OpenID Connect (OIDC) and OAuth2 dynamic client registration
Typically, you have to register an OIDC client (application) manually in your OIDC provider’s dashboard. During this process, you specify the human readable application name, allowed redirect and post logout URLs, and other properties. After the registration has been completed, you copy the generated client id and secret to your Quarkus OIDC application properties.
OpenID Connect and OAuth2 dynamic client registration allows you to register OIDC clients dynamically, and manage individual client registrations. You can read more about it in the OIDC client registration and OAuth2 Dynamic Client Registration Management Protocol specification documents.
You can use Quarkus quarkus-oidc-client-registration
extension to register one or more clients using OIDC client registration configurations and read, update and delete metadata of the registered clients.
OIDC TenantConfigResolver can be used to create OIDC tenant configurations using the metadata of the registered clients.
Currently, Quarkus |
OIDC Client Registration
添加以下依赖关系:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-oidc-client-registration</artifactId>
</dependency>
The quarkus-oidc-client-registration
extension allows register one or more clients using OIDC client registration configurations, either on start-up or on demand, and read, update and delete metadata of the registered clients.
You can register and manage client registrations from the custom OIDC TenantConfigResolver.
Alternatively, you can register clients without even using OIDC. For example, it can be a command line tool which registers clients and passes metadata of the registered clients to Quarkus services which require them.
Each OIDC client registration configuration represents an OIDC client registration endpoint which can accept many individual client registrations.
Register clients on start-up
You start with declaring one or more OIDC client registration configurations, for example:
# Default OIDC client registration which auto-discovers a standard client registration endpoint.
# It does not require an initial registration token.
quarkus.oidc-client-registration.auth-server-url=${quarkus.oidc.auth-server-url}
quarkus.oidc-client-registration.metadata.client-name=Default Client
quarkus.oidc-client-registration.metadata.redirect-uri=http://localhost:8081/protected
# Named OIDC client registration which configures a registration endpoint path:
# It require an initial registration token for a client registration to succeed.
quarkus.oidc-client-registration.tenant-client.registration-path=${quarkus.oidc.auth-server-url}/clients-registrations/openid-connect
quarkus.oidc-client-registration.tenant-client.metadata.client-name=Tenant Client
quarkus.oidc-client-registration.tenant-client.metadata.redirect-uri=http://localhost:8081/protected/tenant
quarkus.oidc-client-registration.initial-token=${initial-registration-token}
The above configuration will lead to two new client registrations created in your OIDC provider.
You or may not need to acquire an initial registration access token. If you don’t, then you will have to enable one or more client registration policies in your OIDC provider’s dashboard. For example, see Keycloak client registration policies.
The next step is to inject either quarkus.oidc.client.registration.OidcClientRegistration
if only a single default client registration is done, or quarkus.oidc.client.registration.OidcClientRegistrations
if more than one registration is configured, and use metadata of the clients registered with these configurations.
例如:
package io.quarkus.it.keycloak;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import io.quarkus.oidc.OidcRequestContext;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.client.registration.ClientMetadata;
import io.quarkus.oidc.client.registration.OidcClientRegistration;
import io.quarkus.oidc.client.registration.OidcClientRegistrationConfig;
import io.quarkus.oidc.client.registration.OidcClientRegistrations;
import io.quarkus.oidc.client.registration.RegisteredClient;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
@Singleton
public class CustomTenantConfigResolver implements TenantConfigResolver {
@Inject
OidcClientRegistration clientReg;
@Inject
OidcClientRegistrations clientRegs;
@Override
public Uni<OidcTenantConfig> resolve(RoutingContext routingContext,
OidcRequestContext<OidcTenantConfig> requestContext) {
if (routingContext.request().path().endsWith("/protected")) {
// Use the registered client created from the default OIDC client registration
return clientReg.registeredClient().onItem().transform(client -> createTenantConfig("registered-client", client));
} else if (routingContext.request().path().endsWith("/protected/tenant")) {
// Use the registered client created from the named 'tenant-client' OIDC client registration
OidcClientRegistration tenantClientReg = clientRegs.getClientRegistration("tenant-client");
return tenantClientReg.registeredClient().onItem().transform(client -> createTenantConfig("registered-client-tenant", client));
}
return null;
}
// Convert metadata of registered clients to OidcTenantConfig
private OidcTenantConfig createTenantConfig(String tenantId, RegisteredClient client) {
ClientMetadata metadata = client.getMetadata();
OidcTenantConfig oidcConfig = new OidcTenantConfig();
oidcConfig.setTenantId(tenantId);
oidcConfig.setAuthServerUrl(authServerUrl);
oidcConfig.setApplicationType(ApplicationType.WEB_APP);
oidcConfig.setClientName(metadata.getClientName());
oidcConfig.setClientId(metadata.getClientId());
oidcConfig.getCredentials().setSecret(metadata.getClientSecret());
String redirectUri = metadata.getRedirectUris().get(0);
oidcConfig.getAuthentication().setRedirectPath(URI.create(redirectUri).getPath());
return oidcConfig;
}
}
Register clients on demand
You can register new clients on demand.
