tessl/maven-io-quarkus--quarkus-oidc-client
Get and refresh access tokens from OpenID Connect providers
—
Pending
configuration.mddocs/
Configuration
Configuration system for OIDC clients supporting both builder pattern for programmatic setup and properties-based configuration. Supports multiple OIDC providers, various grant types, and extensive customization options.
Capabilities
OidcClientConfig Interface
Modern configuration interface for OIDC clients extending the common OIDC configuration base. Provides comprehensive configuration options for authentication, token management, and client behavior.
/**
* Configuration interface for OIDC clients
*/
public interface OidcClientConfig extends OidcClientCommonConfig {
/**
* Client identifier for named clients
* @return Optional client identifier
*/
Optional<String> id();
/**
* Enable or disable the client
* @return boolean indicating if client is enabled
*/
boolean clientEnabled();
/**
* Access token scopes to request
* @return Optional list of scope strings
*/
Optional<List<String>> scopes();
/**
* Access token audiences to request
* @return Optional list of audience strings
*/
Optional<List<String>> audience();
/**
* Refresh token time skew for early refresh
* @return Optional duration for refresh time skew
*/
Optional<Duration> refreshTokenTimeSkew();
/**
* Access token expiration period override
* @return Optional duration for access token expiration
*/
Optional<Duration> accessTokenExpiresIn();
/**
* Access token expiry time skew
* @return Optional duration for expiry skew
*/
Optional<Duration> accessTokenExpirySkew();
/**
* Whether expiration times are absolute or relative
* @return boolean for absolute expiration
*/
boolean absoluteExpiresIn();
/**
* Grant configuration for this client
* @return Grant configuration
*/
Grant grant();
/**
* Additional grant options
* @return map of grant options
*/
Map<String, Map<String, String>> grantOptions();
/**
* Enable early token acquisition
* @return boolean for early acquisition
*/
boolean earlyTokensAcquisition();
/**
* Custom HTTP headers for requests
* @return map of custom headers
*/
Map<String, String> headers();
/**
* Token refresh interval
* @return Optional duration for refresh interval
*/
Optional<Duration> refreshInterval();
/**
* Create a builder with default configuration
* @return New OidcClientConfigBuilder instance
*/
static OidcClientConfigBuilder builder();
/**
* Create a builder from existing configuration
* @param config Existing configuration to copy
* @return New OidcClientConfigBuilder instance
*/
static OidcClientConfigBuilder builder(OidcClientConfig config);
/**
* Create a builder with auth server URL
* @param authServerUrl The authorization server URL
* @return New OidcClientConfigBuilder instance
*/
static OidcClientConfigBuilder authServerUrl(String authServerUrl);
/**
* Create a builder with registration path
* @param registrationPath The registration path
* @return New OidcClientConfigBuilder instance
*/
static OidcClientConfigBuilder registrationPath(String registrationPath);
/**
* Create a builder with token path
* @param tokenPath The token endpoint path
* @return New OidcClientConfigBuilder instance
*/
static OidcClientConfigBuilder tokenPath(String tokenPath);
}Grant Configuration
Configuration interface for specifying grant types and token property mappings.
/**
* Grant type configuration interface
*/
public interface Grant {
/**
* The grant type to use
* @return Grant type enum value
*/
Type type();
/**
* Property name for access token in response
* @return access token property name
*/
String accessTokenProperty();
/**
* Property name for refresh token in response
* @return refresh token property name
*/
String refreshTokenProperty();
/**
* Property name for expires_in value in response
* @return expires in property name
*/
String expiresInProperty();
/**
* Property name for refresh token expires_in value in response
* @return refresh expires in property name
*/
String refreshExpiresInProperty();
/**
* Grant types supported by the OIDC client
*/
enum Type {
CLIENT, // client_credentials
PASSWORD, // password
CODE, // authorization_code
EXCHANGE, // urn:ietf:params:oauth:grant-type:token-exchange
JWT, // urn:ietf:params:oauth:grant-type:jwt-bearer
REFRESH, // refresh_token
CIBA, // urn:openid:params:grant-type:ciba
DEVICE // urn:ietf:params:oauth:grant-type:device_code
}
}OidcClientConfigBuilder
Builder class for programmatic configuration of OIDC clients. Provides fluent API for setting up client configuration.
