Module jakarta.security
Package jakarta.security.enterprise.authentication.mechanism.http.openid

Annotation Type OpenIdProviderMetadata

@Retention(RUNTIME) public @interface OpenIdProviderMetadata
OpenIdProviderMetadata annotation overrides the openid connect provider's endpoint value, discovered using providerUri.

Expressions in attributes of type String are evaluated.

Author:
Gaurav Gupta, Rudy De Busscher

  • Element Details

    • authorizationEndpoint

      String authorizationEndpoint
      Required. The URL for the OAuth2 provider to provide authentication. This must be a https endpoint.
      Returns:
      URL for the OAuth2 provider.
      Default:
      ""

    • tokenEndpoint

      String tokenEndpoint
      Required. The URL for the OAuth2 provider to give the authorization token
      Returns:
      URL for the OAuth2 provider.
      Default:
      ""

    • userinfoEndpoint

      String userinfoEndpoint
      Required. An OAuth 2.0 Protected Resource that returns Claims about the authenticated End-User.
      Returns:
      URL for User Info.
      Default:
      ""

    • endSessionEndpoint

      String endSessionEndpoint
      Optional. OP endpoint to notify that the End-User has logged out of the site and might want to log out of the OP as well.
      Returns:
      URL for logging out of server session.
      Default:
      ""

    • jwksURI

      String jwksURI
      Required. An OpenId Connect Provider's JSON Web Key Set document

      This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set may also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server.

      Returns:
      URL pointing to the JWK Set.
      Default:
      ""

    • issuer

      String issuer
      Required. The issuer of the tokens issued by the Provider.
      Returns:
      Default:
      ""

    • subjectTypeSupported

      String subjectTypeSupported
      Required. The supported subject Types by the Provider.
      Returns:
      Default:
      "public"

    • idTokenSigningAlgorithmsSupported

      String idTokenSigningAlgorithmsSupported
      Required. The supported Signing algorithms for the ID token by provider.
      Returns:
      Default:
      "RS256"

    • responseTypeSupported

      String responseTypeSupported
      Required. The supported response types by the Provider.
      Returns:
      Default:
      "code,id_token,token id_token"