You can add new clients to the existing, already configured OidcClientConfiguration
or to a newly created OidcClientConfiguration
.
Start from configuring one or more OIDC client registrations:
quarkus.oidc-client-registration.auth-server-url=${quarkus.oidc.auth-server-url}
The above configuration is sufficient for registering new clients using this configuration. For example:
package io.quarkus.it.keycloak;
import java.net.URI;
import java.util.List;
import java.util.Optional;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import io.quarkus.oidc.OidcRequestContext;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.client.registration.ClientMetadata;
import io.quarkus.oidc.client.registration.OidcClientRegistration;
import io.quarkus.oidc.client.registration.OidcClientRegistrationConfig;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
@Singleton
public class CustomTenantConfigResolver implements TenantConfigResolver {
@Inject
OidcClientRegistration clientReg;
@Inject
@ConfigProperty(name = "quarkus.oidc.auth-server-url")
String authServerUrl;
@Override
public Uni<OidcTenantConfig> resolve(RoutingContext routingContext,
OidcRequestContext<OidcTenantConfig> requestContext) {
if (routingContext.request().path().endsWith("/protected/oidc-client-reg-existing-config")) {
// New client registration done dynamically at the request time using the configured client registration
ClientMetadata metadata = createMetadata("http://localhost:8081/protected/dynamic-tenant",
"Dynamic Tenant Client");
return clientReg.registerClient(metadata).onItem().transform(r ->
createTenantConfig("registered-client-dynamically", r));
}
return null;
}
// Create metadata of registered clients to OidcTenantConfig
private OidcTenantConfig createTenantConfig(String tenantId, ClientMetadata metadata) {
OidcTenantConfig oidcConfig = new OidcTenantConfig();
oidcConfig.setTenantId(tenantId);
oidcConfig.setAuthServerUrl(authServerUrl);
oidcConfig.setApplicationType(ApplicationType.WEB_APP);
oidcConfig.setClientName(metadata.getClientName());
oidcConfig.setClientId(metadata.getClientId());
oidcConfig.getCredentials().setSecret(metadata.getClientSecret());
String redirectUri = metadata.getRedirectUris().get(0);
oidcConfig.getAuthentication().setRedirectPath(URI.create(redirectUri).getPath());
return oidcConfig;
}
protected static ClientMetadata createMetadata(String redirectUri, String clientName) {
return ClientMetadata.builder()
.setRedirectUri(redirectUri)
.setClientName(clientName)
.build();
}
}
Alternatively, you can use OidcClientRegistrations
to prepare a new OidcClientRegistration
and use OidcClientRegistration
to register a client. For example:
package io.quarkus.it.keycloak;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import io.quarkus.oidc.OidcRequestContext;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.OidcTenantConfig.ApplicationType;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.client.registration.ClientMetadata;
import io.quarkus.oidc.client.registration.OidcClientRegistration;
import io.quarkus.oidc.client.registration.OidcClientRegistrations;
import io.quarkus.oidc.client.registration.OidcClientRegistrationConfig;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
@Singleton
public class CustomTenantConfigResolver implements TenantConfigResolver {
@Inject
OidcClientRegistrations clientRegs;
@Inject
@ConfigProperty(name = "quarkus.oidc.auth-server-url")
String authServerUrl;
@Override
public Uni<OidcTenantConfig> resolve(RoutingContext routingContext,
OidcRequestContext<OidcTenantConfig> requestContext) {
if (routingContext.request().path().endsWith("/protected/new-oidc-client-reg")) {
// New client registration done dynamically at the request time
