identifier ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## - -[.description] --- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## - -[.description] --- -The CredentialsProvider client secret key - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## - -[.description] --- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## - -[.description] --- -A parameter to specify the password of the keystore file. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## - -[.description] --- -The private key id or alias. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## - -[.description] --- -The private key password. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## - -[.description] --- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## - -[.description] --- -The key identifier of the signing key added as a JWT `kid` header. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## - -[.description] --- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## - -[.description] --- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## - -[.description] --- -Additional claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## - -[.description] --- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## - -[.description] --- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## - -[.description] --- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## - -[.description] --- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## - -[.description] --- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## - -[.description] --- -The application type, which can be one of the following `ApplicationType` values. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] - -a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## - -[.description] --- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## - -[.description] --- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## - -[.description] --- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## - -[.description] --- -Name - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## - -[.description] --- -Secret - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## - -[.description] --- -Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## - -[.description] --- -A list of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments. Each segment represents a JSON object name only; for example: "realm/groups". Use double quotes with the namespace-qualified claim names. This property can be used if a token has no `groups` claim but has the groups set in one or more different claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## - -[.description] --- -The separator for splitting strings that contain multiple group values. It is only used if the "role-claim-path" property points to one or more custom claims whose values are strings. A single space is used by default because the standard `scope` claim can contain a space-separated sequence. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## - -[.description] --- -Source of the principal roles. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## - -[.description] --- -The expected issuer `iss` claim value. This property overrides the `issuer` property, which might be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host, IP address, or tenant id of the provider, you can skip the issuer verification by setting this property to `any`, but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## - -[.description] --- -The expected audience `aud` claim value, which can be a string or an array of strings. Note the audience claim is verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens is only done if this property is configured. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## - -[.description] --- -Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required, both the token and UserInfo `sub` claims must be present and match each other. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## - -[.description] --- -A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## - -[.description] --- -Expected token type - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## - -[.description] --- -Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` -endif::add-copy-button-to-env-var[] --- -|int -| - -a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## - -[.description] --- -Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with `quarkus.oidc.token.lifespan-grace` to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid (`exp`) expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an `exp` claim. However, even if the current logout token is allowed to have no `exp` claim, the `exp` claim is still verified if the logout token contains it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## - -[.description] --- -Require that the token includes a `iat` (issued at) claim Set this property to `false` if your JWT token does not contain an `iat` (issued at) claim. Note that ID token is always required to have an `iat` claim and therefore this property has no impact on the ID token verification process. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## - -[.description] --- -Name of the claim which contains a principal name. By default, the `upn`, `preferred_username` and `sub` claims are checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## - -[.description] --- -Refresh expired authorization code flow ID or access tokens. If this property is enabled, a refresh token request is performed if the authorization code ID or access token has expired and, if successful, the local session is updated with the new set of tokens. Otherwise, the local session is invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case, the user might not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a nonzero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property is enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not need to enable this property manually in this case. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## - -[.description] --- -The refresh token time skew, in seconds. If this property is enabled, the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time, a refresh is going to happen. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## - -[.description] --- -The forced JWK set refresh interval in minutes. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## - -[.description] --- -Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## - -[.description] --- -HTTP Authorization header scheme. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|string -|`Bearer` - -a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## - -[.description] --- -Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` -| - -a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## - -[.description] --- -Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers might not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. If this property is not set and the `private_key_jwt` client authentication method is used, the private key used to sign the client authentication JWT tokens are also used to decrypt the encrypted ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## - -[.description] --- -Allow the remote introspection of JWT tokens when no matching JWK key is available. This property is set to `true` by default for backward-compatibility reasons. It is planned that this default value will be changed to `false` in an upcoming release. Also note this property is ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## - -[.description] --- -Require that JWT tokens are only introspected remotely. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## - -[.description] --- -Allow the remote introspection of the opaque tokens. Set this property to `false` if only JWT tokens are expected. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## - -[.description] --- -Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## - -[.description] --- -Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens must be accepted but OpenId Connect provider does not have a token introspection endpoint. This property has no effect when JWT tokens must be verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## - -[.description] --- -The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## - -[.description] --- -Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## - -[.description] --- -Name of the post logout URI parameter which is added as a query parameter to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|string -|`post_logout_redirect_uri` - -a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## - -[.description] --- -Additional properties which is added as the query parameters to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## - -[.description] --- -The relative path of the Back-Channel Logout endpoint at the application. It must start with the forward slash '/', for example, '/back-channel-logout'. This value is always resolved relative to 'quarkus.http.root-path'. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## - -[.description] --- -Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## - -[.description] --- -Number of minutes a logout token can be cached for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## - -[.description] --- -Token cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## - -[.description] --- -Logout token claim whose value is used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`sub` - -a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## - -[.description] --- -The relative path of the Front-Channel Logout endpoint at the application. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## - -[.description] --- -Common name of the leaf certificate. It must be set if the `trust-store-file` does not have this certificate imported. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## - -[.description] --- -Truststore file which keeps thumbprints of the trusted certificates. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|path -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## - -[.description] --- -A parameter to specify the password of the truststore file if it is configured with `trust-store-file`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## - -[.description] --- -A parameter to specify the alias of the truststore certificate. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## - -[.description] --- -An optional parameter to specify type of the truststore file. If not given, the type is automatically detected based on the file name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## - -[.description] --- -Authorization code flow response mode. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] -|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] - -a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## - -[.description] --- -The relative path for calculating a `redirect_uri` query parameter. It has to start from a forward slash and is appended to the request URI's host and port. For example, if the current request URI is `https://localhost:8080/service`, a `redirect_uri` parameter is set to `https://localhost:8080/` if this property is set to `/` and be the same as the request URI if this property has not been configured. Note the original request URI is restored after the user has authenticated if `restorePathAfterRedirect` is set to `true`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## - -[.description] --- -If this property is set to `true`, the original request URI which was used before the authentication is restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI is restored even if this property is disabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## - -[.description] --- -Remove the query parameters such as `code` and `state` set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## - -[.description] --- -Relative path to the public endpoint which processes the error response from the OIDC authorization endpoint. If the user authentication has failed, the OIDC provider returns an `error` and an optional `error_description` parameters, instead of the expected authorization `code`. If this property is set, the user is redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and is appended to the request URI's host and port. For example, if it is set as `/error` and the current request URI is `https://localhost:8080/callback?error=invalid_scope`, a redirect is made to `https://localhost:8080/error?error=invalid_scope`. If this property is not set, HTTP 401 status is returned in case of the user authentication failure. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## - -[.description] --- -Relative path to the public endpoint which an authenticated user is redirected to when the session has expired. - -When the OIDC session has expired and the session can not be refreshed, a user is redirected to the OIDC provider to re-authenticate. The user experience may not be ideal in this case as it may not be obvious to the authenticated user why an authentication challenge is returned. - -Set this property if you would like the user whose session has expired be redirected to a public application specific page instead, which can inform that the session has expired and advise the user to re-authenticated by following a link to the secured initial entry page. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## - -[.description] --- -Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. - -ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. - -Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. - -Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required. - -Bearer access token is always verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when access token is injected as the JsonWebToken bean, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## - -[.description] --- -Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/TLS terminating reverse proxy. This property, if enabled, also affects the logout `post_logout_redirect_uri` and the local redirect requests. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## - -[.description] --- -List of scopes - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## - -[.description] --- -The separator which is used when more than one scope is configured. A single space is used by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## - -[.description] --- -Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## - -[.description] --- -Add the `openid` scope automatically to the list of scopes. This is required for OpenId Connect providers, but does not work for OAuth2 providers such as Twitter OAuth2, which do not accept this scope and throw errors. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## - -[.description] --- -Additional properties added as query parameters to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## - -[.description] --- -Request URL query parameters which, if present, are added to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## - -[.description] --- -If enabled the state, session, and post logout cookies have their `secure` parameter set to `true` when HTTP is used. It might be necessary when running behind an SSL/TLS terminating reverse proxy. The cookies are always secure if HTTPS is used, even if this property is set to false. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## - -[.description] --- -Cookie name suffix. For example, a session cookie name for the default OIDC tenant is `q_session` but can be changed to `q_session_test` if this property is set to `test`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## - -[.description] --- -Cookie path parameter value which, if set, is used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, is checked first. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -|`/` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## - -[.description] --- -Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value is used to set a path parameter for the session, state and post logout cookies. If the header is missing, the `cookie-path` property is checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## - -[.description] --- -Cookie domain parameter value which, if set, is used for the session, state and post logout cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## - -[.description] --- -SameSite attribute for the session cookie. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` -endif::add-copy-button-to-env-var[] --- -a|`strict`, `lax`, `none` -|`lax` - -a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## - -[.description] --- -If a state cookie is present, a `state` query parameter must also be present and both the state cookie name suffix and state cookie value must match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie might represent the authentication flow initiated from another tab and not related to the current request. Disable this property to permit only a single authorization code flow in the same browser. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## - -[.description] --- -Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present. - -When either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser blocks it and the state cookie created by Quarkus remains in the browser cache. Quarkus reports an authentication failure when it detects such an old state cookie but find no matching state query parameter. - -Reporting HTTP 401 error is usually the right thing to do in such cases, it minimizes a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` might be needed to avoid such errors. - -However, setting this property to `false` might help if the above options are not suitable. It causes a new authentication redirect to OpenId Connect provider. Doing so might increase the risk of browser redirect loops. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## - -[.description] --- -If this property is set to `true`, an OIDC UserInfo endpoint is called. - -This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases. - -It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when UserInfo bean is injected, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## - -[.description] --- -Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user is redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a nonzero value, then the expired ID token can be refreshed before the session has expired. This property is ignored if the `token.refresh-expired` property has not been enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## - -[.description] --- -State cookie age in minutes. State cookie is created every time a new authorization code flow redirect starts and removed when this flow is completed. State cookie name is unique by default, see `allow-multiple-code-flows`. Keep its age to the reasonable minimum value such as 5 minutes or less. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## - -[.description] --- -If this property is set to `true`, a normal 302 redirect response is returned if the request was initiated by a JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated, which might not be desirable for Single-page applications (SPA) since it automatically following the redirect might not work given that OIDC authorization endpoints typically do not support CORS. - -If this property is set to `false`, a status code of `499` is returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. `X-Requested-With` request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## - -[.description] --- -Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken is generated in such cases. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## - -[.description] --- -Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## - -[.description] --- -Requires that a Proof Key for Code Exchange (PKCE) is used. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## - -[.description] --- -Secret used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. A client secret is not be used as a state encryption secret if it is less than 32 characters long. - -The secret is auto-generated if it remains uninitialized after checking all of these properties. - -Error is reported if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## - -[.description] --- -Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which must be included to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## - -[.description] --- -Custom HTTP headers which must be sent to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## - -[.description] --- -Default TokenStateManager strategy. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] -|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## - -[.description] --- -Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## - -[.description] --- -Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## - -[.description] --- -The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when `encryption-required` property is enabled. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required. - -The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## - -[.description] --- -Session cookie key encryption algorithm - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] -|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] - -a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## - -[.description] --- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## - -[.description] --- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## - -[.description] --- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## - -[.description] --- -If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. - -Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## - -[.description] --- -Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## - -[.description] --- -Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## - -[.description] --- -Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## - -[.description] --- -In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## - -[.description] --- -Well known OpenId Connect provider identifier - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` -endif::add-copy-button-to-env-var[] --- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` -| - -a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## - -[.description] --- -Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`0` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## - -[.description] --- -Maximum amount of time a given cache entry is valid for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`3M` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## - -[.description] --- -Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## - -[.description] --- -If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -h|[[quarkus-oidc_section_quarkus-oidc]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc[Additional named tenants]## -h|Type -h|Default - -a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-auth-server-url[`quarkus.oidc."tenant".auth-server-url`]## - -[.description] --- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-discovery-enabled[`quarkus.oidc."tenant".discovery-enabled`]## - -[.description] --- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-registration-path[`quarkus.oidc."tenant".registration-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-delay[`quarkus.oidc."tenant".connection-delay`]## - -[.description] --- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-retry-count[`quarkus.oidc."tenant".connection-retry-count`]## - -[.description] --- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++` -endif::add-copy-button-to-env-var[] --- -|int -|`3` - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-timeout[`quarkus.oidc."tenant".connection-timeout`]## - -[.description] --- -The number of seconds after which the current OIDC connection request times out. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10S` - -a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup[`quarkus.oidc."tenant".use-blocking-dns-lookup`]## - -[.description] --- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-max-pool-size[`quarkus.oidc."tenant".max-pool-size`]## - -[.description] --- -The maximum size of the connection pool used by the WebClient. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-follow-redirects[`quarkus.oidc."tenant".follow-redirects`]## - -[.description] --- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-host[`quarkus.oidc."tenant".proxy.host`]## - -[.description] --- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_HOST+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-port[`quarkus.oidc."tenant".proxy.port`]## - -[.description] --- -The port number of the Proxy. The default value is `80`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PORT+++` -endif::add-copy-button-to-env-var[] --- -|int -|`80` - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-username[`quarkus.oidc."tenant".proxy.username`]## - -[.description] --- -The username, if the Proxy needs authentication. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-password[`quarkus.oidc."tenant".proxy.password`]## - -[.description] --- -The password, if the Proxy needs authentication. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name[`quarkus.oidc."tenant".tls.tls-configuration-name`]## - -[.description] --- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- -|string +a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-path[`quarkus.oidc."tenant".token-path`]## - -[.description] --- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| +h|[[quarkus-oidc_section_quarkus-oidc-devui]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-devui[OIDC Dev UI configuration which is effective in dev mode only]## +h|Type +h|Default -a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-revoke-path[`quarkus.oidc."tenant".revoke-path`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +Grant type which will be used to acquire a token to test the OIDC 'service' applications ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-id[`quarkus.oidc."tenant".client-id`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +Grant options ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map> | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-name[`quarkus.oidc."tenant".client-name`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` endif::add-copy-button-to-env-var[] -- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-secret[`quarkus.oidc."tenant".credentials.secret`]## +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`4S` -[.description] --- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +h|[[quarkus-oidc_section_quarkus-oidc-proxy]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-proxy[HTTP proxy configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value[`quarkus.oidc."tenant".credentials.client-secret.value`]## +`quarkus.oidc."tenant".proxy.host` [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name[`quarkus.oidc."tenant".credentials.client-secret.provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## + +`quarkus.oidc."tenant".proxy.port` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` + +a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name`]## +`quarkus.oidc."tenant".proxy.username` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key[`quarkus.oidc."tenant".credentials.client-secret.provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## + +`quarkus.oidc."tenant".proxy.password` [.description] -- -The CredentialsProvider client secret key +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method[`quarkus.oidc."tenant".credentials.client-secret.method`]## - -[.description] --- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +h|[[quarkus-oidc_section_quarkus-oidc-tls]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-tls[TLS configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| +a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## +`quarkus.oidc."tenant".tls.tls-configuration-name` [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|`client`, `bearer` -|`client` +The name of the TLS configuration to use. -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret[`quarkus.oidc."tenant".credentials.jwt.secret`]## +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. -[.description] --- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.name`]## - -[.description] --- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +h|[[quarkus-oidc_section_quarkus-oidc-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name`]## +`quarkus.oidc."tenant".credentials.secret` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key[`quarkus.oidc."tenant".credentials.jwt.secret-provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## + +`quarkus.oidc."tenant".credentials.client-secret.value` [.description] -- -The CredentialsProvider client secret key +The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key[`quarkus.oidc."tenant".credentials.jwt.key`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.name` [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file[`quarkus.oidc."tenant".credentials.jwt.key-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name` [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file[`quarkus.oidc."tenant".credentials.jwt.key-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.key` [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password[`quarkus.oidc."tenant".credentials.jwt.key-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## + +`quarkus.oidc."tenant".credentials.client-secret.method` [.description] -- -A parameter to specify the password of the keystore file. +The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id[`quarkus.oidc."tenant".credentials.jwt.key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## + +`quarkus.oidc."tenant".credentials.jwt.source` [.description] -- -The private key id or alias. +JWT token source: OIDC provider client or an existing JWT bearer token. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|`client`, `bearer` +|`client` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password[`quarkus.oidc."tenant".credentials.jwt.key-password`]## +`quarkus.oidc."tenant".credentials.jwt.secret` [.description] -- -The private key password. +If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience[`quarkus.oidc."tenant".credentials.jwt.audience`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.name` [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id[`quarkus.oidc."tenant".credentials.jwt.token-key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name` [.description] -- -The key identifier of the signing key added as a JWT `kid` header. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer[`quarkus.oidc."tenant".credentials.jwt.issuer`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.key` [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject[`quarkus.oidc."tenant".credentials.jwt.subject`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## + +`quarkus.oidc."tenant".credentials.jwt.key` [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. +String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name[`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-file` [.description] -- -Additional claims. +If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm[`quarkus.oidc."tenant".credentials.jwt.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-store-file` [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. +If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan[`quarkus.oidc."tenant".credentials.jwt.lifespan`]## - -[.description] --- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion[`quarkus.oidc."tenant".credentials.jwt.assertion`]## +`quarkus.oidc."tenant".credentials.jwt.key-store-password` [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. +A parameter to specify the password of the keystore file. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-id[`quarkus.oidc."tenant".tenant-id`]## +`quarkus.oidc."tenant".credentials.jwt.key-id` [.description] -- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. +The private key id or alias. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-enabled[`quarkus.oidc."tenant".tenant-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## + +`quarkus.oidc."tenant".credentials.jwt.key-password` [.description] -- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. +The private key password. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-application-type[`quarkus.oidc."tenant".application-type`]## +`quarkus.oidc."tenant".credentials.jwt.audience` [.description] -- -The application type, which can be one of the following `ApplicationType` values. +The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authorization-path[`quarkus.oidc."tenant".authorization-path`]## +`quarkus.oidc."tenant".credentials.jwt.token-key-id` [.description] -- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. +The key identifier of the signing key added as a JWT `kid` header. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-user-info-path[`quarkus.oidc."tenant".user-info-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## + +`quarkus.oidc."tenant".credentials.jwt.issuer` [.description] -- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. +The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-path[`quarkus.oidc."tenant".introspection-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## + +`quarkus.oidc."tenant".credentials.jwt.subject` [.description] -- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. +Subject of the signing key added as a JWT `sub` claim The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-path[`quarkus.oidc."tenant".jwks-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## + +`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"` [.description] -- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. +Additional claims. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-end-session-path[`quarkus.oidc."tenant".end-session-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## + +`quarkus.oidc."tenant".credentials.jwt.signature-algorithm` [.description] -- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. +The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-paths[`quarkus.oidc."tenant".tenant-paths`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## + +`quarkus.oidc."tenant".credentials.jwt.lifespan` [.description] -- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. +The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- -|list of string -| +|int +|`10` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-public-key[`quarkus.oidc."tenant".public-key`]## +`quarkus.oidc."tenant".credentials.jwt.assertion` [.description] -- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. +If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`false` + -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name[`quarkus.oidc."tenant".introspection-credentials.name`]## +h|[[quarkus-oidc_section_quarkus-oidc-introspection-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-introspection-credentials[Optional introspection endpoint-specific basic authentication configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## + +`quarkus.oidc."tenant".introspection-credentials.name` [.description] -- @@ -3522,16 +1235,18 @@ Name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret[`quarkus.oidc."tenant".introspection-credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## + +`quarkus.oidc."tenant".introspection-credentials.secret` [.description] -- @@ -3539,16 +1254,18 @@ Secret ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id[`quarkus.oidc."tenant".introspection-credentials.include-client-id`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## + +`quarkus.oidc."tenant".introspection-credentials.include-client-id` [.description] -- @@ -3556,16 +1273,23 @@ Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path[`quarkus.oidc."tenant".roles.role-claim-path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-roles]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-roles[Configuration to find and parse custom claims which contain roles]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## + +`quarkus.oidc."tenant".roles.role-claim-path` [.description] -- @@ -3573,16 +1297,18 @@ A list of paths to claims containing an array of groups. Each path starts from t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator[`quarkus.oidc."tenant".roles.role-claim-separator`]## +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## + +`quarkus.oidc."tenant".roles.role-claim-separator` [.description] -- @@ -3590,16 +1316,18 @@ The separator for splitting strings that contain multiple group values. It is on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-source[`quarkus.oidc."tenant".roles.source`]## +a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## + +`quarkus.oidc."tenant".roles.source` [.description] -- @@ -3607,16 +1335,23 @@ Source of the principal roles. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issuer[`quarkus.oidc."tenant".token.issuer`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token[Configuration to customize validation of token claims]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## + +`quarkus.oidc."tenant".token.issuer` [.description] -- @@ -3624,16 +1359,18 @@ The expected issuer `iss` claim value. This property overrides the `issuer` prop ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-audience[`quarkus.oidc."tenant".token.audience`]## +a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## + +`quarkus.oidc."tenant".token.audience` [.description] -- @@ -3641,16 +1378,18 @@ The expected audience `aud` claim value, which can be a string or an array of st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-subject-required[`quarkus.oidc."tenant".token.subject-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## + +`quarkus.oidc."tenant".token.subject-required` [.description] -- @@ -3658,16 +1397,18 @@ Require that the token includes a `sub` (subject) claim which is a unique and ne ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name[`quarkus.oidc."tenant".token.required-claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## + +`quarkus.oidc."tenant".token.required-claims."claim-name"` [.description] -- @@ -3675,16 +1416,18 @@ A map of required claims and their expected values. For example, `quarkus.oidc.t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-token-type[`quarkus.oidc."tenant".token.token-type`]## +a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## + +`quarkus.oidc."tenant".token.token-type` [.description] -- @@ -3692,16 +1435,18 @@ Expected token type ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace[`quarkus.oidc."tenant".token.lifespan-grace`]## +a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## + +`quarkus.oidc."tenant".token.lifespan-grace` [.description] -- @@ -3709,16 +1454,18 @@ Life span grace period in seconds. When checking token expiry, current time is a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` endif::add-copy-button-to-env-var[] -- |int | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-age[`quarkus.oidc."tenant".token.age`]## +a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## + +`quarkus.oidc."tenant".token.age` [.description] -- @@ -3726,16 +1473,18 @@ Token age. It allows for the number of seconds to be specified that must not ela ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required[`quarkus.oidc."tenant".token.issued-at-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## + +`quarkus.oidc."tenant".token.issued-at-required` [.description] -- @@ -3743,16 +1492,18 @@ Require that the token includes a `iat` (issued at) claim Set this property to ` ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-principal-claim[`quarkus.oidc."tenant".token.principal-claim`]## +a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## + +`quarkus.oidc."tenant".token.principal-claim` [.description] -- @@ -3760,16 +1511,18 @@ Name of the claim which contains a principal name. By default, the `upn`, `prefe ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired[`quarkus.oidc."tenant".token.refresh-expired`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## + +`quarkus.oidc."tenant".token.refresh-expired` [.description] -- @@ -3777,16 +1530,18 @@ Refresh expired authorization code flow ID or access tokens. If this property is ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew[`quarkus.oidc."tenant".token.refresh-token-time-skew`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## + +`quarkus.oidc."tenant".token.refresh-token-time-skew` [.description] -- @@ -3794,16 +1549,18 @@ The refresh token time skew, in seconds. If this property is enabled, the config ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval[`quarkus.oidc."tenant".token.forced-jwk-refresh-interval`]## +a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## + +`quarkus.oidc."tenant".token.forced-jwk-refresh-interval` [.description] -- @@ -3811,16 +1568,18 @@ The forced JWK set refresh interval in minutes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-header[`quarkus.oidc."tenant".token.header`]## +a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## + +`quarkus.oidc."tenant".token.header` [.description] -- @@ -3828,16 +1587,18 @@ Custom HTTP header that contains a bearer token. This option is valid only when ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme[`quarkus.oidc."tenant".token.authorization-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## + +`quarkus.oidc."tenant".token.authorization-scheme` [.description] -- @@ -3845,16 +1606,18 @@ HTTP Authorization header scheme. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` endif::add-copy-button-to-env-var[] -- |string |`Bearer` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm[`quarkus.oidc."tenant".token.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## + +`quarkus.oidc."tenant".token.signature-algorithm` [.description] -- @@ -3862,16 +1625,18 @@ Required signature algorithm. OIDC providers support many signature algorithms b ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location[`quarkus.oidc."tenant".token.decryption-key-location`]## +a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## + +`quarkus.oidc."tenant".token.decryption-key-location` [.description] -- @@ -3879,16 +1644,18 @@ Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection[`quarkus.oidc."tenant".token.allow-jwt-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## + +`quarkus.oidc."tenant".token.allow-jwt-introspection` [.description] -- @@ -3896,16 +1663,18 @@ Allow the remote introspection of JWT tokens when no matching JWK key is availab ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only[`quarkus.oidc."tenant".token.require-jwt-introspection-only`]## +a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## + +`quarkus.oidc."tenant".token.require-jwt-introspection-only` [.description] -- @@ -3913,16 +1682,18 @@ Require that JWT tokens are only introspected remotely. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection[`quarkus.oidc."tenant".token.allow-opaque-token-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## + +`quarkus.oidc."tenant".token.allow-opaque-token-introspection` [.description] -- @@ -3930,16 +1701,18 @@ Allow the remote introspection of the opaque tokens. Set this property to `false ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-customizer-name[`quarkus.oidc."tenant".token.customizer-name`]## +a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## + +`quarkus.oidc."tenant".token.customizer-name` [.description] -- @@ -3947,16 +1720,18 @@ Token customizer name. Allows to select a tenant specific token customizer as a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info[`quarkus.oidc."tenant".token.verify-access-token-with-user-info`]## +a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## + +`quarkus.oidc."tenant".token.verify-access-token-with-user-info` [.description] -- @@ -3964,16 +1739,23 @@ Indirectly verify that the opaque (binary) access token is valid by using it to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-path[`quarkus.oidc."tenant".logout.path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-logout]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-logout[RP-initiated, back-channel and front-channel logout configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## + +`quarkus.oidc."tenant".logout.path` [.description] -- @@ -3981,16 +1763,18 @@ The relative path of the logout endpoint at the application. If provided, the ap ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path[`quarkus.oidc."tenant".logout.post-logout-path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## + +`quarkus.oidc."tenant".logout.post-logout-path` [.description] -- @@ -3998,16 +1782,18 @@ Relative path of the application endpoint where the user should be redirected to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param[`quarkus.oidc."tenant".logout.post-logout-uri-param`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## + +`quarkus.oidc."tenant".logout.post-logout-uri-param` [.description] -- @@ -4015,16 +1801,18 @@ Name of the post logout URI parameter which is added as a query parameter to the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` endif::add-copy-button-to-env-var[] -- |string |`post_logout_redirect_uri` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name[`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## + +`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"` [.description] -- @@ -4032,16 +1820,18 @@ Additional properties which is added as the query parameters to the logout redir ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path[`quarkus.oidc."tenant".logout.backchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## + +`quarkus.oidc."tenant".logout.backchannel.path` [.description] -- @@ -4049,16 +1839,18 @@ The relative path of the Back-Channel Logout endpoint at the application. It mus ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size[`quarkus.oidc."tenant".logout.backchannel.token-cache-size`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-size` [.description] -- @@ -4066,16 +1858,18 @@ Maximum number of logout tokens that can be cached before they are matched again ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- |int |`10` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live[`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live` [.description] -- @@ -4083,16 +1877,18 @@ Number of minutes a logout token can be cached for. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval[`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## + +`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval` [.description] -- @@ -4100,16 +1896,18 @@ Token cache timer interval. If this property is set, a timer checks and removes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key[`quarkus.oidc."tenant".logout.backchannel.logout-token-key`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## + +`quarkus.oidc."tenant".logout.backchannel.logout-token-key` [.description] -- @@ -4117,16 +1915,18 @@ Logout token claim whose value is used as a key for caching the tokens. Only `su ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` endif::add-copy-button-to-env-var[] -- |string |`sub` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path[`quarkus.oidc."tenant".logout.frontchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## + +`quarkus.oidc."tenant".logout.frontchannel.path` [.description] -- @@ -4134,16 +1934,23 @@ The relative path of the Front-Channel Logout endpoint at the application. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name[`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name`]## + +h|[[quarkus-oidc_section_quarkus-oidc-certificate-chain]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-certificate-chain[Configuration of the certificate chain which can be used to verify tokens]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## + +`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name` [.description] -- @@ -4151,16 +1958,18 @@ Common name of the leaf certificate. It must be set if the `trust-store-file` do ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file[`quarkus.oidc."tenant".certificate-chain.trust-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file` [.description] -- @@ -4168,16 +1977,18 @@ Truststore file which keeps thumbprints of the trusted certificates. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- |path | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password[`quarkus.oidc."tenant".certificate-chain.trust-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-password` [.description] -- @@ -4185,16 +1996,18 @@ A parameter to specify the password of the truststore file if it is configured w ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias[`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias` [.description] -- @@ -4202,16 +2015,18 @@ A parameter to specify the alias of the truststore certificate. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type[`quarkus.oidc."tenant".certificate-chain.trust-store-file-type`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file-type` [.description] -- @@ -4219,16 +2034,23 @@ An optional parameter to specify type of the truststore file. If not given, the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode[`quarkus.oidc."tenant".authentication.response-mode`]## + +h|[[quarkus-oidc_section_quarkus-oidc-authentication]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-authentication[Configuration for managing an authorization code flow]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## + +`quarkus.oidc."tenant".authentication.response-mode` [.description] -- @@ -4236,16 +2058,18 @@ Authorization code flow response mode. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] |tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path[`quarkus.oidc."tenant".authentication.redirect-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## + +`quarkus.oidc."tenant".authentication.redirect-path` [.description] -- @@ -4253,16 +2077,18 @@ The relative path for calculating a `redirect_uri` query parameter. It has to st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect[`quarkus.oidc."tenant".authentication.restore-path-after-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## + +`quarkus.oidc."tenant".authentication.restore-path-after-redirect` [.description] -- @@ -4270,16 +2096,18 @@ If this property is set to `true`, the original request URI which was used befor ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters[`quarkus.oidc."tenant".authentication.remove-redirect-parameters`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## + +`quarkus.oidc."tenant".authentication.remove-redirect-parameters` [.description] -- @@ -4287,16 +2115,18 @@ Remove the query parameters such as `code` and `state` set by the OIDC server on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-error-path[`quarkus.oidc."tenant".authentication.error-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## + +`quarkus.oidc."tenant".authentication.error-path` [.description] -- @@ -4304,16 +2134,18 @@ Relative path to the public endpoint which processes the error response from the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path[`quarkus.oidc."tenant".authentication.session-expired-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## + +`quarkus.oidc."tenant".authentication.session-expired-path` [.description] -- @@ -4325,16 +2157,18 @@ Set this property if you would like the user whose session has expired be redire ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token[`quarkus.oidc."tenant".authentication.verify-access-token`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## + +`quarkus.oidc."tenant".authentication.verify-access-token` [.description] -- @@ -4350,16 +2184,18 @@ Bearer access token is always verified. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when access token is injected as the JsonWebToken bean, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme[`quarkus.oidc."tenant".authentication.force-redirect-https-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## + +`quarkus.oidc."tenant".authentication.force-redirect-https-scheme` [.description] -- @@ -4367,16 +2203,18 @@ Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/ ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scopes[`quarkus.oidc."tenant".authentication.scopes`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## + +`quarkus.oidc."tenant".authentication.scopes` [.description] -- @@ -4384,16 +2222,18 @@ List of scopes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator[`quarkus.oidc."tenant".authentication.scope-separator`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## + +`quarkus.oidc."tenant".authentication.scope-separator` [.description] -- @@ -4401,16 +2241,18 @@ The separator which is used when more than one scope is configured. A single spa ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required[`quarkus.oidc."tenant".authentication.nonce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## + +`quarkus.oidc."tenant".authentication.nonce-required` [.description] -- @@ -4418,16 +2260,18 @@ Require that ID token includes a `nonce` claim which must match `nonce` authenti ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope[`quarkus.oidc."tenant".authentication.add-openid-scope`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## + +`quarkus.oidc."tenant".authentication.add-openid-scope` [.description] -- @@ -4435,16 +2279,18 @@ Add the `openid` scope automatically to the list of scopes. This is required for ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name[`quarkus.oidc."tenant".authentication.extra-params."parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".authentication.extra-params."parameter-name"` [.description] -- @@ -4452,16 +2298,18 @@ Additional properties added as query parameters to the authentication redirect U ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params[`quarkus.oidc."tenant".authentication.forward-params`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## + +`quarkus.oidc."tenant".authentication.forward-params` [.description] -- @@ -4469,16 +2317,18 @@ Request URL query parameters which, if present, are added to the authentication ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure[`quarkus.oidc."tenant".authentication.cookie-force-secure`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## + +`quarkus.oidc."tenant".authentication.cookie-force-secure` [.description] -- @@ -4486,16 +2336,18 @@ If enabled the state, session, and post logout cookies have their `secure` param ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix[`quarkus.oidc."tenant".authentication.cookie-suffix`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## + +`quarkus.oidc."tenant".authentication.cookie-suffix` [.description] -- @@ -4503,16 +2355,18 @@ Cookie name suffix. For example, a session cookie name for the default OIDC tena ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path[`quarkus.oidc."tenant".authentication.cookie-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## + +`quarkus.oidc."tenant".authentication.cookie-path` [.description] -- @@ -4520,16 +2374,18 @@ Cookie path parameter value which, if set, is used to set a path parameter for t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` endif::add-copy-button-to-env-var[] -- |string |`/` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header[`quarkus.oidc."tenant".authentication.cookie-path-header`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## + +`quarkus.oidc."tenant".authentication.cookie-path-header` [.description] -- @@ -4537,16 +2393,18 @@ Cookie path header parameter value which, if set, identifies the incoming HTTP h ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain[`quarkus.oidc."tenant".authentication.cookie-domain`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## + +`quarkus.oidc."tenant".authentication.cookie-domain` [.description] -- @@ -4554,16 +2412,18 @@ Cookie domain parameter value which, if set, is used for the session, state and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site[`quarkus.oidc."tenant".authentication.cookie-same-site`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## + +`quarkus.oidc."tenant".authentication.cookie-same-site` [.description] -- @@ -4571,16 +2431,18 @@ SameSite attribute for the session cookie. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` endif::add-copy-button-to-env-var[] -- a|`strict`, `lax`, `none` |`lax` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows[`quarkus.oidc."tenant".authentication.allow-multiple-code-flows`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## + +`quarkus.oidc."tenant".authentication.allow-multiple-code-flows` [.description] -- @@ -4588,16 +2450,18 @@ If a state cookie is present, a `state` query parameter must also be present and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param[`quarkus.oidc."tenant".authentication.fail-on-missing-state-param`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## + +`quarkus.oidc."tenant".authentication.fail-on-missing-state-param` [.description] -- @@ -4611,16 +2475,18 @@ However, setting this property to `false` might help if the above options are no ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required[`quarkus.oidc."tenant".authentication.user-info-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## + +`quarkus.oidc."tenant".authentication.user-info-required` [.description] -- @@ -4632,16 +2498,18 @@ It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point i ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when UserInfo bean is injected, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension[`quarkus.oidc."tenant".authentication.session-age-extension`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## + +`quarkus.oidc."tenant".authentication.session-age-extension` [.description] -- @@ -4649,16 +2517,18 @@ Session age extension in minutes. The user session age property is set to the va ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age[`quarkus.oidc."tenant".authentication.state-cookie-age`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## + +`quarkus.oidc."tenant".authentication.state-cookie-age` [.description] -- @@ -4666,16 +2536,18 @@ State cookie age in minutes. State cookie is created every time a new authorizat ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect[`quarkus.oidc."tenant".authentication.java-script-auto-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## + +`quarkus.oidc."tenant".authentication.java-script-auto-redirect` [.description] -- @@ -4685,16 +2557,18 @@ If this property is set to `false`, a status code of `499` is returned to allow ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required[`quarkus.oidc."tenant".authentication.id-token-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## + +`quarkus.oidc."tenant".authentication.id-token-required` [.description] -- @@ -4702,16 +2576,18 @@ Requires that ID token is available when the authorization code flow completes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan[`quarkus.oidc."tenant".authentication.internal-id-token-lifespan`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## + +`quarkus.oidc."tenant".authentication.internal-id-token-lifespan` [.description] -- @@ -4719,16 +2595,18 @@ Internal ID token lifespan. This property is only checked when an internal IdTok ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required[`quarkus.oidc."tenant".authentication.pkce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## + +`quarkus.oidc."tenant".authentication.pkce-required` [.description] -- @@ -4736,16 +2614,18 @@ Requires that a Proof Key for Code Exchange (PKCE) is used. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret[`quarkus.oidc."tenant".authentication.state-secret`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## + +`quarkus.oidc."tenant".authentication.state-secret` [.description] -- @@ -4759,16 +2639,23 @@ Error is reported if the secret length is less than 16 characters. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name[`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"`]## + +h|[[quarkus-oidc_section_quarkus-oidc-code-grant]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-code-grant[Configuration to complete an authorization code flow grant]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"` [.description] -- @@ -4776,16 +2663,18 @@ Additional parameters, in addition to the required `code` and `redirect-uri` par ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name[`quarkus.oidc."tenant".code-grant.headers."header-name"`]## +a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## + +`quarkus.oidc."tenant".code-grant.headers."header-name"` [.description] -- @@ -4793,16 +2682,23 @@ Custom HTTP headers which must be sent to complete the authorization code grant ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy[`quarkus.oidc."tenant".token-state-manager.strategy`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token-state-manager]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-state-manager[Default token state manager configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## + +`quarkus.oidc."tenant".token-state-manager.strategy` [.description] -- @@ -4810,16 +2706,18 @@ Default TokenStateManager strategy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` endif::add-copy-button-to-env-var[] -- a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] |tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens[`quarkus.oidc."tenant".token-state-manager.split-tokens`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## + +`quarkus.oidc."tenant".token-state-manager.split-tokens` [.description] -- @@ -4827,16 +2725,18 @@ Default TokenStateManager keeps all tokens (ID, access and refresh) returned in ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required[`quarkus.oidc."tenant".token-state-manager.encryption-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-required` [.description] -- @@ -4844,16 +2744,18 @@ Mandates that the Default TokenStateManager encrypt the session cookie that stor ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret[`quarkus.oidc."tenant".token-state-manager.encryption-secret`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-secret` [.description] -- @@ -4865,16 +2767,18 @@ The length of the secret used to encrypt the tokens should be at least 32 charac ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm[`quarkus.oidc."tenant".token-state-manager.encryption-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-algorithm` [.description] -- @@ -4882,170 +2786,171 @@ Session cookie key encryption algorithm ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] |tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache[`quarkus.oidc."tenant".allow-token-introspection-cache`]## - -[.description] --- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +h|[[quarkus-oidc_section_quarkus-oidc-jwks]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-jwks[How JsonWebKey verification key set should be acquired and managed]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` +a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache[`quarkus.oidc."tenant".allow-user-info-cache`]## +`quarkus.oidc."tenant".jwks.resolve-early` [.description] -- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. + +Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken[`quarkus.oidc."tenant".cache-user-info-in-idtoken`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## + +`quarkus.oidc."tenant".jwks.cache-size` [.description] -- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. +Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- -|boolean -| +|int +|`10` + +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early[`quarkus.oidc."tenant".jwks.resolve-early`]## +`quarkus.oidc."tenant".jwks.cache-time-to-live` [.description] -- -If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. - -Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. +Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`10M` + +a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size[`quarkus.oidc."tenant".jwks.cache-size`]## +`quarkus.oidc."tenant".jwks.clean-up-timer-interval` [.description] -- -Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. +Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- -|int -|`10` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live[`quarkus.oidc."tenant".jwks.cache-time-to-live`]## +`quarkus.oidc."tenant".jwks.try-all` [.description] -- -Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. +In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` +|boolean +|`false` + -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval[`quarkus.oidc."tenant".jwks.clean-up-timer-interval`]## +h|[[quarkus-oidc_section_quarkus-oidc-token-cache]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-cache[Default TokenIntrospection and UserInfo Cache configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## [.description] -- -Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. +Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| +|int +|`0` -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-try-all[`quarkus.oidc."tenant".jwks.try-all`]## +a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## [.description] -- -In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. +Maximum amount of time a given cache entry is valid for. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`3M` -a| [[quarkus-oidc_quarkus-oidc-tenant-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-provider[`quarkus.oidc."tenant".provider`]## +a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## [.description] -- -Well known OpenId Connect provider identifier +Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROVIDER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | diff --git a/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc b/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc index abff84fbb93..9d48a18d9b7 100644 --- a/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc +++ b/_generated-doc/main/config/quarkus-oidc_quarkus.oidc.adoc @@ -24,76 +24,44 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## - -[.description] --- -Grant type which will be used to acquire a token to test the OIDC 'service' applications - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## - -[.description] --- -Grant options - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map> -| - -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## [.description] -- -The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. +Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` +Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`4S` +|boolean +|`true` -a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-default-token-cache-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-default-token-cache-enabled[`quarkus.oidc.default-token-cache-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## [.description] -- -Enable the registration of the Default TokenIntrospection and UserInfo Cache implementation bean. Note: This only enables the default implementation. It requires configuration to be activated. See `OidcConfig++#++tokenCache`. +If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_DEFAULT_TOKEN_CACHE_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` endif::add-copy-button-to-env-var[] -- |boolean -|`true` +|`false` a| [[quarkus-oidc_quarkus-oidc-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-auth-server-url[`quarkus.oidc.auth-server-url`]## +`quarkus.oidc."tenant".auth-server-url` + [.description] -- The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. @@ -111,6 +79,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-discovery-enabled[`quarkus.oidc.discovery-enabled`]## +`quarkus.oidc."tenant".discovery-enabled` + [.description] -- Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. @@ -128,6 +98,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-registration-path[`quarkus.oidc.registration-path`]## +`quarkus.oidc."tenant".registration-path` + [.description] -- The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. @@ -145,6 +117,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-delay[`quarkus.oidc.connection-delay`]## +`quarkus.oidc."tenant".connection-delay` + [.description] -- The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. @@ -162,6 +136,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-retry-count[`quarkus.oidc.connection-retry-count`]## +`quarkus.oidc."tenant".connection-retry-count` + [.description] -- The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. @@ -179,6 +155,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-connection-timeout[`quarkus.oidc.connection-timeout`]## +`quarkus.oidc."tenant".connection-timeout` + [.description] -- The number of seconds after which the current OIDC connection request times out. @@ -196,6 +174,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-use-blocking-dns-lookup[`quarkus.oidc.use-blocking-dns-lookup`]## +`quarkus.oidc."tenant".use-blocking-dns-lookup` + [.description] -- Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. @@ -213,6 +193,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-max-pool-size[`quarkus.oidc.max-pool-size`]## +`quarkus.oidc."tenant".max-pool-size` + [.description] -- The maximum size of the connection pool used by the WebClient. @@ -230,6 +212,8 @@ endif::add-copy-button-to-env-var[] a| [[quarkus-oidc_quarkus-oidc-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-follow-redirects[`quarkus.oidc.follow-redirects`]## +`quarkus.oidc."tenant".follow-redirects` + [.description] -- Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. @@ -245,3276 +229,1005 @@ endif::add-copy-button-to-env-var[] |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## +a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## + +`quarkus.oidc."tenant".token-path` [.description] -- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. +The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## +a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## + +`quarkus.oidc."tenant".revoke-path` [.description] -- -The port number of the Proxy. The default value is `80`. +The relative path or absolute URL of the OIDC token revocation endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` +Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` endif::add-copy-button-to-env-var[] -- -|int -|`80` +|string +| -a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## +a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## + +`quarkus.oidc."tenant".client-id` [.description] -- -The username, if the Proxy needs authentication. +The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## +a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## + +`quarkus.oidc."tenant".client-name` [.description] -- -The password, if the Proxy needs authentication. +The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## + +`quarkus.oidc."tenant".tenant-id` [.description] -- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. +A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-path[`quarkus.oidc.token-path`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## + +`quarkus.oidc."tenant".tenant-enabled` [.description] -- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. +If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PATH+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-revoke-path[`quarkus.oidc.revoke-path`]## +a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## + +`quarkus.oidc."tenant".application-type` [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +The application type, which can be one of the following `ApplicationType` values. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] +|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] -a| [[quarkus-oidc_quarkus-oidc-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-id[`quarkus.oidc.client-id`]## +a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## + +`quarkus.oidc."tenant".authorization-path` [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-client-name[`quarkus.oidc.client-name`]## +a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## + +`quarkus.oidc."tenant".user-info-path` [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## + +`quarkus.oidc."tenant".introspection-path` [.description] -- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## + +`quarkus.oidc."tenant".jwks-path` [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## + +`quarkus.oidc."tenant".end-session-path` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## +a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## + +`quarkus.oidc."tenant".tenant-paths` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The paths which must be secured by this tenant. Tenant with the most specific path wins. +Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] +section of the OIDC multitenancy guide for explanation of allowed path patterns. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` endif::add-copy-button-to-env-var[] -- -|string +|list of string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## + +`quarkus.oidc."tenant".public-key` [.description] -- -The CredentialsProvider client secret key +The public key for the local JWT token verification. OIDC server connection is not created when this property is set. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## +a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## + +`quarkus.oidc."tenant".allow-token-introspection-cache` [.description] -- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## +a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## + +`quarkus.oidc."tenant".allow-user-info-cache` [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. +Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` endif::add-copy-button-to-env-var[] -- -a|`client`, `bearer` -|`client` +|boolean +|`true` -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## +a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## + +`quarkus.oidc."tenant".cache-user-info-in-idtoken` [.description] -- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. +Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. + +Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` endif::add-copy-button-to-env-var[] -- -|string +|boolean | -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## + +`quarkus.oidc."tenant".provider` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +Well known OpenId Connect provider identifier ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## - -[.description] --- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## - -[.description] --- -The CredentialsProvider client secret key - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## - -[.description] --- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## - -[.description] --- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## - -[.description] --- -A parameter to specify the password of the keystore file. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## - -[.description] --- -The private key id or alias. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## - -[.description] --- -The private key password. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## - -[.description] --- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## - -[.description] --- -The key identifier of the signing key added as a JWT `kid` header. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## - -[.description] --- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## - -[.description] --- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## - -[.description] --- -Additional claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## - -[.description] --- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## - -[.description] --- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## - -[.description] --- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-id[`quarkus.oidc.tenant-id`]## - -[.description] --- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ID+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-enabled[`quarkus.oidc.tenant-enabled`]## - -[.description] --- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-application-type[`quarkus.oidc.application-type`]## - -[.description] --- -The application type, which can be one of the following `ApplicationType` values. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_APPLICATION_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_APPLICATION_TYPE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] - -a| [[quarkus-oidc_quarkus-oidc-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authorization-path[`quarkus.oidc.authorization-path`]## - -[.description] --- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHORIZATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHORIZATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-user-info-path[`quarkus.oidc.user-info-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_USER_INFO_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_USER_INFO_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-path[`quarkus.oidc.introspection-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-path[`quarkus.oidc.jwks-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-end-session-path[`quarkus.oidc.end-session-path`]## - -[.description] --- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_END_SESSION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_END_SESSION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-paths[`quarkus.oidc.tenant-paths`]## - -[.description] --- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TENANT_PATHS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TENANT_PATHS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-public-key[`quarkus.oidc.public-key`]## - -[.description] --- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PUBLIC_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PUBLIC_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## - -[.description] --- -Name - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## - -[.description] --- -Secret - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## - -[.description] --- -Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## - -[.description] --- -A list of paths to claims containing an array of groups. Each path starts from the top level JWT JSON object and can contain multiple segments. Each segment represents a JSON object name only; for example: "realm/groups". Use double quotes with the namespace-qualified claim names. This property can be used if a token has no `groups` claim but has the groups set in one or more different claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## - -[.description] --- -The separator for splitting strings that contain multiple group values. It is only used if the "role-claim-path" property points to one or more custom claims whose values are strings. A single space is used by default because the standard `scope` claim can contain a space-separated sequence. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## - -[.description] --- -Source of the principal roles. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## - -[.description] --- -The expected issuer `iss` claim value. This property overrides the `issuer` property, which might be set in OpenId Connect provider's well-known configuration. If the `iss` claim value varies depending on the host, IP address, or tenant id of the provider, you can skip the issuer verification by setting this property to `any`, but it should be done only when other options (such as configuring the provider to use the fixed `iss` claim value) are not possible. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## - -[.description] --- -The expected audience `aud` claim value, which can be a string or an array of strings. Note the audience claim is verified for ID tokens by default. ID token audience must be equal to the value of `quarkus.oidc.client-id` property. Use this property to override the expected value if your OpenID Connect provider sets a different audience claim value in ID tokens. Set it to `any` if your provider does not set ID token audience` claim. Audience verification for access tokens is only done if this property is configured. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## - -[.description] --- -Require that the token includes a `sub` (subject) claim which is a unique and never reassigned identifier for the current user. Note that if you enable this property and if UserInfo is also required, both the token and UserInfo `sub` claims must be present and match each other. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## - -[.description] --- -A map of required claims and their expected values. For example, `quarkus.oidc.token.required-claims.org_id = org_xyz` would require tokens to have the `org_id` claim to be present and set to `org_xyz`. Strings are the only supported types. Use `SecurityIdentityAugmentor` to verify claims of other types or complex claims. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## - -[.description] --- -Expected token type - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## - -[.description] --- -Life span grace period in seconds. When checking token expiry, current time is allowed to be later than token expiration time by at most the configured number of seconds. When checking token issuance, current time is allowed to be sooner than token issue time by at most the configured number of seconds. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` -endif::add-copy-button-to-env-var[] --- -|int -| - -a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## - -[.description] --- -Token age. It allows for the number of seconds to be specified that must not elapse since the `iat` (issued at) time. A small leeway to account for clock skew which can be configured with `quarkus.oidc.token.lifespan-grace` to verify the token expiry time can also be used to verify the token age property. Note that setting this property does not relax the requirement that Bearer and Code Flow JWT tokens must have a valid (`exp`) expiry claim value. The only exception where setting this property relaxes the requirement is when a logout token is sent with a back-channel logout request since the current OpenId Connect Back-Channel specification does not explicitly require the logout tokens to contain an `exp` claim. However, even if the current logout token is allowed to have no `exp` claim, the `exp` claim is still verified if the logout token contains it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## - -[.description] --- -Require that the token includes a `iat` (issued at) claim Set this property to `false` if your JWT token does not contain an `iat` (issued at) claim. Note that ID token is always required to have an `iat` claim and therefore this property has no impact on the ID token verification process. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## - -[.description] --- -Name of the claim which contains a principal name. By default, the `upn`, `preferred_username` and `sub` claims are checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## - -[.description] --- -Refresh expired authorization code flow ID or access tokens. If this property is enabled, a refresh token request is performed if the authorization code ID or access token has expired and, if successful, the local session is updated with the new set of tokens. Otherwise, the local session is invalidated and the user redirected to the OpenID Provider to re-authenticate. In this case, the user might not be challenged again if the OIDC provider session is still active. For this option be effective the `authentication.session-age-extension` property should also be set to a nonzero value since the refresh token is currently kept in the user session. This option is valid only when the application is of type `ApplicationType++#++WEB_APP`++}++. This property is enabled if `quarkus.oidc.token.refresh-token-time-skew` is configured, you do not need to enable this property manually in this case. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## - -[.description] --- -The refresh token time skew, in seconds. If this property is enabled, the configured number of seconds is added to the current time when checking if the authorization code ID or access token should be refreshed. If the sum is greater than the authorization code ID or access token's expiration time, a refresh is going to happen. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## - -[.description] --- -The forced JWK set refresh interval in minutes. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## - -[.description] --- -Custom HTTP header that contains a bearer token. This option is valid only when the application is of type `ApplicationType++#++SERVICE`++}++. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## - -[.description] --- -HTTP Authorization header scheme. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|string -|`Bearer` - -a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## - -[.description] --- -Required signature algorithm. OIDC providers support many signature algorithms but if necessary you can restrict Quarkus application to accept tokens signed only using an algorithm configured with this property. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` -| - -a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## - -[.description] --- -Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId Connect providers. However, it is not always possible to remotely introspect such tokens because the providers might not control the private decryption keys. In such cases set this property to point to the file containing the decryption private key in PEM or JSON Web Key (JWK) format. If this property is not set and the `private_key_jwt` client authentication method is used, the private key used to sign the client authentication JWT tokens are also used to decrypt the encrypted ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## - -[.description] --- -Allow the remote introspection of JWT tokens when no matching JWK key is available. This property is set to `true` by default for backward-compatibility reasons. It is planned that this default value will be changed to `false` in an upcoming release. Also note this property is ignored if JWK endpoint URI is not available and introspecting the tokens is the only verification option. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## - -[.description] --- -Require that JWT tokens are only introspected remotely. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## - -[.description] --- -Allow the remote introspection of the opaque tokens. Set this property to `false` if only JWT tokens are expected. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## - -[.description] --- -Token customizer name. Allows to select a tenant specific token customizer as a named bean. Prefer using `TenantFeature` qualifier when registering custom `TokenCustomizer`. Use this property only to refer to `TokenCustomizer` implementations provided by this extension. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## - -[.description] --- -Indirectly verify that the opaque (binary) access token is valid by using it to request UserInfo. Opaque access token is considered valid if the provider accepted this token and returned a valid UserInfo. You should only enable this option if the opaque access tokens must be accepted but OpenId Connect provider does not have a token introspection endpoint. This property has no effect when JWT tokens must be verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## - -[.description] --- -The relative path of the logout endpoint at the application. If provided, the application is able to initiate the logout through this endpoint in conformance with the OpenID Connect RP-Initiated Logout specification. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## - -[.description] --- -Relative path of the application endpoint where the user should be redirected to after logging out from the OpenID Connect Provider. This endpoint URI must be properly registered at the OpenID Connect Provider as a valid redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## - -[.description] --- -Name of the post logout URI parameter which is added as a query parameter to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|string -|`post_logout_redirect_uri` - -a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## - -[.description] --- -Additional properties which is added as the query parameters to the logout redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## - -[.description] --- -The relative path of the Back-Channel Logout endpoint at the application. It must start with the forward slash '/', for example, '/back-channel-logout'. This value is always resolved relative to 'quarkus.http.root-path'. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## - -[.description] --- -Maximum number of logout tokens that can be cached before they are matched against ID tokens stored in session cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## - -[.description] --- -Number of minutes a logout token can be cached for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## - -[.description] --- -Token cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## - -[.description] --- -Logout token claim whose value is used as a key for caching the tokens. Only `sub` (subject) and `sid` (session id) claims can be used as keys. Set it to `sid` only if ID tokens issued by the OIDC provider have no `sub` but have `sid` claim. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` -endif::add-copy-button-to-env-var[] --- -|string -|`sub` - -a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## - -[.description] --- -The relative path of the Front-Channel Logout endpoint at the application. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## - -[.description] --- -Common name of the leaf certificate. It must be set if the `trust-store-file` does not have this certificate imported. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## - -[.description] --- -Truststore file which keeps thumbprints of the trusted certificates. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` -endif::add-copy-button-to-env-var[] --- -|path -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## - -[.description] --- -A parameter to specify the password of the truststore file if it is configured with `trust-store-file`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## - -[.description] --- -A parameter to specify the alias of the truststore certificate. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## - -[.description] --- -An optional parameter to specify type of the truststore file. If not given, the type is automatically detected based on the file name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## - -[.description] --- -Authorization code flow response mode. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] -|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] - -a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## - -[.description] --- -The relative path for calculating a `redirect_uri` query parameter. It has to start from a forward slash and is appended to the request URI's host and port. For example, if the current request URI is `https://localhost:8080/service`, a `redirect_uri` parameter is set to `https://localhost:8080/` if this property is set to `/` and be the same as the request URI if this property has not been configured. Note the original request URI is restored after the user has authenticated if `restorePathAfterRedirect` is set to `true`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## - -[.description] --- -If this property is set to `true`, the original request URI which was used before the authentication is restored after the user has been redirected back to the application. Note if `redirectPath` property is not set, the original request URI is restored even if this property is disabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## - -[.description] --- -Remove the query parameters such as `code` and `state` set by the OIDC server on the redirect URI after the user has authenticated by redirecting a user to the same URI but without the query parameters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## - -[.description] --- -Relative path to the public endpoint which processes the error response from the OIDC authorization endpoint. If the user authentication has failed, the OIDC provider returns an `error` and an optional `error_description` parameters, instead of the expected authorization `code`. If this property is set, the user is redirected to the endpoint which can return a user-friendly error description page. It has to start from a forward slash and is appended to the request URI's host and port. For example, if it is set as `/error` and the current request URI is `https://localhost:8080/callback?error=invalid_scope`, a redirect is made to `https://localhost:8080/error?error=invalid_scope`. If this property is not set, HTTP 401 status is returned in case of the user authentication failure. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## - -[.description] --- -Relative path to the public endpoint which an authenticated user is redirected to when the session has expired. - -When the OIDC session has expired and the session can not be refreshed, a user is redirected to the OIDC provider to re-authenticate. The user experience may not be ideal in this case as it may not be obvious to the authenticated user why an authentication challenge is returned. - -Set this property if you would like the user whose session has expired be redirected to a public application specific page instead, which can inform that the session has expired and advise the user to re-authenticated by following a link to the secured initial entry page. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## - -[.description] --- -Both ID and access tokens are fetched from the OIDC provider as part of the authorization code flow. - -ID token is always verified on every user request as the primary token which is used to represent the principal and extract the roles. - -Authorization code flow access token is meant to be propagated to downstream services and is not verified by default unless `quarkus.oidc.roles.source` property is set to `accesstoken` which means the authorization decision is based on the roles extracted from the access token. - -Authorization code flow access token verification is also enabled if this token is injected as JsonWebToken. Set this property to `false` if it is not required. - -Bearer access token is always verified. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when access token is injected as the JsonWebToken bean, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## - -[.description] --- -Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/TLS terminating reverse proxy. This property, if enabled, also affects the logout `post_logout_redirect_uri` and the local redirect requests. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## - -[.description] --- -List of scopes - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## - -[.description] --- -The separator which is used when more than one scope is configured. A single space is used by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## - -[.description] --- -Require that ID token includes a `nonce` claim which must match `nonce` authentication request query parameter. Enabling this property can help mitigate replay attacks. Do not enable this property if your OpenId Connect provider does not support setting `nonce` in ID token or if you work with OAuth2 provider such as `GitHub` which does not issue ID tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## - -[.description] --- -Add the `openid` scope automatically to the list of scopes. This is required for OpenId Connect providers, but does not work for OAuth2 providers such as Twitter OAuth2, which do not accept this scope and throw errors. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## - -[.description] --- -Additional properties added as query parameters to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## - -[.description] --- -Request URL query parameters which, if present, are added to the authentication redirect URI. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` -endif::add-copy-button-to-env-var[] --- -|list of string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## - -[.description] --- -If enabled the state, session, and post logout cookies have their `secure` parameter set to `true` when HTTP is used. It might be necessary when running behind an SSL/TLS terminating reverse proxy. The cookies are always secure if HTTPS is used, even if this property is set to false. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## - -[.description] --- -Cookie name suffix. For example, a session cookie name for the default OIDC tenant is `q_session` but can be changed to `q_session_test` if this property is set to `test`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## - -[.description] --- -Cookie path parameter value which, if set, is used to set a path parameter for the session, state and post logout cookies. The `cookie-path-header` property, if set, is checked first. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -|`/` - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## - -[.description] --- -Cookie path header parameter value which, if set, identifies the incoming HTTP header whose value is used to set a path parameter for the session, state and post logout cookies. If the header is missing, the `cookie-path` property is checked. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## - -[.description] --- -Cookie domain parameter value which, if set, is used for the session, state and post logout cookies. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## - -[.description] --- -SameSite attribute for the session cookie. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` -endif::add-copy-button-to-env-var[] --- -a|`strict`, `lax`, `none` -|`lax` - -a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## - -[.description] --- -If a state cookie is present, a `state` query parameter must also be present and both the state cookie name suffix and state cookie value must match the value of the `state` query parameter when the redirect path matches the current path. However, if multiple authentications are attempted from the same browser, for example, from the different browser tabs, then the currently available state cookie might represent the authentication flow initiated from another tab and not related to the current request. Disable this property to permit only a single authorization code flow in the same browser. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## - -[.description] --- -Fail with the HTTP 401 error if the state cookie is present but no state query parameter is present. - -When either multiple authentications are disabled or the redirect URL matches the original request URL, the stale state cookie might remain in the browser cache from the earlier failed redirect to an OpenId Connect provider and be visible during the current request. For example, if Single-page application (SPA) uses XHR to handle redirects to the provider which does not support CORS for its authorization endpoint, the browser blocks it and the state cookie created by Quarkus remains in the browser cache. Quarkus reports an authentication failure when it detects such an old state cookie but find no matching state query parameter. - -Reporting HTTP 401 error is usually the right thing to do in such cases, it minimizes a risk of the browser redirect loop but also can identify problems in the way SPA or Quarkus application manage redirects. For example, enabling `java-script-auto-redirect` or having the provider redirect to URL configured with `redirect-path` might be needed to avoid such errors. - -However, setting this property to `false` might help if the above options are not suitable. It causes a new authentication redirect to OpenId Connect provider. Doing so might increase the risk of browser redirect loops. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## - -[.description] --- -If this property is set to `true`, an OIDC UserInfo endpoint is called. - -This property is enabled automatically if `quarkus.oidc.roles.source` is set to `userinfo` or `quarkus.oidc.token.verify-access-token-with-user-info` is set to `true` or `quarkus.oidc.authentication.id-token-required` is set to `false`, the current OIDC tenant must support a UserInfo endpoint in these cases. - -It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point is detected but only if the current OIDC tenant supports a UserInfo endpoint. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true when UserInfo bean is injected, false otherwise` - -a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## - -[.description] --- -Session age extension in minutes. The user session age property is set to the value of the ID token life-span by default and the user is redirected to the OIDC provider to re-authenticate once the session has expired. If this property is set to a nonzero value, then the expired ID token can be refreshed before the session has expired. This property is ignored if the `token.refresh-expired` property has not been enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## - -[.description] --- -State cookie age in minutes. State cookie is created every time a new authorization code flow redirect starts and removed when this flow is completed. State cookie name is unique by default, see `allow-multiple-code-flows`. Keep its age to the reasonable minimum value such as 5 minutes or less. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## - -[.description] --- -If this property is set to `true`, a normal 302 redirect response is returned if the request was initiated by a JavaScript API such as XMLHttpRequest or Fetch and the current user needs to be (re)authenticated, which might not be desirable for Single-page applications (SPA) since it automatically following the redirect might not work given that OIDC authorization endpoints typically do not support CORS. - -If this property is set to `false`, a status code of `499` is returned to allow SPA to handle the redirect manually if a request header identifying current request as a JavaScript request is found. `X-Requested-With` request header with its value set to either `JavaScript` or `XMLHttpRequest` is expected by default if this property is enabled. You can register a custom `JavaScriptRequestChecker` to do a custom JavaScript request check instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## - -[.description] --- -Requires that ID token is available when the authorization code flow completes. Disable this property only when you need to use the authorization code flow with OAuth2 providers which do not return ID token - an internal IdToken is generated in such cases. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## - -[.description] --- -Internal ID token lifespan. This property is only checked when an internal IdToken is generated when Oauth2 providers do not return IdToken. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`5M` - -a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## - -[.description] --- -Requires that a Proof Key for Code Exchange (PKCE) is used. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## - -[.description] --- -Secret used to encrypt Proof Key for Code Exchange (PKCE) code verifier and/or nonce in the code flow state. This secret should be at least 32 characters long. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. A client secret is not be used as a state encryption secret if it is less than 32 characters long. - -The secret is auto-generated if it remains uninitialized after checking all of these properties. - -Error is reported if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## - -[.description] --- -Additional parameters, in addition to the required `code` and `redirect-uri` parameters, which must be included to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## - -[.description] --- -Custom HTTP headers which must be sent to complete the authorization code grant request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` -endif::add-copy-button-to-env-var[] --- -|Map -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## - -[.description] --- -Default TokenStateManager strategy. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] -|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## - -[.description] --- -Default TokenStateManager keeps all tokens (ID, access and refresh) returned in the authorization code grant response in a single session cookie by default. Enable this property to minimize a session cookie size - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## - -[.description] --- -Mandates that the Default TokenStateManager encrypt the session cookie that stores the tokens. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## - -[.description] --- -The secret used by the Default TokenStateManager to encrypt the session cookie storing the tokens when `encryption-required` property is enabled. - -If this secret is not set, the client secret configured with either `quarkus.oidc.credentials.secret` or `quarkus.oidc.credentials.client-secret.value` is checked. Finally, `quarkus.oidc.credentials.jwt.secret` which can be used for `client_jwt_secret` authentication is checked. The secret is auto-generated every time an application starts if it remains uninitialized after checking all of these properties. Generated secret can not decrypt the session cookie encrypted before the restart, therefore a user re-authentication will be required. - -The length of the secret used to encrypt the tokens should be at least 32 characters long. A warning is logged if the secret length is less than 16 characters. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## - -[.description] --- -Session cookie key encryption algorithm - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] -|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] - -a| [[quarkus-oidc_quarkus-oidc-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-token-introspection-cache[`quarkus.oidc.allow-token-introspection-cache`]## - -[.description] --- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_TOKEN_INTROSPECTION_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-allow-user-info-cache[`quarkus.oidc.allow-user-info-cache`]## - -[.description] --- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_ALLOW_USER_INFO_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-cache-user-info-in-idtoken[`quarkus.oidc.cache-user-info-in-idtoken`]## - -[.description] --- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_CACHE_USER_INFO_IN_IDTOKEN+++` -endif::add-copy-button-to-env-var[] --- -|boolean -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## - -[.description] --- -If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. - -Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## - -[.description] --- -Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` - -a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## - -[.description] --- -Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` - -a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## - -[.description] --- -Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## - -[.description] --- -In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-provider[`quarkus.oidc.provider`]## - -[.description] --- -Well known OpenId Connect provider identifier - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` -endif::add-copy-button-to-env-var[] --- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` -| - -a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## - -[.description] --- -Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -|`0` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## - -[.description] --- -Maximum amount of time a given cache entry is valid for. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`3M` - -a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## - -[.description] --- -Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-resolve-tenants-with-issuer[`quarkus.oidc.resolve-tenants-with-issuer`]## - -[.description] --- -If OIDC tenants should be resolved using the bearer access token's issuer (`iss`) claim value. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC_RESOLVE_TENANTS_WITH_ISSUER+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -h|[[quarkus-oidc_section_quarkus-oidc]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc[Additional named tenants]## -h|Type -h|Default - -a| [[quarkus-oidc_quarkus-oidc-tenant-auth-server-url]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-auth-server-url[`quarkus.oidc."tenant".auth-server-url`]## - -[.description] --- -The base URL of the OpenID Connect (OIDC) server, for example, `https://host:port/auth`. Do not set this property if you use 'quarkus-oidc' and the public key verification (`public-key`) or certificate chain verification only (`certificate-chain`) is required. The OIDC discovery endpoint is called by default by appending a `.well-known/openid-configuration` path to this URL. For Keycloak, use `https://host:port/realms/++{++realm++}++`, replacing `++{++realm++}++` with the Keycloak realm name. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTH_SERVER_URL+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-discovery-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-discovery-enabled[`quarkus.oidc."tenant".discovery-enabled`]## - -[.description] --- -Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__DISCOVERY_ENABLED+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-registration-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-registration-path[`quarkus.oidc."tenant".registration-path`]## - -[.description] --- -The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REGISTRATION_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-delay]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-delay[`quarkus.oidc."tenant".connection-delay`]## - -[.description] --- -The duration to attempt the initial connection to an OIDC server. For example, setting the duration to `20S` allows 10 retries, each 2 seconds apart. This property is only effective when the initial OIDC connection is created. For dropped connections, use the `connection-retry-count` property instead. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_DELAY+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-retry-count]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-retry-count[`quarkus.oidc."tenant".connection-retry-count`]## - -[.description] --- -The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from `connection-delay`, which applies only to initial connection attempts. For instance, if a request to the OIDC token endpoint fails due to a connection issue, it will be retried as per this setting. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_RETRY_COUNT+++` -endif::add-copy-button-to-env-var[] --- -|int -|`3` - -a| [[quarkus-oidc_quarkus-oidc-tenant-connection-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-connection-timeout[`quarkus.oidc."tenant".connection-timeout`]## - -[.description] --- -The number of seconds after which the current OIDC connection request times out. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CONNECTION_TIMEOUT+++` -endif::add-copy-button-to-env-var[] --- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10S` - -a| [[quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-use-blocking-dns-lookup[`quarkus.oidc."tenant".use-blocking-dns-lookup`]## - -[.description] --- -Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USE_BLOCKING_DNS_LOOKUP+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`false` - -a| [[quarkus-oidc_quarkus-oidc-tenant-max-pool-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-max-pool-size[`quarkus.oidc."tenant".max-pool-size`]## - -[.description] --- -The maximum size of the connection pool used by the WebClient. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__MAX_POOL_SIZE+++` -endif::add-copy-button-to-env-var[] --- -|int -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-follow-redirects]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-follow-redirects[`quarkus.oidc."tenant".follow-redirects`]## - -[.description] --- -Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__FOLLOW_REDIRECTS+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-host[`quarkus.oidc."tenant".proxy.host`]## - -[.description] --- -The host name or IP address of the Proxy. + -Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_HOST+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_HOST+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-port[`quarkus.oidc."tenant".proxy.port`]## - -[.description] --- -The port number of the Proxy. The default value is `80`. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PORT+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PORT+++` -endif::add-copy-button-to-env-var[] --- -|int -|`80` - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-username[`quarkus.oidc."tenant".proxy.username`]## - -[.description] --- -The username, if the Proxy needs authentication. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_USERNAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-proxy-password[`quarkus.oidc."tenant".proxy.password`]## - -[.description] --- -The password, if the Proxy needs authentication. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROXY_PASSWORD+++` -endif::add-copy-button-to-env-var[] --- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tls-tls-configuration-name[`quarkus.oidc."tenant".tls.tls-configuration-name`]## - -[.description] --- -The name of the TLS configuration to use. - -If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. - -The default TLS configuration is *not* used by default. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROVIDER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TLS_TLS_CONFIGURATION_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROVIDER+++` endif::add-copy-button-to-env-var[] -- -|string +a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-path[`quarkus.oidc."tenant".token-path`]## - -[.description] --- -The OIDC token endpoint that issues access and refresh tokens; specified as a relative path or absolute URL. Set if `discovery-enabled` is `false` or a discovered token endpoint path must be customized. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PATH+++` -endif::add-copy-button-to-env-var[] --- -|string -| +h|[[quarkus-oidc_section_quarkus-oidc-devui]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-devui[OIDC Dev UI configuration which is effective in dev mode only]## +h|Type +h|Default -a| [[quarkus-oidc_quarkus-oidc-tenant-revoke-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-revoke-path[`quarkus.oidc."tenant".revoke-path`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-type[`quarkus.oidc.devui.grant.type`]## [.description] -- -The relative path or absolute URL of the OIDC token revocation endpoint. +Grant type which will be used to acquire a token to test the OIDC 'service' applications ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__REVOKE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_TYPE+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:client['client_credentials' grant], tooltip:password['password' grant], tooltip:code['authorization_code' grant], tooltip:implicit['implicit' grant] | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-id[`quarkus.oidc."tenant".client-id`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-grant-options-option-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-grant-options-option-name[`quarkus.oidc.devui.grant-options."option-name"`]## [.description] -- -The client id of the application. Each application has a client id that is used to identify the application. Setting the client id is not required if `application-type` is `service` and no token introspection is required. +Grant options ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_GRANT_OPTIONS__OPTION_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map> | -a| [[quarkus-oidc_quarkus-oidc-tenant-client-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-client-name[`quarkus.oidc."tenant".client-name`]## +a|icon:lock[title=Fixed at build time] [[quarkus-oidc_quarkus-oidc-devui-web-client-timeout]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-devui-web-client-timeout[`quarkus.oidc.devui.web-client-timeout`]## [.description] -- -The client name of the application. It is meant to represent a human readable description of the application which you may provide when an application (client) is registered in an OpenId Connect provider's dashboard. For example, you can set this property to have more informative log messages which record an activity of the given client. +The WebClient timeout. Use this property to configure how long an HTTP client used by Dev UI handlers will wait for a response when requesting tokens from OpenId Connect Provider and sending them to the service endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CLIENT_NAME+++` +Environment variable: `+++QUARKUS_OIDC_DEVUI_WEB_CLIENT_TIMEOUT+++` endif::add-copy-button-to-env-var[] -- -|string -| - -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-secret[`quarkus.oidc."tenant".credentials.secret`]## +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`4S` -[.description] --- -The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. +h|[[quarkus-oidc_section_quarkus-oidc-proxy]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-proxy[HTTP proxy configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_SECRET+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-proxy-host]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-host[`quarkus.oidc.proxy.host`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-value[`quarkus.oidc."tenant".credentials.client-secret.value`]## +`quarkus.oidc."tenant".proxy.host` [.description] -- -The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. +The host name or IP address of the Proxy. + +Note: If the OIDC adapter requires a Proxy to talk with the OIDC server (Provider), set this value to enable the usage of a Proxy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_HOST+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_VALUE+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_HOST+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-name[`quarkus.oidc."tenant".credentials.client-secret.provider.name`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-port]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-port[`quarkus.oidc.proxy.port`]## + +`quarkus.oidc."tenant".proxy.port` [.description] -- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +The port number of the Proxy. The default value is `80`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PORT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PORT+++` endif::add-copy-button-to-env-var[] -- -|string -| +|int +|`80` + +a| [[quarkus-oidc_quarkus-oidc-proxy-username]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-username[`quarkus.oidc.proxy.username`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name`]## +`quarkus.oidc."tenant".proxy.username` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The username, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_USERNAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_USERNAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-provider-key[`quarkus.oidc."tenant".credentials.client-secret.provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-proxy-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-proxy-password[`quarkus.oidc.proxy.password`]## + +`quarkus.oidc."tenant".proxy.password` [.description] -- -The CredentialsProvider client secret key +The password, if the Proxy needs authentication. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_PROXY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_PROXY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-client-secret-method[`quarkus.oidc."tenant".credentials.client-secret.method`]## - -[.description] --- -The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. +h|[[quarkus-oidc_section_quarkus-oidc-tls]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-tls[TLS configuration]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_CLIENT_SECRET_METHOD+++` -endif::add-copy-button-to-env-var[] --- -a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] -| +a| [[quarkus-oidc_quarkus-oidc-tls-tls-configuration-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tls-tls-configuration-name[`quarkus.oidc.tls.tls-configuration-name`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-source[`quarkus.oidc."tenant".credentials.jwt.source`]## +`quarkus.oidc."tenant".tls.tls-configuration-name` [.description] -- -JWT token source: OIDC provider client or an existing JWT bearer token. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SOURCE+++` -endif::add-copy-button-to-env-var[] --- -a|`client`, `bearer` -|`client` +The name of the TLS configuration to use. -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret[`quarkus.oidc."tenant".credentials.jwt.secret`]## +If a name is configured, it uses the configuration from `quarkus.tls..