/**
* Builder for creating OidcClientConfig instances
*/
public class OidcClientConfigBuilder {
/**
* Create builder with no initial configuration
*/
public OidcClientConfigBuilder();
/**
* Create builder from existing configuration
* @param config Existing configuration to copy
*/
public OidcClientConfigBuilder(OidcClientConfig config);
/**
* Set client identifier
* @param id Client identifier
* @return This builder instance
*/
public OidcClientConfigBuilder id(String id);
/**
* Enable or disable the client
* @param enabled Whether client is enabled
* @return This builder instance
*/
public OidcClientConfigBuilder clientEnabled(boolean enabled);
/**
* Set access token scopes
* @param scopes List of scope strings
* @return This builder instance
*/
public OidcClientConfigBuilder scopes(List<String> scopes);
/**
* Set access token audiences
* @param audience List of audience strings
* @return This builder instance
*/
public OidcClientConfigBuilder audience(List<String> audience);
/**
* Set custom HTTP headers
* @param headers Map of header name to value
* @return This builder instance
*/
public OidcClientConfigBuilder headers(Map<String, String> headers);
/**
* Configure grant settings
* @return GrantBuilder for configuring grant options
*/
public GrantBuilder grant();
/**
* Build the final configuration
* @return Configured OidcClientConfig instance
*/
public OidcClientConfig build();
/**
* Nested builder for grant configuration
*/
public static class GrantBuilder {
/**
* Set the grant type
* @param type Grant type to use
* @return This grant builder instance
*/
public GrantBuilder type(Grant.Type type);
/**
* Return to parent builder
* @return Parent OidcClientConfigBuilder instance
*/
public OidcClientConfigBuilder and();
}
}Usage Examples:
import io.quarkus.oidc.client.runtime.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientConfigBuilder;
// Basic client credentials configuration
OidcClientConfig config = OidcClientConfig.builder()
.authServerUrl("https://auth.example.com")
.clientId("my-client")
.clientSecret("my-secret")
.grant().type(Grant.Type.CLIENT).and()
.scopes(List.of("read", "write"))
.build();
// Password grant configuration
OidcClientConfig passwordConfig = OidcClientConfig.builder()
.authServerUrl("https://auth.example.com")
.clientId("password-client")
.clientSecret("password-secret")
.grant().type(Grant.Type.PASSWORD).and()
.build();
// JWT bearer grant configuration
OidcClientConfig jwtConfig = OidcClientConfig.builder()
.authServerUrl("https://auth.example.com")
.clientId("jwt-client")
.grant().type(Grant.Type.JWT).and()
.audience(List.of("https://api.example.com"))
.build();
// Configuration with custom headers and timeouts
OidcClientConfig customConfig = OidcClientConfig.builder()
.authServerUrl("https://auth.example.com")
.clientId("custom-client")
.clientSecret("custom-secret")
.headers(Map.of(
"User-Agent", "MyApp/1.0",
"X-Custom-Header", "custom-value"
))
.refreshTokenTimeSkew(Duration.ofMinutes(5))
.accessTokenExpirySkew(Duration.ofSeconds(30))
.build();Legacy OidcClientConfig (Deprecated)
The original configuration class, now deprecated in favor of the runtime configuration interface.
/**
* Legacy configuration class (deprecated since 3.18)
* @deprecated Use io.quarkus.oidc.client.runtime.OidcClientConfig with OidcClientConfigBuilder
*/
@Deprecated
public class OidcClientConfig implements io.quarkus.oidc.client.runtime.OidcClientConfig {
// Implementation details...
}Migration Example:
// Old approach (deprecated)
import io.quarkus.oidc.client.OidcClientConfig;
// New approach (recommended)
import io.quarkus.oidc.client.runtime.OidcClientConfig;
import io.quarkus.oidc.client.OidcClientConfigBuilder;
// Create configuration using new builder pattern
OidcClientConfig newConfig = OidcClientConfig.builder()
.authServerUrl("https://auth.example.com")
.clientId("my-client")
.clientSecret("my-secret")
.build();Properties-Based Configuration
In addition to programmatic configuration, clients can be configured using application.properties:
# Default client configuration
quarkus.oidc-client.auth-server-url=https://auth.example.com
quarkus.oidc-client.client-id=default-client
quarkus.oidc-client.credentials.secret=default-secret
quarkus.oidc-client.grant.type=client
# Named client configuration
quarkus.oidc-client.provider-1.auth-server-url=https://provider1.example.com
quarkus.oidc-client.provider-1.client-id=provider1-client
quarkus.oidc-client.provider-1.credentials.secret=provider1-secret
quarkus.oidc-client.provider-1.grant.type=password
# Client with custom scopes and headers
quarkus.oidc-client.api-client.auth-server-url=https://api.example.com
quarkus.oidc-client.api-client.client-id=api-client
quarkus.oidc-client.api-client.credentials.secret=api-secret
quarkus.oidc-client.api-client.scopes=read,write,admin
quarkus.oidc-client.api-client.headers.User-Agent=MyApp/1.0Install with Tessl CLI
npx tessl i tessl/maven-io-quarkus--quarkus-oidc-client