OidcClientRegistrationConfig clientRegConfig = new OidcClientRegistrationConfig();
clientRegConfig.auth-server-url = Optional.of(authServerUrl);
clientRegConfig.metadata.redirectUri = Optional.of("http://localhost:8081/protected/new-oidc-client-reg");
clientRegConfig.metadata.clientName = Optional.of("Dynamic Client");
return clientRegs.newClientRegistration(clientRegConfig)
.onItem().transform(reg ->
createTenantConfig("registered-client-dynamically", reg.registeredClient());
}
return null;
}
// Create metadata of registered clients to OidcTenantConfig
private OidcTenantConfig createTenantConfig(String tenantId, ClientMetadata metadata) {
OidcTenantConfig oidcConfig = new OidcTenantConfig();
oidcConfig.setTenantId(tenantId);
oidcConfig.setAuthServerUrl(authServerUrl);
oidcConfig.setApplicationType(ApplicationType.WEB_APP);
oidcConfig.setClientName(metadata.getClientName());
oidcConfig.setClientId(metadata.getClientId());
oidcConfig.getCredentials().setSecret(metadata.getClientSecret());
String redirectUri = metadata.getRedirectUris().get(0);
oidcConfig.getAuthentication().setRedirectPath(URI.create(redirectUri).getPath());
return oidcConfig;
}
protected static ClientMetadata createMetadata(String redirectUri, String clientName) {
return ClientMetadata.builder()
.setRedirectUri(redirectUri)
.setClientName(clientName)
.build();
}
}
Managing registered clients
io.quarkus.oidc.client.registration.RegisteredClient
represents a registered client and can be used to read and update its metadata.
It can also be used to delete this client.
例如:
package io.quarkus.it.keycloak;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import io.quarkus.oidc.OidcRequestContext;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.client.registration.OidcClientRegistration;
import io.quarkus.oidc.client.registration.RegisteredClient;
import io.quarkus.runtime.StartupEvent;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
@Singleton
public class CustomTenantConfigResolver implements TenantConfigResolver {
@Inject
OidcClientRegistration clientReg;
RegisteredClient registeredClient;
void onStartup(@Observes StartupEvent event) {
// Default OIDC client registration, client has already been registered at startup, `await()` will return immediately.
registeredClient = clientReg.registeredClient().await().indefinitely();
// Read the latest client metadata
registeredClient = registeredClient.read().await().indefinitely();
}
@Override
public Uni<OidcTenantConfig> resolve(RoutingContext routingContext,
OidcRequestContext<OidcTenantConfig> requestContext) {
if (routingContext.request().path().endsWith("/protected")) {
// Use the registered client created from the default OIDC client registration
return createTenantConfig("registered-client", registeredClient));
}
return null;
}
// Convert metadata of registered clients to OidcTenantConfig
private OidcTenantConfig createTenantConfig(String tenantId, RegisteredClient client) {
ClientMetadata metadata = client.getMetadata();
OidcTenantConfig oidcConfig = new OidcTenantConfig();
oidcConfig.setTenantId(tenantId);
oidcConfig.setAuthServerUrl(authServerUrl);
oidcConfig.setApplicationType(ApplicationType.WEB_APP);
oidcConfig.setClientName(metadata.getClientName());
oidcConfig.setClientId(metadata.getClientId());
oidcConfig.getCredentials().setSecret(metadata.getClientSecret());
String redirectUri = metadata.getRedirectUris().get(0);
oidcConfig.getAuthentication().setRedirectPath(URI.create(redirectUri).getPath());
return oidcConfig;
}
}
Avoiding duplicate registrations
When you register clients in startup, as described in the Register clients on start-up section, you will most likely want to avoid creating duplicate registrations after a restart.
In this case, you should configure OIDC client registration to perform the registration at the request time, as opposed to at the startup time:
quarkus.oidc-client-registration.register-early=false
The next thing you should do is to persist the already registered client’s registration URI and registration token at the shutdown time, you can get them from the io.quarkus.oidc.client.registration.RegisteredClient
instance.
Finally, at the startup time, you should restore the already registered client instead of registering it again.
例如:
package io.quarkus.it.keycloak;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import io.quarkus.oidc.OidcRequestContext;
import io.quarkus.oidc.OidcTenantConfig;
import io.quarkus.oidc.TenantConfigResolver;
import io.quarkus.oidc.client.registration.OidcClientRegistration;
import io.quarkus.oidc.client.registration.RegisteredClient;
import io.quarkus.runtime.ShutdownEvent;
import io.quarkus.runtime.StartupEvent;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
@Singleton
public class CustomTenantConfigResolver implements TenantConfigResolver {
@Inject
OidcClientRegistration clientReg;
RegisteredClient registeredClient;
void onStartup(@Observes StartupEvent event) {
String registrationUri = readRegistrationUriFromDatabase("Registered Client");
String registrationToken = readRegistrationTokenFromDatabase("Registered Client");
if (registrationUri != null && registrationToken != null) {
// Read an already registered client
registeredClient = clientReg.readClient(registrationUri, registrationToken).await().indefinitely();
} else {
// Register a new client
registeredClient = clientReg.registeredClient().await().indefinitely();
}
}
void onShutdown(@Observes ShutdownEvent event) {
saveRegistrationUriToDatabase("Registered Client", registeredClient.registrationUri());
saveRegistrationTokenToDatabase("Registered Client", registeredClient.registrationToken());
}
String readRegistrationUriFromDatabase(String clientName) {
// implementation is not shown for brevity
}
String readRegistrationTokenFromDatabase(String clientName) {
// implementation is not shown for brevity
}
void saveRegistrationUriToDatabase(String clientName, String registrationUri) {
// implementation is not shown for brevity
}
void saveRegistrationTokenToDatabase(String clientName, String registrationToken) {
// implementation is not shown for brevity
}
@Override
public Uni<OidcTenantConfig> resolve(RoutingContext routingContext,
OidcRequestContext<OidcTenantConfig> requestContext) {
if (routingContext.request().path().endsWith("/protected")) {
// Use the registered client created from the default OIDC client registration
return createTenantConfig("registered-client", registeredClient));
}
return null;
}
// Convert metadata of registered clients to OidcTenantConfig
private OidcTenantConfig createTenantConfig(String tenantId, RegisteredClient client) {
ClientMetadata metadata = client.getMetadata();
OidcTenantConfig oidcConfig = new OidcTenantConfig();
oidcConfig.setTenantId(tenantId);
oidcConfig.setAuthServerUrl(authServerUrl);
oidcConfig.setApplicationType(ApplicationType.WEB_APP);
oidcConfig.setClientName(metadata.getClientName());
oidcConfig.setClientId(metadata.getClientId());
oidcConfig.getCredentials().setSecret(metadata.getClientSecret());
String redirectUri = metadata.getRedirectUris().get(0);
oidcConfig.getAuthentication().setRedirectPath(URI.create(redirectUri).getPath());
return oidcConfig;
}
}
If you register clients dynamically, on demand, as described in the Register clients on demand section, the problem of the duplicate client registration should not arise. You can persist the already registered client’s registration URI and registration token if necessary though and check them too to avoid any duplicate reservation risk.
OIDC request filters
You can filter OIDC client registration and registered client requests registering one or more OidcRequestFilter
implementations, which can update or add new request headers. For example, a filter can analyze the request body and add its digest as a new header value:
You can have a single filter intercepting all the OIDC registration and registered client requests, or use an @OidcEndpoint
annotation to apply this filter to either OIDC registration or registered client endpoint responses only. For example:
package io.quarkus.it.keycloak;
import org.jboss.logging.Logger;
import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcEndpoint.Type;
import io.quarkus.oidc.common.OidcRequestFilter;
import io.vertx.core.json.JsonObject;
import jakarta.enterprise.context.ApplicationScoped;
@ApplicationScoped
@Unremovable
@OidcEndpoint(value = Type.CLIENT_REGISTRATION) (1)
public class ClientRegistrationRequestFilter implements OidcRequestFilter {
private static final Logger LOG = Logger.getLogger(ClientRegistrationRequestFilter.class);
@Override
public void filter(OidcRequestContext rc) {
JsonObject body = rc.requestBody().toJsonObject();
if ("Default Client".equals(body.getString("client_name"))) { (2)
LOG.debug("'Default Client' registration request");
}
}
}
1 | Restrict this filter to requests targeting the OIDC client registration endpoint only. |
2 | Check the 'client_name' property in the request metadata JSON. |
OidcRequestContextProperties
can be used to access request properties.
Currently, you can use a client_id
key to access the client tenant id and a grant_type
key to access the grant type which the OIDC client uses to acquire tokens.
OIDC response filters
You can filter responses to OIDC client registration and registered client requests by registering one or more OidcResponseFilter
implementations, which can check the response status, headers and body in order to log them or perform other actions.
You can have a single filter intercepting responses to all the OIDC registration and registered client requests, or use an @OidcEndpoint
annotation to apply this filter to responses from either OIDC registration or registered client endpoint only. For example:
package io.quarkus.it.keycloak;
import jakarta.enterprise.context.ApplicationScoped;
import org.jboss.logging.Logger;
import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcEndpoint.Type;
import io.quarkus.oidc.common.OidcResponseFilter;
import io.vertx.core.json.JsonObject;
@ApplicationScoped
@Unremovable
@OidcEndpoint(value = Type.CLIENT_REGISTRATION) (1)
public class ClientRegistrationResponseFilter implements OidcResponseFilter {
private static final Logger LOG = Logger.getLogger(ClientRegistrationResponseFilter.class);
@Override
public void filter(OidcResponseContext rc) {
String contentType = rc.responseHeaders().get("Content-Type"); (2)
JsonObject body = rc.responseBody().toJsonObject();
if (contentType.startsWith("application/json")
&& "Default Client".equals(body.getString("client_name"))) { (3)
LOG.debug("'Default Client' has been registered");
}
}
}
1 | Restrict this filter to requests targeting the OIDC client registration endpoint only. |
2 | Check the response Content-Type header. |
3 | Check the 'client_name' property in the response metadata JSON. |
or
package io.quarkus.it.keycloak;
import jakarta.enterprise.context.ApplicationScoped;
import org.jboss.logging.Logger;
import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.common.OidcEndpoint;
import io.quarkus.oidc.common.OidcEndpoint.Type;
import io.quarkus.oidc.common.OidcResponseFilter;
@ApplicationScoped
@Unremovable
@OidcEndpoint(value = Type.REGISTERED_CLIENT) (1)
public class RegisteredClientResponseFilter implements OidcResponseFilter {
private static final Logger LOG = Logger.getLogger(RegisteredClientResponseFilter.class);
@Override
public void filter(OidcResponseContext rc) {
String contentType = rc.responseHeaders().get("Content-Type"); (2)
if (contentType.startsWith("application/json")
&& "Default Client Updated".equals(rc.responseBody().toJsonObject().getString("client_name"))) { (3)
LOG.debug("Registered 'Default Client' has had its name updated to 'Default Client Updated'");
}
}
}
1 | Restrict this filter to requests targeting the registered OIDC client endpoint only. |
2 | Check the response Content-Type header. |
3 | Confirm the client name property was updated. |
Configuration reference
Configuration property fixed at build time - All other configuration properties are overridable at runtime
Configuration property |
类型 |
默认值 |
---|---|---|
If the OIDC client registration extension is enabled. Environment variable: Show more |
boolean |
|
The base URL of the OpenID Connect (OIDC) server, for example, Environment variable: Show more |
string |
|
Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. Environment variable: Show more |
boolean |
|
The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if Environment variable: Show more |
string |
|
The duration to attempt the initial connection to an OIDC server. For example, setting the duration to Environment variable: Show more |
||
The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from Environment variable: Show more |
int |
|
The number of seconds after which the current OIDC connection request times out. Environment variable: Show more |
|
|
Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. Environment variable: Show more |
boolean |
|
The maximum size of the connection pool used by the WebClient. Environment variable: Show more |
int |
|
Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. Environment variable: Show more |
boolean |
|
OIDC Client Registration id Environment variable: Show more |
string |
|
If this client registration configuration is enabled. Environment variable: Show more |
boolean |
|
If the client configured with Environment variable: Show more |
boolean |
|
Initial access token Environment variable: Show more |
string |
|
Client name Environment variable: Show more |
string |
|
Redirect URI Environment variable: Show more |
string |
|
Post Logout URI Environment variable: Show more |
string |
|
Additional metadata properties Environment variable: Show more |
Map<String,String> |
|
类型 |
默认值 |
|
The host name or IP address of the Proxy. Environment variable: Show more |
string |
|
The port number of the Proxy. The default value is Environment variable: Show more |
int |
|
The username, if the Proxy needs authentication. Environment variable: Show more |
string |
|
The password, if the Proxy needs authentication. Environment variable: Show more |
string |
|
类型 |
默认值 |
|
The name of the TLS configuration to use. If a name is configured, it uses the configuration from The default TLS configuration is not used by default. Environment variable: Show more |
string |
|
类型 |
默认值 |
|
The base URL of the OpenID Connect (OIDC) server, for example, Environment variable: Show more |
string |
|
Discovery of the OIDC endpoints. If not enabled, you must configure the OIDC endpoint URLs individually. Environment variable: Show more |
boolean |
|
The relative path or absolute URL of the OIDC dynamic client registration endpoint. Set if Environment variable: Show more |
string |
|
The duration to attempt the initial connection to an OIDC server. For example, setting the duration to Environment variable: Show more |
||
The number of times to retry re-establishing an existing OIDC connection if it is temporarily lost. Different from Environment variable: Show more |
int |
|
The number of seconds after which the current OIDC connection request times out. Environment variable: Show more |
|
|
Whether DNS lookup should be performed on the worker thread. Use this option when you can see logged warnings about blocked Vert.x event loop by HTTP requests to OIDC server. Environment variable: Show more |
boolean |
|
The maximum size of the connection pool used by the WebClient. Environment variable: Show more |
int |
|
Follow redirects automatically when WebClient gets HTTP 302. When this property is disabled only a single redirect to exactly the same original URI is allowed but only if one or more cookies were set during the redirect request. Environment variable: Show more |
boolean |
|
类型 |
默认值 |
|
The host name or IP address of the Proxy. Environment variable: Show more |
string |
|
The port number of the Proxy. The default value is Environment variable: Show more |
int |
|
The username, if the Proxy needs authentication. Environment variable: Show more |
string |
|
The password, if the Proxy needs authentication. Environment variable: Show more |
string |
|
类型 |
默认值 |
|
The name of the TLS configuration to use. If a name is configured, it uses the configuration from The default TLS configuration is not used by default. Environment variable: Show more |
string |
|
OIDC Client Registration id Environment variable: Show more |
string |
|
If this client registration configuration is enabled. Environment variable: Show more |
boolean |
|
If the client configured with Environment variable: Show more |
boolean |
|
Initial access token Environment variable: Show more |
string |
|
Client name Environment variable: Show more |
string |
|
Redirect URI Environment variable: Show more |
string |
|
Post Logout URI Environment variable: Show more |
string |
|
Additional metadata properties Environment variable: Show more |
Map<String,String> |
About the Duration format
To write duration values, use the standard You can also use a simplified format, starting with a number:
In other cases, the simplified format is translated to the
|