++*++` If a name is configured, but no TLS configuration is found with that name then an error will be thrown. -[.description] --- -If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. +The default TLS configuration is *not* used by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_TLS_TLS_CONFIGURATION_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.name`]## - -[.description] --- -The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered +h|[[quarkus-oidc_section_quarkus-oidc-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-credentials[Different authentication options for OIDC client to access OIDC token and other secured endpoints]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` -endif::add-copy-button-to-env-var[] --- -|string -| +a| [[quarkus-oidc_quarkus-oidc-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-secret[`quarkus.oidc.credentials.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name`]## +`quarkus.oidc."tenant".credentials.secret` [.description] -- -The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager +The client secret used by the `client_secret_basic` authentication method. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. You can use `client-secret.value` instead, but both properties are mutually exclusive. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-secret-provider-key[`quarkus.oidc."tenant".credentials.jwt.secret-provider.key`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-value]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-value[`quarkus.oidc.credentials.client-secret.value`]## + +`quarkus.oidc."tenant".credentials.client-secret.value` [.description] -- -The CredentialsProvider client secret key +The client secret value. This value is ignored if `credentials.secret` is set. Must be set unless a secret is set in `client-secret` or `jwt` client authentication is required. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_VALUE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key[`quarkus.oidc."tenant".credentials.jwt.key`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-name[`quarkus.oidc.credentials.client-secret.provider.name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.name` [.description] -- -String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-file[`quarkus.oidc."tenant".credentials.jwt.key-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-keyring-name[`quarkus.oidc.credentials.client-secret.provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.keyring-name` [.description] -- -If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-file[`quarkus.oidc."tenant".credentials.jwt.key-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-provider-key[`quarkus.oidc.credentials.client-secret.provider.key`]## + +`quarkus.oidc."tenant".credentials.client-secret.provider.key` [.description] -- -If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-store-password[`quarkus.oidc."tenant".credentials.jwt.key-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-client-secret-method]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-client-secret-method[`quarkus.oidc.credentials.client-secret.method`]## + +`quarkus.oidc."tenant".credentials.client-secret.method` [.description] -- -A parameter to specify the password of the keystore file. +The authentication method. If the `clientSecret.value` secret is set, this method is `basic` by default. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_CLIENT_SECRET_METHOD+++` endif::add-copy-button-to-env-var[] -- -|string +a|tooltip:basic[`client_secret_basic` (default)\: The client id and secret are submitted with the HTTP Authorization Basic scheme.], tooltip:post[`client_secret_post`\: The client id and secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:post-jwt[`client_secret_jwt`\: The client id and generated JWT secret are submitted as the `client_id` and `client_secret` form parameters.], tooltip:query[client id and secret are submitted as HTTP query parameters. This option is only supported by the OIDC extension.] | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-id[`quarkus.oidc."tenant".credentials.jwt.key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-source[`quarkus.oidc.credentials.jwt.source`]## + +`quarkus.oidc."tenant".credentials.jwt.source` [.description] -- -The private key id or alias. +JWT token source: OIDC provider client or an existing JWT bearer token. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SOURCE+++` endif::add-copy-button-to-env-var[] -- -|string -| +a|`client`, `bearer` +|`client` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret[`quarkus.oidc.credentials.jwt.secret`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-key-password[`quarkus.oidc."tenant".credentials.jwt.key-password`]## +`quarkus.oidc."tenant".credentials.jwt.secret` [.description] -- -The private key password. +If provided, indicates that JWT is signed using a secret key. It is mutually exclusive with `key`, `key-file` and `key-store` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_KEY_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-audience[`quarkus.oidc."tenant".credentials.jwt.audience`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-name[`quarkus.oidc.credentials.jwt.secret-provider.name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.name` [.description] -- -The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. +The CredentialsProvider bean name, which should only be set if more than one CredentialsProvider is registered ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-token-key-id[`quarkus.oidc."tenant".credentials.jwt.token-key-id`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-keyring-name[`quarkus.oidc.credentials.jwt.secret-provider.keyring-name`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.keyring-name` [.description] -- -The key identifier of the signing key added as a JWT `kid` header. +The CredentialsProvider keyring name. The keyring name is only required when the CredentialsProvider being used requires the keyring name to look up the secret, which is often the case when a CredentialsProvider is shared by multiple extensions to retrieve credentials from a more dynamic source like a vault instance or secret manager ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_TOKEN_KEY_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEYRING_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-issuer[`quarkus.oidc."tenant".credentials.jwt.issuer`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-secret-provider-key[`quarkus.oidc.credentials.jwt.secret-provider.key`]## + +`quarkus.oidc."tenant".credentials.jwt.secret-provider.key` [.description] -- -The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. +The CredentialsProvider client secret key ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SECRET_PROVIDER_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-subject[`quarkus.oidc."tenant".credentials.jwt.subject`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key[`quarkus.oidc.credentials.jwt.key`]## + +`quarkus.oidc."tenant".credentials.jwt.key` [.description] -- -Subject of the signing key added as a JWT `sub` claim The default value is the client id. +String representation of a private key. If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key-file` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SUBJECT+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-claims-claim-name[`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-file[`quarkus.oidc.credentials.jwt.key-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-file` [.description] -- -Additional claims. +If provided, indicates that JWT is signed using a private key in PEM or JWK format. It is mutually exclusive with `secret`, `key` and `key-store` properties. You can use the `signature-algorithm` property to override the default key algorithm, `RS256`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_FILE+++` endif::add-copy-button-to-env-var[] -- -|Map +|string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-signature-algorithm[`quarkus.oidc."tenant".credentials.jwt.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-file[`quarkus.oidc.credentials.jwt.key-store-file`]## + +`quarkus.oidc."tenant".credentials.jwt.key-store-file` [.description] -- -The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. +If provided, indicates that JWT is signed using a private key from a keystore. It is mutually exclusive with `secret`, `key` and `key-file` properties. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-lifespan[`quarkus.oidc."tenant".credentials.jwt.lifespan`]## - -[.description] --- -The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. - - -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_LIFESPAN+++` -endif::add-copy-button-to-env-var[] --- -|int -|`10` +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-store-password[`quarkus.oidc.credentials.jwt.key-store-password`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-credentials-jwt-assertion[`quarkus.oidc."tenant".credentials.jwt.assertion`]## +`quarkus.oidc."tenant".credentials.jwt.key-store-password` [.description] -- -If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. +A parameter to specify the password of the keystore file. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CREDENTIALS_JWT_ASSERTION+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-id[`quarkus.oidc.credentials.jwt.key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-id[`quarkus.oidc."tenant".tenant-id`]## +`quarkus.oidc."tenant".credentials.jwt.key-id` [.description] -- -A unique tenant identifier. It can be set by `TenantConfigResolver` providers, which resolve the tenant configuration dynamically. +The private key id or alias. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ID+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-enabled]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-enabled[`quarkus.oidc."tenant".tenant-enabled`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-key-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-key-password[`quarkus.oidc.credentials.jwt.key-password`]## + +`quarkus.oidc."tenant".credentials.jwt.key-password` [.description] -- -If this tenant configuration is enabled. The default tenant is disabled if it is not configured but a `TenantConfigResolver` that resolves tenant configurations is registered, or named tenants are configured. In this case, you do not need to disable the default tenant. +The private key password. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_ENABLED+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_KEY_PASSWORD+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-audience[`quarkus.oidc.credentials.jwt.audience`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-application-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-application-type[`quarkus.oidc."tenant".application-type`]## +`quarkus.oidc."tenant".credentials.jwt.audience` [.description] -- -The application type, which can be one of the following `ApplicationType` values. +The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__APPLICATION_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- -a|tooltip:web-app[A `WEB_APP` is a client that serves pages, usually a front-end application. For this type of client the Authorization Code Flow is defined as the preferred method for authenticating users.], tooltip:service[A `SERVICE` is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.], tooltip:hybrid[A combined `SERVICE` and `WEB_APP` client. For this type of client, the Bearer Authorization method is used if the Authorization header is set and Authorization Code Flow - if not.] -|tooltip:service[A {@code SERVICE} is a client that has a set of protected HTTP resources, usually a backend application following the RESTful Architectural Design. For this type of client, the Bearer Authorization method is defined as the preferred method for authenticating and authorizing users.] +|string +| + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-token-key-id[`quarkus.oidc.credentials.jwt.token-key-id`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-authorization-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authorization-path[`quarkus.oidc."tenant".authorization-path`]## +`quarkus.oidc."tenant".credentials.jwt.token-key-id` [.description] -- -The relative path or absolute URL of the OpenID Connect (OIDC) authorization endpoint, which authenticates users. You must set this property for `web-app` applications if OIDC discovery is disabled. This property is ignored if OIDC discovery is enabled. +The key identifier of the signing key added as a JWT `kid` header. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHORIZATION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_TOKEN_KEY_ID+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-user-info-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-user-info-path[`quarkus.oidc."tenant".user-info-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-issuer[`quarkus.oidc.credentials.jwt.issuer`]## + +`quarkus.oidc."tenant".credentials.jwt.issuer` [.description] -- -The relative path or absolute URL of the OIDC UserInfo endpoint. You must set this property for `web-app` applications if OIDC discovery is disabled and the `authentication.user-info-required` property is enabled. This property is ignored if OIDC discovery is enabled. +The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__USER_INFO_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-path[`quarkus.oidc."tenant".introspection-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-subject]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-subject[`quarkus.oidc.credentials.jwt.subject`]## + +`quarkus.oidc."tenant".credentials.jwt.subject` [.description] -- -Relative path or absolute URL of the OIDC RFC7662 introspection endpoint which can introspect both opaque and JSON Web Token (JWT) tokens. This property must be set if OIDC discovery is disabled and 1) the opaque bearer access tokens must be verified or 2) JWT tokens must be verified while the cached JWK verification set with no matching JWK is being refreshed. This property is ignored if the discovery is enabled. +Subject of the signing key added as a JWT `sub` claim The default value is the client id. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SUBJECT+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-path[`quarkus.oidc."tenant".jwks-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-claims-claim-name[`quarkus.oidc.credentials.jwt.claims."claim-name"`]## + +`quarkus.oidc."tenant".credentials.jwt.claims."claim-name"` [.description] -- -Relative path or absolute URL of the OIDC JSON Web Key Set (JWKS) endpoint which returns a JSON Web Key Verification Set. This property should be set if OIDC discovery is disabled and the local JWT verification is required. This property is ignored if the discovery is enabled. +Additional claims. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- -|string +|Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-end-session-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-end-session-path[`quarkus.oidc."tenant".end-session-path`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-signature-algorithm[`quarkus.oidc.credentials.jwt.signature-algorithm`]## + +`quarkus.oidc."tenant".credentials.jwt.signature-algorithm` [.description] -- -Relative path or absolute URL of the OIDC end_session_endpoint. This property must be set if OIDC discovery is disabled and RP Initiated Logout support for the `web-app` applications is required. This property is ignored if the discovery is enabled. +The signature algorithm used for the `key-file` property. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__END_SESSION_PATH+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-tenant-paths]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-tenant-paths[`quarkus.oidc."tenant".tenant-paths`]## +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-lifespan[`quarkus.oidc.credentials.jwt.lifespan`]## + +`quarkus.oidc."tenant".credentials.jwt.lifespan` [.description] -- -The paths which must be secured by this tenant. Tenant with the most specific path wins. -Please see the xref:security-openid-connect-multitenancy.adoc#configure-tenant-paths[Configure tenant paths] -section of the OIDC multitenancy guide for explanation of allowed path patterns. +The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TENANT_PATHS+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- -|list of string -| +|int +|`10` + +a| [[quarkus-oidc_quarkus-oidc-credentials-jwt-assertion]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-credentials-jwt-assertion[`quarkus.oidc.credentials.jwt.assertion`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-public-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-public-key[`quarkus.oidc."tenant".public-key`]## +`quarkus.oidc."tenant".credentials.jwt.assertion` [.description] -- -The public key for the local JWT token verification. OIDC server connection is not created when this property is set. +If true then the client authentication token is a JWT bearer grant assertion. Instead of producing 'client_assertion' and 'client_assertion_type' form properties, only 'assertion' is produced. This option is only supported by the OIDC client extension. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PUBLIC_KEY+++` +Environment variable: `+++QUARKUS_OIDC_CREDENTIALS_JWT_ASSERTION+++` endif::add-copy-button-to-env-var[] -- -|string -| +|boolean +|`false` + -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-name[`quarkus.oidc."tenant".introspection-credentials.name`]## +h|[[quarkus-oidc_section_quarkus-oidc-introspection-credentials]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-introspection-credentials[Optional introspection endpoint-specific basic authentication configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-name[`quarkus.oidc.introspection-credentials.name`]## + +`quarkus.oidc."tenant".introspection-credentials.name` [.description] -- @@ -3522,16 +1235,18 @@ Name ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_NAME+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-secret[`quarkus.oidc."tenant".introspection-credentials.secret`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-secret[`quarkus.oidc.introspection-credentials.secret`]## + +`quarkus.oidc."tenant".introspection-credentials.secret` [.description] -- @@ -3539,16 +1254,18 @@ Secret ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-introspection-credentials-include-client-id[`quarkus.oidc."tenant".introspection-credentials.include-client-id`]## +a| [[quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-introspection-credentials-include-client-id[`quarkus.oidc.introspection-credentials.include-client-id`]## + +`quarkus.oidc."tenant".introspection-credentials.include-client-id` [.description] -- @@ -3556,16 +1273,23 @@ Include OpenId Connect Client ID configured with `quarkus.oidc.client-id`. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` +Environment variable: `+++QUARKUS_OIDC_INTROSPECTION_CREDENTIALS_INCLUDE_CLIENT_ID+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-path[`quarkus.oidc."tenant".roles.role-claim-path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-roles]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-roles[Configuration to find and parse custom claims which contain roles]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-path[`quarkus.oidc.roles.role-claim-path`]## + +`quarkus.oidc."tenant".roles.role-claim-path` [.description] -- @@ -3573,16 +1297,18 @@ A list of paths to claims containing an array of groups. Each path starts from t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_PATH+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_PATH+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-role-claim-separator[`quarkus.oidc."tenant".roles.role-claim-separator`]## +a| [[quarkus-oidc_quarkus-oidc-roles-role-claim-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-role-claim-separator[`quarkus.oidc.roles.role-claim-separator`]## + +`quarkus.oidc."tenant".roles.role-claim-separator` [.description] -- @@ -3590,16 +1316,18 @@ The separator for splitting strings that contain multiple group values. It is on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_ROLE_CLAIM_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_ROLE_CLAIM_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-roles-source[`quarkus.oidc."tenant".roles.source`]## +a| [[quarkus-oidc_quarkus-oidc-roles-source]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-roles-source[`quarkus.oidc.roles.source`]## + +`quarkus.oidc."tenant".roles.source` [.description] -- @@ -3607,16 +1335,23 @@ Source of the principal roles. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_ROLES_SOURCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ROLES_SOURCE+++` +Environment variable: `+++QUARKUS_OIDC_ROLES_SOURCE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:idtoken[ID Token - the default value for the `web-app` applications.], tooltip:accesstoken[Access Token - the default value for the `service` applications; can also be used as the source of roles for the `web-app` applications.], tooltip:userinfo[User Info] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issuer[`quarkus.oidc."tenant".token.issuer`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token[Configuration to customize validation of token claims]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-issuer]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issuer[`quarkus.oidc.token.issuer`]## + +`quarkus.oidc."tenant".token.issuer` [.description] -- @@ -3624,16 +1359,18 @@ The expected issuer `iss` claim value. This property overrides the `issuer` prop ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-audience[`quarkus.oidc."tenant".token.audience`]## +a| [[quarkus-oidc_quarkus-oidc-token-audience]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-audience[`quarkus.oidc.token.audience`]## + +`quarkus.oidc."tenant".token.audience` [.description] -- @@ -3641,16 +1378,18 @@ The expected audience `aud` claim value, which can be a string or an array of st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUDIENCE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUDIENCE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUDIENCE+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-subject-required[`quarkus.oidc."tenant".token.subject-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-subject-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-subject-required[`quarkus.oidc.token.subject-required`]## + +`quarkus.oidc."tenant".token.subject-required` [.description] -- @@ -3658,16 +1397,18 @@ Require that the token includes a `sub` (subject) claim which is a unique and ne ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SUBJECT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SUBJECT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-required-claims-claim-name[`quarkus.oidc."tenant".token.required-claims."claim-name"`]## +a| [[quarkus-oidc_quarkus-oidc-token-required-claims-claim-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-required-claims-claim-name[`quarkus.oidc.token.required-claims."claim-name"`]## + +`quarkus.oidc."tenant".token.required-claims."claim-name"` [.description] -- @@ -3675,16 +1416,18 @@ A map of required claims and their expected values. For example, `quarkus.oidc.t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRED_CLAIMS__CLAIM_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-token-type[`quarkus.oidc."tenant".token.token-type`]## +a| [[quarkus-oidc_quarkus-oidc-token-token-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-token-type[`quarkus.oidc.token.token-type`]## + +`quarkus.oidc."tenant".token.token-type` [.description] -- @@ -3692,16 +1435,18 @@ Expected token type ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_TOKEN_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_TOKEN_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-lifespan-grace[`quarkus.oidc."tenant".token.lifespan-grace`]## +a| [[quarkus-oidc_quarkus-oidc-token-lifespan-grace]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-lifespan-grace[`quarkus.oidc.token.lifespan-grace`]## + +`quarkus.oidc."tenant".token.lifespan-grace` [.description] -- @@ -3709,16 +1454,18 @@ Life span grace period in seconds. When checking token expiry, current time is a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_LIFESPAN_GRACE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_LIFESPAN_GRACE+++` endif::add-copy-button-to-env-var[] -- |int | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-age[`quarkus.oidc."tenant".token.age`]## +a| [[quarkus-oidc_quarkus-oidc-token-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-age[`quarkus.oidc.token.age`]## + +`quarkus.oidc."tenant".token.age` [.description] -- @@ -3726,16 +1473,18 @@ Token age. It allows for the number of seconds to be specified that must not ela ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AGE+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-issued-at-required[`quarkus.oidc."tenant".token.issued-at-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-issued-at-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-issued-at-required[`quarkus.oidc.token.issued-at-required`]## + +`quarkus.oidc."tenant".token.issued-at-required` [.description] -- @@ -3743,16 +1492,18 @@ Require that the token includes a `iat` (issued at) claim Set this property to ` ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ISSUED_AT_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ISSUED_AT_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-principal-claim[`quarkus.oidc."tenant".token.principal-claim`]## +a| [[quarkus-oidc_quarkus-oidc-token-principal-claim]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-principal-claim[`quarkus.oidc.token.principal-claim`]## + +`quarkus.oidc."tenant".token.principal-claim` [.description] -- @@ -3760,16 +1511,18 @@ Name of the claim which contains a principal name. By default, the `upn`, `prefe ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_PRINCIPAL_CLAIM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_PRINCIPAL_CLAIM+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-expired[`quarkus.oidc."tenant".token.refresh-expired`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-expired]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-expired[`quarkus.oidc.token.refresh-expired`]## + +`quarkus.oidc."tenant".token.refresh-expired` [.description] -- @@ -3777,16 +1530,18 @@ Refresh expired authorization code flow ID or access tokens. If this property is ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_EXPIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_EXPIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-refresh-token-time-skew[`quarkus.oidc."tenant".token.refresh-token-time-skew`]## +a| [[quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-refresh-token-time-skew[`quarkus.oidc.token.refresh-token-time-skew`]## + +`quarkus.oidc."tenant".token.refresh-token-time-skew` [.description] -- @@ -3794,16 +1549,18 @@ The refresh token time skew, in seconds. If this property is enabled, the config ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REFRESH_TOKEN_TIME_SKEW+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REFRESH_TOKEN_TIME_SKEW+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-forced-jwk-refresh-interval[`quarkus.oidc."tenant".token.forced-jwk-refresh-interval`]## +a| [[quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-forced-jwk-refresh-interval[`quarkus.oidc.token.forced-jwk-refresh-interval`]## + +`quarkus.oidc."tenant".token.forced-jwk-refresh-interval` [.description] -- @@ -3811,16 +1568,18 @@ The forced JWK set refresh interval in minutes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_FORCED_JWK_REFRESH_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-header[`quarkus.oidc."tenant".token.header`]## +a| [[quarkus-oidc_quarkus-oidc-token-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-header[`quarkus.oidc.token.header`]## + +`quarkus.oidc."tenant".token.header` [.description] -- @@ -3828,16 +1587,18 @@ Custom HTTP header that contains a bearer token. This option is valid only when ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-authorization-scheme[`quarkus.oidc."tenant".token.authorization-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-token-authorization-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-authorization-scheme[`quarkus.oidc.token.authorization-scheme`]## + +`quarkus.oidc."tenant".token.authorization-scheme` [.description] -- @@ -3845,16 +1606,18 @@ HTTP Authorization header scheme. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_AUTHORIZATION_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_AUTHORIZATION_SCHEME+++` endif::add-copy-button-to-env-var[] -- |string |`Bearer` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-signature-algorithm[`quarkus.oidc."tenant".token.signature-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-token-signature-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-signature-algorithm[`quarkus.oidc.token.signature-algorithm`]## + +`quarkus.oidc."tenant".token.signature-algorithm` [.description] -- @@ -3862,16 +1625,18 @@ Required signature algorithm. OIDC providers support many signature algorithms b ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_SIGNATURE_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_SIGNATURE_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- a|`rs256`, `rs384`, `rs512`, `ps256`, `ps384`, `ps512`, `es256`, `es384`, `es512`, `eddsa` | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-decryption-key-location[`quarkus.oidc."tenant".token.decryption-key-location`]## +a| [[quarkus-oidc_quarkus-oidc-token-decryption-key-location]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-decryption-key-location[`quarkus.oidc.token.decryption-key-location`]## + +`quarkus.oidc."tenant".token.decryption-key-location` [.description] -- @@ -3879,16 +1644,18 @@ Decryption key location. JWT tokens can be inner-signed and encrypted by OpenId ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_DECRYPTION_KEY_LOCATION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_DECRYPTION_KEY_LOCATION+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-jwt-introspection[`quarkus.oidc."tenant".token.allow-jwt-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-jwt-introspection[`quarkus.oidc.token.allow-jwt-introspection`]## + +`quarkus.oidc."tenant".token.allow-jwt-introspection` [.description] -- @@ -3896,16 +1663,18 @@ Allow the remote introspection of JWT tokens when no matching JWK key is availab ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_JWT_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_JWT_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-require-jwt-introspection-only[`quarkus.oidc."tenant".token.require-jwt-introspection-only`]## +a| [[quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-require-jwt-introspection-only[`quarkus.oidc.token.require-jwt-introspection-only`]## + +`quarkus.oidc."tenant".token.require-jwt-introspection-only` [.description] -- @@ -3913,16 +1682,18 @@ Require that JWT tokens are only introspected remotely. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_REQUIRE_JWT_INTROSPECTION_ONLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-allow-opaque-token-introspection[`quarkus.oidc."tenant".token.allow-opaque-token-introspection`]## +a| [[quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-allow-opaque-token-introspection[`quarkus.oidc.token.allow-opaque-token-introspection`]## + +`quarkus.oidc."tenant".token.allow-opaque-token-introspection` [.description] -- @@ -3930,16 +1701,18 @@ Allow the remote introspection of the opaque tokens. Set this property to `false ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_ALLOW_OPAQUE_TOKEN_INTROSPECTION+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-customizer-name[`quarkus.oidc."tenant".token.customizer-name`]## +a| [[quarkus-oidc_quarkus-oidc-token-customizer-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-customizer-name[`quarkus.oidc.token.customizer-name`]## + +`quarkus.oidc."tenant".token.customizer-name` [.description] -- @@ -3947,16 +1720,18 @@ Token customizer name. Allows to select a tenant specific token customizer as a ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_CUSTOMIZER_NAME+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CUSTOMIZER_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-verify-access-token-with-user-info[`quarkus.oidc."tenant".token.verify-access-token-with-user-info`]## +a| [[quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-verify-access-token-with-user-info[`quarkus.oidc.token.verify-access-token-with-user-info`]## + +`quarkus.oidc."tenant".token.verify-access-token-with-user-info` [.description] -- @@ -3964,16 +1739,23 @@ Indirectly verify that the opaque (binary) access token is valid by using it to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_VERIFY_ACCESS_TOKEN_WITH_USER_INFO+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-path[`quarkus.oidc."tenant".logout.path`]## + +h|[[quarkus-oidc_section_quarkus-oidc-logout]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-logout[RP-initiated, back-channel and front-channel logout configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-path[`quarkus.oidc.logout.path`]## + +`quarkus.oidc."tenant".logout.path` [.description] -- @@ -3981,16 +1763,18 @@ The relative path of the logout endpoint at the application. If provided, the ap ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-path[`quarkus.oidc."tenant".logout.post-logout-path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-path[`quarkus.oidc.logout.post-logout-path`]## + +`quarkus.oidc."tenant".logout.post-logout-path` [.description] -- @@ -3998,16 +1782,18 @@ Relative path of the application endpoint where the user should be redirected to ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-post-logout-uri-param[`quarkus.oidc."tenant".logout.post-logout-uri-param`]## +a| [[quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-post-logout-uri-param[`quarkus.oidc.logout.post-logout-uri-param`]## + +`quarkus.oidc."tenant".logout.post-logout-uri-param` [.description] -- @@ -4015,16 +1801,18 @@ Name of the post logout URI parameter which is added as a query parameter to the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_POST_LOGOUT_URI_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_POST_LOGOUT_URI_PARAM+++` endif::add-copy-button-to-env-var[] -- |string |`post_logout_redirect_uri` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-extra-params-query-parameter-name[`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-extra-params-query-parameter-name[`quarkus.oidc.logout.extra-params."query-parameter-name"`]## + +`quarkus.oidc."tenant".logout.extra-params."query-parameter-name"` [.description] -- @@ -4032,16 +1820,18 @@ Additional properties which is added as the query parameters to the logout redir ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_EXTRA_PARAMS__QUERY_PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-path[`quarkus.oidc."tenant".logout.backchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-path[`quarkus.oidc.logout.backchannel.path`]## + +`quarkus.oidc."tenant".logout.backchannel.path` [.description] -- @@ -4049,16 +1839,18 @@ The relative path of the Back-Channel Logout endpoint at the application. It mus ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-size[`quarkus.oidc."tenant".logout.backchannel.token-cache-size`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-size[`quarkus.oidc.logout.backchannel.token-cache-size`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-size` [.description] -- @@ -4066,16 +1858,18 @@ Maximum number of logout tokens that can be cached before they are matched again ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- |int |`10` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-token-cache-time-to-live[`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-token-cache-time-to-live[`quarkus.oidc.logout.backchannel.token-cache-time-to-live`]## + +`quarkus.oidc."tenant".logout.backchannel.token-cache-time-to-live` [.description] -- @@ -4083,16 +1877,18 @@ Number of minutes a logout token can be cached for. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_TOKEN_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`10M` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-clean-up-timer-interval[`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-clean-up-timer-interval[`quarkus.oidc.logout.backchannel.clean-up-timer-interval`]## + +`quarkus.oidc."tenant".logout.backchannel.clean-up-timer-interval` [.description] -- @@ -4100,16 +1896,18 @@ Token cache timer interval. If this property is set, a timer checks and removes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-backchannel-logout-token-key[`quarkus.oidc."tenant".logout.backchannel.logout-token-key`]## +a| [[quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-backchannel-logout-token-key[`quarkus.oidc.logout.backchannel.logout-token-key`]## + +`quarkus.oidc."tenant".logout.backchannel.logout-token-key` [.description] -- @@ -4117,16 +1915,18 @@ Logout token claim whose value is used as a key for caching the tokens. Only `su ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_BACKCHANNEL_LOGOUT_TOKEN_KEY+++` endif::add-copy-button-to-env-var[] -- |string |`sub` -a| [[quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-logout-frontchannel-path[`quarkus.oidc."tenant".logout.frontchannel.path`]## +a| [[quarkus-oidc_quarkus-oidc-logout-frontchannel-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-logout-frontchannel-path[`quarkus.oidc.logout.frontchannel.path`]## + +`quarkus.oidc."tenant".logout.frontchannel.path` [.description] -- @@ -4134,16 +1934,23 @@ The relative path of the Front-Channel Logout endpoint at the application. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__LOGOUT_FRONTCHANNEL_PATH+++` +Environment variable: `+++QUARKUS_OIDC_LOGOUT_FRONTCHANNEL_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-leaf-certificate-name[`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name`]## + +h|[[quarkus-oidc_section_quarkus-oidc-certificate-chain]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-certificate-chain[Configuration of the certificate chain which can be used to verify tokens]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-leaf-certificate-name[`quarkus.oidc.certificate-chain.leaf-certificate-name`]## + +`quarkus.oidc."tenant".certificate-chain.leaf-certificate-name` [.description] -- @@ -4151,16 +1958,18 @@ Common name of the leaf certificate. It must be set if the `trust-store-file` do ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_LEAF_CERTIFICATE_NAME+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file[`quarkus.oidc."tenant".certificate-chain.trust-store-file`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file[`quarkus.oidc.certificate-chain.trust-store-file`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file` [.description] -- @@ -4168,16 +1977,18 @@ Truststore file which keeps thumbprints of the trusted certificates. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE+++` endif::add-copy-button-to-env-var[] -- |path | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-password[`quarkus.oidc."tenant".certificate-chain.trust-store-password`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-password[`quarkus.oidc.certificate-chain.trust-store-password`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-password` [.description] -- @@ -4185,16 +1996,18 @@ A parameter to specify the password of the truststore file if it is configured w ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_PASSWORD+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-cert-alias[`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-cert-alias[`quarkus.oidc.certificate-chain.trust-store-cert-alias`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-cert-alias` [.description] -- @@ -4202,16 +2015,18 @@ A parameter to specify the alias of the truststore certificate. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_CERT_ALIAS+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-certificate-chain-trust-store-file-type[`quarkus.oidc."tenant".certificate-chain.trust-store-file-type`]## +a| [[quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-certificate-chain-trust-store-file-type[`quarkus.oidc.certificate-chain.trust-store-file-type`]## + +`quarkus.oidc."tenant".certificate-chain.trust-store-file-type` [.description] -- @@ -4219,16 +2034,23 @@ An optional parameter to specify type of the truststore file. If not given, the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` +Environment variable: `+++QUARKUS_OIDC_CERTIFICATE_CHAIN_TRUST_STORE_FILE_TYPE+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-response-mode[`quarkus.oidc."tenant".authentication.response-mode`]## + +h|[[quarkus-oidc_section_quarkus-oidc-authentication]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-authentication[Configuration for managing an authorization code flow]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-authentication-response-mode]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-response-mode[`quarkus.oidc.authentication.response-mode`]## + +`quarkus.oidc."tenant".authentication.response-mode` [.description] -- @@ -4236,16 +2058,18 @@ Authorization code flow response mode. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESPONSE_MODE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESPONSE_MODE+++` endif::add-copy-button-to-env-var[] -- a|tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`], tooltip:form-post[Authorization response parameters are encoded as HTML form values that are auto-submitted in the browser and transmitted by the HTTP POST method using the application/x-www-form-urlencoded content type] |tooltip:query[Authorization response parameters are encoded in the query string added to the `redirect_uri`] -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-redirect-path[`quarkus.oidc."tenant".authentication.redirect-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-redirect-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-redirect-path[`quarkus.oidc.authentication.redirect-path`]## + +`quarkus.oidc."tenant".authentication.redirect-path` [.description] -- @@ -4253,16 +2077,18 @@ The relative path for calculating a `redirect_uri` query parameter. It has to st ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REDIRECT_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REDIRECT_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-restore-path-after-redirect[`quarkus.oidc."tenant".authentication.restore-path-after-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-restore-path-after-redirect[`quarkus.oidc.authentication.restore-path-after-redirect`]## + +`quarkus.oidc."tenant".authentication.restore-path-after-redirect` [.description] -- @@ -4270,16 +2096,18 @@ If this property is set to `true`, the original request URI which was used befor ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_RESTORE_PATH_AFTER_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-remove-redirect-parameters[`quarkus.oidc."tenant".authentication.remove-redirect-parameters`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-remove-redirect-parameters[`quarkus.oidc.authentication.remove-redirect-parameters`]## + +`quarkus.oidc."tenant".authentication.remove-redirect-parameters` [.description] -- @@ -4287,16 +2115,18 @@ Remove the query parameters such as `code` and `state` set by the OIDC server on ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_REMOVE_REDIRECT_PARAMETERS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-error-path[`quarkus.oidc."tenant".authentication.error-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-error-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-error-path[`quarkus.oidc.authentication.error-path`]## + +`quarkus.oidc."tenant".authentication.error-path` [.description] -- @@ -4304,16 +2134,18 @@ Relative path to the public endpoint which processes the error response from the ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ERROR_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ERROR_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-expired-path[`quarkus.oidc."tenant".authentication.session-expired-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-expired-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-expired-path[`quarkus.oidc.authentication.session-expired-path`]## + +`quarkus.oidc."tenant".authentication.session-expired-path` [.description] -- @@ -4325,16 +2157,18 @@ Set this property if you would like the user whose session has expired be redire ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_EXPIRED_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_EXPIRED_PATH+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-verify-access-token[`quarkus.oidc."tenant".authentication.verify-access-token`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-verify-access-token]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-verify-access-token[`quarkus.oidc.authentication.verify-access-token`]## + +`quarkus.oidc."tenant".authentication.verify-access-token` [.description] -- @@ -4350,16 +2184,18 @@ Bearer access token is always verified. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_VERIFY_ACCESS_TOKEN+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when access token is injected as the JsonWebToken bean, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-force-redirect-https-scheme[`quarkus.oidc."tenant".authentication.force-redirect-https-scheme`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-force-redirect-https-scheme[`quarkus.oidc.authentication.force-redirect-https-scheme`]## + +`quarkus.oidc."tenant".authentication.force-redirect-https-scheme` [.description] -- @@ -4367,16 +2203,18 @@ Force `https` as the `redirect_uri` parameter scheme when running behind an SSL/ ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORCE_REDIRECT_HTTPS_SCHEME+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scopes[`quarkus.oidc."tenant".authentication.scopes`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scopes]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scopes[`quarkus.oidc.authentication.scopes`]## + +`quarkus.oidc."tenant".authentication.scopes` [.description] -- @@ -4384,16 +2222,18 @@ List of scopes ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPES+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPES+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-scope-separator[`quarkus.oidc."tenant".authentication.scope-separator`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-scope-separator]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-scope-separator[`quarkus.oidc.authentication.scope-separator`]## + +`quarkus.oidc."tenant".authentication.scope-separator` [.description] -- @@ -4401,16 +2241,18 @@ The separator which is used when more than one scope is configured. A single spa ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SCOPE_SEPARATOR+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SCOPE_SEPARATOR+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-nonce-required[`quarkus.oidc."tenant".authentication.nonce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-nonce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-nonce-required[`quarkus.oidc.authentication.nonce-required`]## + +`quarkus.oidc."tenant".authentication.nonce-required` [.description] -- @@ -4418,16 +2260,18 @@ Require that ID token includes a `nonce` claim which must match `nonce` authenti ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_NONCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_NONCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-add-openid-scope[`quarkus.oidc."tenant".authentication.add-openid-scope`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-add-openid-scope]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-add-openid-scope[`quarkus.oidc.authentication.add-openid-scope`]## + +`quarkus.oidc."tenant".authentication.add-openid-scope` [.description] -- @@ -4435,16 +2279,18 @@ Add the `openid` scope automatically to the list of scopes. This is required for ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ADD_OPENID_SCOPE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ADD_OPENID_SCOPE+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-extra-params-parameter-name[`quarkus.oidc."tenant".authentication.extra-params."parameter-name"`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-extra-params-parameter-name[`quarkus.oidc.authentication.