Package io.quarkus.oidc.common.runtime
Class OidcCommonConfig.Credentials.Jwt
java.lang.Object
io.quarkus.oidc.common.runtime.OidcCommonConfig.Credentials.Jwt
- Enclosing class:
- OidcCommonConfig.Credentials
Supports the client authentication `client_secret_jwt` and `private_key_jwt` methods, which involves sending a JWT
token assertion signed with a client secret or private key.
-
Field Summary
FieldsModifier and TypeFieldDescriptionThe JWT audience (`aud`) claim value.Additional claims.The issuer of the signing key added as a JWT `iss` claim.If provided, indicates that JWT is signed using a private key in PEM or JWK format.The private key id or alias.The private key password.If provided, indicates that JWT is signed using a private key from a keystore.A parameter to specify the password of the keystore file.intThe JWT lifespan in seconds.If provided, indicates that JWT is signed using a secret key.If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider.The signature algorithm used for thekeyFileproperty.Subject of the signing key added as a JWT `sub` claim The default value is the client id.The key identifier of the signing key added as a JWT `kid` header. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionintvoidsetAudience(String audience) voidvoidsetKeyFile(String keyFile) voidsetLifespan(int lifespan) voidvoidsetSecretProvider(OidcCommonConfig.Credentials.Provider secretProvider) voidsetSignatureAlgorithm(String signatureAlgorithm) voidsetTokenKeyId(String tokenKeyId)
-
Field Details
-
secret
If provided, indicates that JWT is signed using a secret key. -
secretProvider
If provided, indicates that JWT is signed using a secret key provided by Secret CredentialsProvider. -
keyFile
If provided, indicates that JWT is signed using a private key in PEM or JWK format. You can use thesignatureAlgorithmproperty to override the default key algorithm, `RS256`. -
keyStoreFile
If provided, indicates that JWT is signed using a private key from a keystore. -
keyStorePassword
A parameter to specify the password of the keystore file. -
keyId
The private key id or alias. -
keyPassword
The private key password. -
audience
The JWT audience (`aud`) claim value. By default, the audience is set to the address of the OpenId Connect Provider's token endpoint. -
tokenKeyId
The key identifier of the signing key added as a JWT `kid` header. -
issuer
The issuer of the signing key added as a JWT `iss` claim. The default value is the client id. -
subject
Subject of the signing key added as a JWT `sub` claim The default value is the client id. -
claims
Additional claims. -
signatureAlgorithm
The signature algorithm used for thekeyFileproperty. Supported values: `RS256` (default), `RS384`, `RS512`, `PS256`, `PS384`, `PS512`, `ES256`, `ES384`, `ES512`, `HS256`, `HS384`, `HS512`. -
lifespan
The JWT lifespan in seconds. This value is added to the time at which the JWT was issued to calculate the expiration time.
-
-
Constructor Details
-
Jwt
public Jwt()
-
-
Method Details
-
getSecret
-
setSecret
-
getLifespan
public int getLifespan() -
setLifespan
public void setLifespan(int lifespan) -
getTokenKeyId
-
setTokenKeyId
-
getSecretProvider
-
setSecretProvider
-
getSignatureAlgorithm
-
setSignatureAlgorithm
-
getAudience
-
setAudience
-
getKeyFile
-
setKeyFile
-
getClaims
-
setClaims
-