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".authentication.extra-params."parameter-name"` [.description] -- @@ -4452,16 +2298,18 @@ Additional properties added as query parameters to the authentication redirect U ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-forward-params[`quarkus.oidc."tenant".authentication.forward-params`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-forward-params]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-forward-params[`quarkus.oidc.authentication.forward-params`]## + +`quarkus.oidc."tenant".authentication.forward-params` [.description] -- @@ -4469,16 +2317,18 @@ Request URL query parameters which, if present, are added to the authentication ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FORWARD_PARAMS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FORWARD_PARAMS+++` endif::add-copy-button-to-env-var[] -- |list of string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-force-secure[`quarkus.oidc."tenant".authentication.cookie-force-secure`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-force-secure[`quarkus.oidc.authentication.cookie-force-secure`]## + +`quarkus.oidc."tenant".authentication.cookie-force-secure` [.description] -- @@ -4486,16 +2336,18 @@ If enabled the state, session, and post logout cookies have their `secure` param ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_FORCE_SECURE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_FORCE_SECURE+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-suffix[`quarkus.oidc."tenant".authentication.cookie-suffix`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-suffix]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-suffix[`quarkus.oidc.authentication.cookie-suffix`]## + +`quarkus.oidc."tenant".authentication.cookie-suffix` [.description] -- @@ -4503,16 +2355,18 @@ Cookie name suffix. For example, a session cookie name for the default OIDC tena ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SUFFIX+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SUFFIX+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path[`quarkus.oidc."tenant".authentication.cookie-path`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path[`quarkus.oidc.authentication.cookie-path`]## + +`quarkus.oidc."tenant".authentication.cookie-path` [.description] -- @@ -4520,16 +2374,18 @@ Cookie path parameter value which, if set, is used to set a path parameter for t ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH+++` endif::add-copy-button-to-env-var[] -- |string |`/` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-path-header[`quarkus.oidc."tenant".authentication.cookie-path-header`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-path-header]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-path-header[`quarkus.oidc.authentication.cookie-path-header`]## + +`quarkus.oidc."tenant".authentication.cookie-path-header` [.description] -- @@ -4537,16 +2393,18 @@ Cookie path header parameter value which, if set, identifies the incoming HTTP h ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_PATH_HEADER+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_PATH_HEADER+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-domain[`quarkus.oidc."tenant".authentication.cookie-domain`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-domain]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-domain[`quarkus.oidc.authentication.cookie-domain`]## + +`quarkus.oidc."tenant".authentication.cookie-domain` [.description] -- @@ -4554,16 +2412,18 @@ Cookie domain parameter value which, if set, is used for the session, state and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_DOMAIN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_DOMAIN+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-cookie-same-site[`quarkus.oidc."tenant".authentication.cookie-same-site`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-cookie-same-site]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-cookie-same-site[`quarkus.oidc.authentication.cookie-same-site`]## + +`quarkus.oidc."tenant".authentication.cookie-same-site` [.description] -- @@ -4571,16 +2431,18 @@ SameSite attribute for the session cookie. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_COOKIE_SAME_SITE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_COOKIE_SAME_SITE+++` endif::add-copy-button-to-env-var[] -- a|`strict`, `lax`, `none` |`lax` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-allow-multiple-code-flows[`quarkus.oidc."tenant".authentication.allow-multiple-code-flows`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-allow-multiple-code-flows[`quarkus.oidc.authentication.allow-multiple-code-flows`]## + +`quarkus.oidc."tenant".authentication.allow-multiple-code-flows` [.description] -- @@ -4588,16 +2450,18 @@ If a state cookie is present, a `state` query parameter must also be present and ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ALLOW_MULTIPLE_CODE_FLOWS+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-fail-on-missing-state-param[`quarkus.oidc."tenant".authentication.fail-on-missing-state-param`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-fail-on-missing-state-param[`quarkus.oidc.authentication.fail-on-missing-state-param`]## + +`quarkus.oidc."tenant".authentication.fail-on-missing-state-param` [.description] -- @@ -4611,16 +2475,18 @@ However, setting this property to `false` might help if the above options are no ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_FAIL_ON_MISSING_STATE_PARAM+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-user-info-required[`quarkus.oidc."tenant".authentication.user-info-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-user-info-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-user-info-required[`quarkus.oidc.authentication.user-info-required`]## + +`quarkus.oidc."tenant".authentication.user-info-required` [.description] -- @@ -4632,16 +2498,18 @@ It is also enabled automatically if `io.quarkus.oidc.UserInfo` injection point i ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_USER_INFO_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_USER_INFO_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true when UserInfo bean is injected, false otherwise` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-session-age-extension[`quarkus.oidc."tenant".authentication.session-age-extension`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-session-age-extension]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-session-age-extension[`quarkus.oidc.authentication.session-age-extension`]## + +`quarkus.oidc."tenant".authentication.session-age-extension` [.description] -- @@ -4649,16 +2517,18 @@ Session age extension in minutes. The user session age property is set to the va ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_SESSION_AGE_EXTENSION+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_SESSION_AGE_EXTENSION+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-cookie-age[`quarkus.oidc."tenant".authentication.state-cookie-age`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-cookie-age]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-cookie-age[`quarkus.oidc.authentication.state-cookie-age`]## + +`quarkus.oidc."tenant".authentication.state-cookie-age` [.description] -- @@ -4666,16 +2536,18 @@ State cookie age in minutes. State cookie is created every time a new authorizat ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_COOKIE_AGE+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_COOKIE_AGE+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-java-script-auto-redirect[`quarkus.oidc."tenant".authentication.java-script-auto-redirect`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-java-script-auto-redirect[`quarkus.oidc.authentication.java-script-auto-redirect`]## + +`quarkus.oidc."tenant".authentication.java-script-auto-redirect` [.description] -- @@ -4685,16 +2557,18 @@ If this property is set to `false`, a status code of `499` is returned to allow ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_JAVA_SCRIPT_AUTO_REDIRECT+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-id-token-required[`quarkus.oidc."tenant".authentication.id-token-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-id-token-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-id-token-required[`quarkus.oidc.authentication.id-token-required`]## + +`quarkus.oidc."tenant".authentication.id-token-required` [.description] -- @@ -4702,16 +2576,18 @@ Requires that ID token is available when the authorization code flow completes. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_ID_TOKEN_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_ID_TOKEN_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-internal-id-token-lifespan[`quarkus.oidc."tenant".authentication.internal-id-token-lifespan`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-internal-id-token-lifespan[`quarkus.oidc.authentication.internal-id-token-lifespan`]## + +`quarkus.oidc."tenant".authentication.internal-id-token-lifespan` [.description] -- @@ -4719,16 +2595,18 @@ Internal ID token lifespan. This property is only checked when an internal IdTok ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_INTERNAL_ID_TOKEN_LIFESPAN+++` endif::add-copy-button-to-env-var[] -- |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] |`5M` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-pkce-required[`quarkus.oidc."tenant".authentication.pkce-required`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-pkce-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-pkce-required[`quarkus.oidc.authentication.pkce-required`]## + +`quarkus.oidc."tenant".authentication.pkce-required` [.description] -- @@ -4736,16 +2614,18 @@ Requires that a Proof Key for Code Exchange (PKCE) is used. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_PKCE_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_PKCE_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-authentication-state-secret[`quarkus.oidc."tenant".authentication.state-secret`]## +a| [[quarkus-oidc_quarkus-oidc-authentication-state-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-authentication-state-secret[`quarkus.oidc.authentication.state-secret`]## + +`quarkus.oidc."tenant".authentication.state-secret` [.description] -- @@ -4759,16 +2639,23 @@ Error is reported if the secret length is less than 16 characters. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__AUTHENTICATION_STATE_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_AUTHENTICATION_STATE_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-extra-params-parameter-name[`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"`]## + +h|[[quarkus-oidc_section_quarkus-oidc-code-grant]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-code-grant[Configuration to complete an authorization code flow grant]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-extra-params-parameter-name[`quarkus.oidc.code-grant.extra-params."parameter-name"`]## + +`quarkus.oidc."tenant".code-grant.extra-params."parameter-name"` [.description] -- @@ -4776,16 +2663,18 @@ Additional parameters, in addition to the required `code` and `redirect-uri` par ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_EXTRA_PARAMS__PARAMETER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-code-grant-headers-header-name[`quarkus.oidc."tenant".code-grant.headers."header-name"`]## +a| [[quarkus-oidc_quarkus-oidc-code-grant-headers-header-name]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-code-grant-headers-header-name[`quarkus.oidc.code-grant.headers."header-name"`]## + +`quarkus.oidc."tenant".code-grant.headers."header-name"` [.description] -- @@ -4793,16 +2682,23 @@ Custom HTTP headers which must be sent to complete the authorization code grant ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CODE_GRANT_HEADERS__HEADER_NAME_+++` +Environment variable: `+++QUARKUS_OIDC_CODE_GRANT_HEADERS__HEADER_NAME_+++` endif::add-copy-button-to-env-var[] -- |Map | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-strategy[`quarkus.oidc."tenant".token-state-manager.strategy`]## + +h|[[quarkus-oidc_section_quarkus-oidc-token-state-manager]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-state-manager[Default token state manager configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-strategy]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-strategy[`quarkus.oidc.token-state-manager.strategy`]## + +`quarkus.oidc."tenant".token-state-manager.strategy` [.description] -- @@ -4810,16 +2706,18 @@ Default TokenStateManager strategy. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_STRATEGY+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_STRATEGY+++` endif::add-copy-button-to-env-var[] -- a|tooltip:keep-all-tokens[Keep ID, access and refresh tokens.], tooltip:id-token[Keep ID token only], tooltip:id-refresh-tokens[Keep ID and refresh tokens only] |tooltip:keep-all-tokens[Keep ID, access and refresh tokens.] -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-split-tokens[`quarkus.oidc."tenant".token-state-manager.split-tokens`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-split-tokens[`quarkus.oidc.token-state-manager.split-tokens`]## + +`quarkus.oidc."tenant".token-state-manager.split-tokens` [.description] -- @@ -4827,16 +2725,18 @@ Default TokenStateManager keeps all tokens (ID, access and refresh) returned in ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_SPLIT_TOKENS+++` endif::add-copy-button-to-env-var[] -- |boolean |`false` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-required[`quarkus.oidc."tenant".token-state-manager.encryption-required`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-required[`quarkus.oidc.token-state-manager.encryption-required`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-required` [.description] -- @@ -4844,16 +2744,18 @@ Mandates that the Default TokenStateManager encrypt the session cookie that stor ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_REQUIRED+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-secret[`quarkus.oidc."tenant".token-state-manager.encryption-secret`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-secret[`quarkus.oidc.token-state-manager.encryption-secret`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-secret` [.description] -- @@ -4865,16 +2767,18 @@ The length of the secret used to encrypt the tokens should be at least 32 charac ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_SECRET+++` endif::add-copy-button-to-env-var[] -- |string | -a| [[quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-token-state-manager-encryption-algorithm[`quarkus.oidc."tenant".token-state-manager.encryption-algorithm`]## +a| [[quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-state-manager-encryption-algorithm[`quarkus.oidc.token-state-manager.encryption-algorithm`]## + +`quarkus.oidc."tenant".token-state-manager.encryption-algorithm` [.description] -- @@ -4882,170 +2786,171 @@ Session cookie key encryption algorithm ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_STATE_MANAGER_ENCRYPTION_ALGORITHM+++` endif::add-copy-button-to-env-var[] -- a|tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.], tooltip:dir[The configured key encryption secret will be used as the content encryption key to encrypt the session cookie content. Using the direct encryption avoids a content encryption key generation step and will make the encrypted session cookie sequence slightly shorter. Avoid using the direct encryption if the encryption secret is less than 32 characters long.] |tooltip:a256-gcmkw[Content encryption key will be generated and encrypted using the A256GCMKW algorithm and the configured encryption secret. The generated content encryption key will be used to encrypt the session cookie content.] -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-token-introspection-cache[`quarkus.oidc."tenant".allow-token-introspection-cache`]## - -[.description] --- -Allow caching the token introspection data. Note enabling this property does not enable the cache itself but only permits to cache the token introspection for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +h|[[quarkus-oidc_section_quarkus-oidc-jwks]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-jwks[How JsonWebKey verification key set should be acquired and managed]## +h|Type +h|Default -ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++[] -endif::add-copy-button-to-env-var[] -ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_TOKEN_INTROSPECTION_CACHE+++` -endif::add-copy-button-to-env-var[] --- -|boolean -|`true` +a| [[quarkus-oidc_quarkus-oidc-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-resolve-early[`quarkus.oidc.jwks.resolve-early`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-allow-user-info-cache[`quarkus.oidc."tenant".allow-user-info-cache`]## +`quarkus.oidc."tenant".jwks.resolve-early` [.description] -- -Allow caching the user info data. Note enabling this property does not enable the cache itself but only permits to cache the user info data for a given tenant. If the default token cache can be used, see `OidcConfig.TokenCache` to enable it. +If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. + +Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__ALLOW_USER_INFO_CACHE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_RESOLVE_EARLY+++` endif::add-copy-button-to-env-var[] -- |boolean |`true` -a| [[quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-cache-user-info-in-idtoken[`quarkus.oidc."tenant".cache-user-info-in-idtoken`]## +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-size[`quarkus.oidc.jwks.cache-size`]## + +`quarkus.oidc."tenant".jwks.cache-size` [.description] -- -Allow inlining UserInfo in IdToken instead of caching it in the token cache. This property is only checked when an internal IdToken is generated when OAuth2 providers do not return IdToken. Inlining UserInfo in the generated IdToken allows to store it in the session cookie and avoids introducing a cached state. - -Inlining UserInfo in the generated IdToken is enabled if the session cookie is encrypted and the UserInfo cache is not enabled or caching UserInfo is disabled for the current tenant with the `allow-user-info-cache` property set to `false`. +Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__CACHE_USER_INFO_IN_IDTOKEN+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_SIZE+++` endif::add-copy-button-to-env-var[] -- -|boolean -| +|int +|`10` + +a| [[quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-cache-time-to-live[`quarkus.oidc.jwks.cache-time-to-live`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-resolve-early[`quarkus.oidc."tenant".jwks.resolve-early`]## +`quarkus.oidc."tenant".jwks.cache-time-to-live` [.description] -- -If JWK verification keys should be fetched at the moment a connection to the OIDC provider is initialized. - -Disabling this property delays the key acquisition until the moment the current token has to be verified. Typically it can only be necessary if the token or other telated request properties provide an additional context which is required to resolve the keys correctly. +Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_RESOLVE_EARLY+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`true` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`10M` + +a| [[quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-clean-up-timer-interval[`quarkus.oidc.jwks.clean-up-timer-interval`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-size[`quarkus.oidc."tenant".jwks.cache-size`]## +`quarkus.oidc."tenant".jwks.clean-up-timer-interval` [.description] -- -Maximum number of JWK keys that can be cached. This property is ignored if the `resolve-early` property is set to true. +Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_SIZE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- -|int -|`10` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +| + +a| [[quarkus-oidc_quarkus-oidc-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-jwks-try-all[`quarkus.oidc.jwks.try-all`]## -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-cache-time-to-live[`quarkus.oidc."tenant".jwks.cache-time-to-live`]## +`quarkus.oidc."tenant".jwks.try-all` [.description] -- -Number of minutes a JWK key can be cached for. This property is ignored if the `resolve-early` property is set to true. +In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_JWKS_TRY_ALL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CACHE_TIME_TO_LIVE+++` +Environment variable: `+++QUARKUS_OIDC_JWKS_TRY_ALL+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -|`10M` +|boolean +|`false` + -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-clean-up-timer-interval[`quarkus.oidc."tenant".jwks.clean-up-timer-interval`]## +h|[[quarkus-oidc_section_quarkus-oidc-token-cache]] [.section-name.section-level0]##link:#quarkus-oidc_section_quarkus-oidc-token-cache[Default TokenIntrospection and UserInfo Cache configuration]## +h|Type +h|Default + +a| [[quarkus-oidc_quarkus-oidc-token-cache-max-size]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-max-size[`quarkus.oidc.token-cache.max-size`]## [.description] -- -Cache timer interval. If this property is set, a timer checks and removes the stale entries periodically. This property is ignored if the `resolve-early` property is set to true. +Maximum number of cache entries. Set it to a positive value if the cache has to be enabled. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_CLEAN_UP_TIMER_INTERVAL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_MAX_SIZE+++` endif::add-copy-button-to-env-var[] -- -|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] -| +|int +|`0` -a| [[quarkus-oidc_quarkus-oidc-tenant-jwks-try-all]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-jwks-try-all[`quarkus.oidc."tenant".jwks.try-all`]## +a| [[quarkus-oidc_quarkus-oidc-token-cache-time-to-live]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-time-to-live[`quarkus.oidc.token-cache.time-to-live`]## [.description] -- -In case there is no key identifier ('kid') or certificate thumbprints ('x5t', 'x5t++#++S256') specified in the JOSE header and no key could be determined, check all available keys matching the token algorithm ('alg') header value. +Maximum amount of time a given cache entry is valid for. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__JWKS_TRY_ALL+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_TIME_TO_LIVE+++` endif::add-copy-button-to-env-var[] -- -|boolean -|`false` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] +|`3M` -a| [[quarkus-oidc_quarkus-oidc-tenant-provider]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-tenant-provider[`quarkus.oidc."tenant".provider`]## +a| [[quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval]] [.property-path]##link:#quarkus-oidc_quarkus-oidc-token-cache-clean-up-timer-interval[`quarkus.oidc.token-cache.clean-up-timer-interval`]## [.description] -- -Well known OpenId Connect provider identifier +Clean up timer interval. If this property is set then a timer will check and remove the stale entries periodically. ifdef::add-copy-button-to-env-var[] -Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC__TENANT__PROVIDER+++[] +Environment variable: env_var_with_copy_button:+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++[] endif::add-copy-button-to-env-var[] ifndef::add-copy-button-to-env-var[] -Environment variable: `+++QUARKUS_OIDC__TENANT__PROVIDER+++` +Environment variable: `+++QUARKUS_OIDC_TOKEN_CACHE_CLEAN_UP_TIMER_INTERVAL+++` endif::add-copy-button-to-env-var[] -- -a|`apple`, `discord`, `facebook`, `github`, `google`, `linkedin`, `mastodon`, `microsoft`, `slack`, `spotify`, `strava`, `twitch`, `twitter`, `x` +|link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-oidc_quarkus-oidc[icon:question-circle[title=More information about the Duration format]] | diff --git a/_versions/main/guides/deploying-to-kubernetes.adoc b/_versions/main/guides/deploying-to-kubernetes.adoc index 40f358744db..8ab61ce549e 100644 --- a/_versions/main/guides/deploying-to-kubernetes.adoc +++ b/_versions/main/guides/deploying-to-kubernetes.adoc @@ -716,6 +716,27 @@ spec: ip: 10.0.0.0 ---- +=== Add nodeSelector +To add a nodeSelector in the generated `Deployment` (more information can be found in https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes[Kubernetes documentation]), just apply the following configuration: + +[source,properties] +---- +quarkus.kubernetes.node-selector.key=diskType +quarkus.kubernetes.node-selector.value=ssd +---- + +This would generate the following `nodeSelector` section in the `deployment` definition: + +[source,yaml] +---- +kind: Deployment +spec: + template: + spec: + nodeSelector: + diskType: ssd +---- + === Container Resources Management CPU & Memory limits and requests can be applied to a `Container` (more info in https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[Kubernetes documentation]) using the following configuration: