Configuration Reference

Security Config Properties

Table 1. Configuration Properties for UnauthorizedRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.unauthorized`	RedirectConfigurationProperties$UnauthorizedRedirectConfigurationProperties	Sets the unauthorized redirect configuration.
`micronaut.security.redirect.unauthorized.enabled`	boolean	Whether it should redirect on unauthorized rejections. Default value (true).
`micronaut.security.redirect.unauthorized.url`	java.lang.String	Where the user is redirected to after trying to access a secured route. Default value ("/").

🔗

Table 2. Configuration Properties for SecurityFilterConfigurationProperties
Property	Type	Description
`micronaut.security.filter.enabled`	boolean	Enables {@link SecurityFilter}. Default value true
`micronaut.security.filter.path`	java.lang.String	Pattern the {@link SecurityFilter} should match. Default value `/**`. URLS NOT MATCHED BY PREVIOUS PATTERN ARE NOT SECURED

🔗

Table 3. Configuration Properties for ForbiddenRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.forbidden`	RedirectConfigurationProperties$ForbiddenRedirectConfigurationProperties	Sets the forbidden redirect configuration.
`micronaut.security.redirect.forbidden.enabled`	boolean	Whether it should redirect on forbidden rejections. Default value (true).
`micronaut.security.redirect.forbidden.url`	java.lang.String	Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

🔗

Table 4. Configuration Properties for TokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.enabled`	boolean	Sets whether the configuration is enabled. Default value true.
`micronaut.security.token.roles-name`	java.lang.String	Authentication attributes map key for the user’s roles. Default value "roles".
`micronaut.security.token.name-key`	java.lang.String	Authentication attributes map key for the user’s name. Default value "sub".
`micronaut.security.token.roles-separator`	java.lang.String	If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value null.

🔗

Table 5. Configuration Properties for SecurityConfigurationProperties
Property	Type	Description
`micronaut.security.enabled`	boolean	If Security is enabled. Default value true
`micronaut.security.intercept-url-map`	java.util.List	Map that defines the interception patterns.
`micronaut.security.ip-patterns`	java.util.List	Allowed IP patterns. Default value (["0.0.0.0"])
`micronaut.security.authentication-provider-strategy`	AuthenticationStrategy	Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL.
`micronaut.security.reject-not-found`	boolean	Set to true if the server should respond with 404 for requests that do not
`micronaut.security.authentication`	AuthenticationMode	Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie. Should only be supplied if the service handles login and logout requests.

🔗

Table 6. Configuration Properties for X509ConfigurationProperties
Property	Type	Description
`micronaut.security.x509.enabled`	boolean	Enables the {@link X509AuthenticationFetcher}. Default value false.
`micronaut.security.x509.subject-dn-regex`	java.lang.String	Set the Subject DN regex. Default value "CN=(.*?)(?:,

🔗

Table 7. Configuration Properties for RedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.enabled`	boolean	Sets whether Redirection configuration enabled. Default value (true).
`micronaut.security.redirect.login-success`	java.lang.String	Where the user is redirected to after a successful login. Default value ("/").
`micronaut.security.redirect.login-failure`	java.lang.String	Where the user is redirected to after a failed login. Default value ("/").
`micronaut.security.redirect.logout`	java.lang.String	URL where the user is redirected after logout. Default value ("/").
`micronaut.security.redirect.prior-to-login`	boolean	If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false.

🔗

Table 8. Configuration Properties for BasicAuthAuthenticationConfiguration
Property	Type	Description
`micronaut.security.basic-auth.enabled`	boolean	Enables the {@link BasicAuthAuthenticationFetcher}. Default value true.

🔗

Table 9. Configuration Properties for LoginControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.login.enabled`	boolean	Enables LoginController. Default value true
`micronaut.security.endpoints.login.path`	java.lang.String	Path to the LoginController. Default value "/login"

🔗

Table 10. Configuration Properties for IntrospectionConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.introspection.enabled`	boolean	Enables IntrospectionController. Default value true
`micronaut.security.endpoints.introspection.path`	java.lang.String	Path to the IntrospectionController. Default value "/token_info"

🔗

Table 11. Configuration Properties for HttpHeaderTokenPropagatorConfigurationProperties
Property	Type	Description
`micronaut.security.token.propagation.header.header-name`	java.lang.String	Http Header to be used to propagate the token. Default value (HttpHeaders.AUTHORIZATION)
`micronaut.security.token.propagation.header.enabled`	boolean	Enable HttpHeaderTokenPropagator. Default value (true).
`micronaut.security.token.propagation.header.prefix`	java.lang.String	Value prefix for Http Header. Default value (HttpHeaderValues.AUTHORIZATION_PREFIX_BEARER).

🔗

Table 12. Configuration Properties for RefreshRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.refresh`	RefreshRedirectConfiguration	Sets the refresh redirect configuration.
`micronaut.security.redirect.refresh.enabled`	boolean	Whether it should redirect on forbidden rejections. Default value (true).
`micronaut.security.redirect.refresh.url`	java.lang.String	Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

🔗

Table 13. Configuration Properties for TokenPropagationConfigurationProperties
Property	Type	Description
`micronaut.security.token.propagation.service-id-regex`	java.lang.String	a regular expression to match the service id.
`micronaut.security.token.propagation.uri-regex`	java.lang.String	a regular expression to match the uri.
`micronaut.security.token.propagation.service-id-pattern`	java.util.regex.Pattern
`micronaut.security.token.propagation.uri-pattern`	java.util.regex.Pattern
`micronaut.security.token.propagation.enabled`	boolean	Enables TokenPropagationHttpClientFilter. Default value false
`micronaut.security.token.propagation.path`	java.lang.String	Configures TokenPropagationHttpClientFilter path. Default value "/**"

🔗

Table 14. Configuration Properties for LogoutControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.logout.enabled`	boolean	Enables LogoutController. Default value true.
`micronaut.security.endpoints.logout.path`	java.lang.String	Path to the LogoutController. Default value "/logout".
`micronaut.security.endpoints.logout.get-allowed`	boolean	Enables HTTP GET invocations of LogoutController. Default value (false).

Security Jwt Config Properties

Table 15. Configuration Properties for JwtCookieConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie.
`micronaut.security.token.jwt.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY).
`micronaut.security.token.jwt.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.token.jwt.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie.
`micronaut.security.token.jwt.cookie.cookie-same-site`	SameSite	Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: `Strict`, `Lax` or `None`.
`micronaut.security.token.jwt.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.token.jwt.cookie.enabled`	boolean	Sets whether JWT cookie configuration is enabled. Default value (true).
`micronaut.security.token.jwt.cookie.cookie-name`	java.lang.String	Cookie Name. Default value ("JWT").

🔗

Table 16. Configuration Properties for SecretSignatureConfiguration
Property	Type	Description
`micronaut.security.token.jwt.signatures.secret.*.jws-algorithm`	com.nimbusds.jose.JWSAlgorithm	{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256
`micronaut.security.token.jwt.signatures.secret.*.secret`	java.lang.String	Secret used to sign JWT. Length must be at least 256 bits.
`micronaut.security.token.jwt.signatures.secret.*.base64`	boolean	Indicates whether the supplied secret is base64 encoded.

🔗

Table 17. Configuration Properties for AccessTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.generator.access-token.expiration`	java.lang.Integer	Access token expiration. Default value (3600).

🔗

Table 18. Configuration Properties for RefreshTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.generator.refresh-token.enabled`	boolean	Sets whether SignedRefreshTokenGenerator is enabled. Default value (true).
`micronaut.security.token.jwt.generator.refresh-token.jws-algorithm`	com.nimbusds.jose.JWSAlgorithm	{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256
`micronaut.security.token.jwt.generator.refresh-token.secret`	java.lang.String	shared secret. For HS256 must be at least 256 bits.
`micronaut.security.token.jwt.generator.refresh-token.base64`	boolean	Indicates whether the supplied secret is base64 encoded. Default value false.

🔗

Table 19. Configuration Properties for JwtConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.enabled`	boolean	Sets whether JWT security is enabled. Default value (true).

🔗

Table 20. Configuration Properties for KeysControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.keys.enabled`	boolean	Enables KeysController. Default value true.
`micronaut.security.endpoints.keys.path`	java.lang.String	Path to the KeysController. Default value "/keys".

🔗

Table 21. Configuration Properties for SecretEncryptionConfiguration
Property	Type	Description
`micronaut.security.token.jwt.encryptions.secret.*.jwe-algorithm`	com.nimbusds.jose.JWEAlgorithm	{@link com.nimbusds.jose.JWEAlgorithm}.
`micronaut.security.token.jwt.encryptions.secret.*.encryption-method`	com.nimbusds.jose.EncryptionMethod	{@link com.nimbusds.jose.EncryptionMethod}.
`micronaut.security.token.jwt.encryptions.secret.*.secret`	java.lang.String	Secret used for encryption configuration.

🔗

Table 22. Configuration Properties for JwtClaimsValidatorConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.claims-validators.nonce`	boolean	Whether the nonce claim should be validated when a nonce was present. Default value true.
`micronaut.security.token.jwt.claims-validators.audience`	java.lang.String	Whether the aud claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.
`micronaut.security.token.jwt.claims-validators.issuer`	java.lang.String	Whether the iss claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.
`micronaut.security.token.jwt.claims-validators.subject-not-null`	boolean	Whether the JWT subject claim should be validated to ensure it is not null. Default value true.
`micronaut.security.token.jwt.claims-validators.not-before`	boolean	Whether it should be validated that validation time is not before the not-before claim (nbf) of a JWT token. Default value false.
`micronaut.security.token.jwt.claims-validators.expiration`	boolean	Whether the expiration date of the JWT should be validated. Default value true.
`micronaut.security.token.jwt.claims-validators.openid-idtoken`	boolean	Whether `IdTokenClaimsValidator`, which performs some fo the verifications described in OpenID Connect Spec, is enabled. Default value true. Only applies for `idtoken` authentication mode.

🔗

Table 23. Configuration Properties for BearerTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.bearer.enabled`	boolean	Set whether to enable bearer token authentication. Default value true.
`micronaut.security.token.jwt.bearer.header-name`	java.lang.String	Sets the header name to use. Default value Authorization.
`micronaut.security.token.jwt.bearer.prefix`	java.lang.String	Sets the prefix to use for the auth token. Default value Bearer.

🔗

Table 24. Configuration Properties for OauthControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.oauth.enabled`	boolean	Sets whether the OauthController is enabled. Default value (true).
`micronaut.security.endpoints.oauth.path`	java.lang.String	Sets the path to map the OauthController to. Default value ("/oauth/access_token").
`micronaut.security.endpoints.oauth.get-allowed`	boolean	Enables HTTP GET invocations of refresh token requests. Only applies to requests sending a cookie (JWT_REFRESH_TOKEN). Default value (true).

🔗

Table 25. Configuration Properties for JwksSignatureConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.signatures.jwks.*.cache-expiration`	java.lang.Integer	JWKS cache expiration. Default value 60 seconds.
`micronaut.security.token.jwt.signatures.jwks.*.url`	java.lang.String	Remote JSON Web Key set url. e.g. https://…/.well-known/jwks.json
`micronaut.security.token.jwt.signatures.jwks.*.key-type`	com.nimbusds.jose.jwk.KeyType	Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA).

Table 26. Configuration Properties for RefreshTokenCookieConfigurationProperties
Property	Type	Description
`micronaut.security.token.refresh.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie.
`micronaut.security.token.refresh.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (AbstractAccessTokenCookieConfigurationProperties.DEFAULT_HTTPONLY).
`micronaut.security.token.refresh.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.token.refresh.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie.
`micronaut.security.token.refresh.cookie.cookie-same-site`	SameSite	Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: `Strict`, `Lax` or `None`.
`micronaut.security.token.refresh.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value (OauthControllerConfigurationProperties.DEFAULT_PATH).
`micronaut.security.token.refresh.cookie.enabled`	boolean	Sets whether JWT cookie configuration is enabled. Default value (true).
`micronaut.security.token.refresh.cookie.cookie-name`	java.lang.String	Cookie Name. Default value ("JWT_REFRESH_TOKEN").

Security Ldap Config Properties

🔗

Table 27. Configuration Properties for SearchConfiguration
Property	Type	Description
`micronaut.security.ldap.*.search.subtree`	boolean	Sets if the subtree should be searched. Default true
`micronaut.security.ldap.*.search.base`	java.lang.String	Sets the base DN to search.
`micronaut.security.ldap.*.search.filter`	java.lang.String	Sets the search filter. Default "(uid={0})"
`micronaut.security.ldap.*.search.attributes`	java.lang.String[]	Sets the attributes to return. Default all
`micronaut.security.ldap.*.search`	LdapConfiguration$SearchConfiguration	Sets the search configuration.

🔗

Table 28. Configuration Properties for GroupConfiguration
Property	Type	Description
`micronaut.security.ldap.*.groups.enabled`	boolean	Sets if group search is enabled. Default false
`micronaut.security.ldap.*.groups.subtree`	boolean	Sets if the subtree should be searched. Default true
`micronaut.security.ldap.*.groups.base`	java.lang.String	Sets the base DN to search from.
`micronaut.security.ldap.*.groups.filter`	java.lang.String	Sets the group search filter. Default "uniquemember={0}"
`micronaut.security.ldap.*.groups.filter-attribute`	java.lang.String	Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.
`micronaut.security.ldap.*.groups.attribute`	java.lang.String	Sets the group attribute name. Default "cn"
`micronaut.security.ldap.*.groups`	LdapConfiguration$GroupConfiguration	Sets the group configuration.

🔗

Table 29. Configuration Properties for LdapConfiguration
Property	Type	Description
`micronaut.security.ldap.*.enabled`	boolean	Sets whether this configuration is enabled. Default true.

🔗

Table 30. Configuration Properties for ContextConfiguration
Property	Type	Description
`micronaut.security.ldap.*.context.server`	java.lang.String	Sets the server URL.
`micronaut.security.ldap.*.context.manager-dn`	java.lang.String	Sets the manager DN.
`micronaut.security.ldap.*.context.manager-password`	java.lang.String	Sets the manager password.
`micronaut.security.ldap.*.context.factory`	java.lang.String	Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory"
`micronaut.security.ldap.*.context.properties`	java.util.Map	Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}.
`micronaut.security.ldap.*.context`	LdapConfiguration$ContextConfiguration	Sets the context configuration.

Security Oauth2 Config Properties

🔗

Table 31. Configuration Properties for TokenEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.token`	OauthClientConfigurationProperties$TokenEndpointConfigurationProperties	The OAuth 2.0 token endpoint configuration.
`micronaut.security.oauth2.clients.*.token.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.token.auth-method`	AuthenticationMethod	Authentication Method

Table 32. Configuration Properties for CookieNoncePersistenceConfiguration
Property	Type	Description
`micronaut.security.oauth2.openid.nonce.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.oauth2.openid.nonce.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.oauth2.openid.nonce.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value (5 minutes).
`micronaut.security.oauth2.openid.nonce.cookie.cookie-name`	java.lang.String	Cookie Name. Default value ("OPENID_NONCE").

🔗

Table 33. Configuration Properties for OpenIdConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid`	OauthConfigurationProperties$OpenIdConfigurationProperties	The OpenID configuration.
`micronaut.security.oauth2.openid.logout-uri`	java.lang.String	The URI used to log out of an OpenID provider. Default value ("/oauth/logout").

Table 34. Configuration Properties for CookieStatePersistenceConfiguration
Property	Type	Description
`micronaut.security.oauth2.state.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.oauth2.state.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.oauth2.state.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.oauth2.state.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.oauth2.state.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value (5 minutes).
`micronaut.security.oauth2.state.cookie.cookie-name`	java.lang.String	Cookie Name. Default value ("OAUTH2_STATE").

🔗

Table 35. Configuration Properties for IntrospectionEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.introspection`	OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties	Sets the introspection endpoint configuration.
`micronaut.security.oauth2.clients.*.introspection.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.introspection.auth-method`	AuthenticationMethod	Authentication Method

🔗

Table 36. Configuration Properties for ClientCredentialsConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-credentials`	OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties	Sets the Client Credentials configuration.
`micronaut.security.oauth2.clients.*.client-credentials.service-id-regex`	java.lang.String
`micronaut.security.oauth2.clients.*.client-credentials.uri-regex`	java.lang.String
`micronaut.security.oauth2.clients.*.client-credentials.service-id-pattern`	java.util.regex.Pattern
`micronaut.security.oauth2.clients.*.client-credentials.uri-pattern`	java.util.regex.Pattern
`micronaut.security.oauth2.clients.*.client-credentials.enabled`	boolean	Enables ClientCredentialsClient. Default value true
`micronaut.security.oauth2.clients.*.client-credentials.scope`	java.lang.String	Scope to be requested in the client credentials request. Defaults to none.
`micronaut.security.oauth2.clients.*.client-credentials.advanced-expiration`	java.time.Duration	Number of seconds for a token obtained via client credentials grant to be considered expired
`micronaut.security.oauth2.clients.*.client-credentials.additional-request-params`	java.util.Map	Additional parameters included in the client-credentials flow.

🔗

Table 37. Configuration Properties for OpenIdClientConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties	The open id configuration.
`micronaut.security.oauth2.clients.*.openid.issuer`	java.net.URL	URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier.
`micronaut.security.oauth2.clients.*.openid.configuration-path`	java.lang.String	The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").
`micronaut.security.oauth2.clients.*.openid.jwks-uri`	java.lang.String	The JWKS signature URI.

🔗

Table 38. Configuration Properties for AuthorizationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.authorization`	OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties	The OAuth 2.0 authorization endpoint configuration.
`micronaut.security.oauth2.clients.*.authorization.url`	java.lang.String	The endpoint URL

🔗

Table 39. Configuration Properties for AdditionalClaimsConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.additional-claims`	OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties	The Claims Configuration
`micronaut.security.oauth2.openid.additional-claims.jwt`	boolean	Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false).
`micronaut.security.oauth2.openid.additional-claims.access-token`	boolean	Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false).
`micronaut.security.oauth2.openid.additional-claims.refresh-token`	boolean	Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false).

🔗

Table 40. Configuration Properties for EndSessionConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.end-session`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$EndSessionConfigurationProperties	Sets the end session endpoint configuration.
`micronaut.security.oauth2.clients.*.openid.end-session.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.end-session.enabled`	boolean	The end session enabled flag. Default value (true).

🔗

Table 41. Configuration Properties for OauthClientConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-id`	java.lang.String	OAuth 2.0 client id.
`micronaut.security.oauth2.clients.*.client-secret`	java.lang.String	OAuth 2.0 client secret.
`micronaut.security.oauth2.clients.*.scopes`	java.util.List	Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to `profile`, `email` and `idtoken`
`micronaut.security.oauth2.clients.*.enabled`	boolean	Sets whether the client is enabled. Default value (true).
`micronaut.security.oauth2.clients.*.grant-type`	GrantType	OAuth 2.0 grant type. Default value (authorization_code).

🔗

Table 42. Configuration Properties for RegistrationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.registration`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$RegistrationEndpointConfigurationProperties	Sets the registration endpoint configuration.
`micronaut.security.oauth2.clients.*.openid.registration.url`	java.lang.String	The endpoint URL

🔗

Table 43. Configuration Properties for ClaimsValidationConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.claims-validation`	OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties	Claims Validator Configuration
`micronaut.security.oauth2.openid.claims-validation.issuer`	boolean	Whether IssuerClaimValidator
`micronaut.security.oauth2.openid.claims-validation.audience`	boolean	Whether AudienceClaimValidator
`micronaut.security.oauth2.openid.claims-validation.authorized-party`	boolean	Whether AuthorizedPartyClaimValidator

🔗

Table 44. Configuration Properties for HeaderTokenPropagatorConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation`	OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties$HeaderTokenPropagatorConfigurationProperties	Sets the Http Header Client Credentials Token Propagator configuration.
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.prefix`	java.lang.String	Value prefix for Http Header. Default value ({@value #DEFAULT_PREFIX}).
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.header-name`	java.lang.String	Http Header to be used to propagate the token. Default value ({@value #DEFAULT_HEADER_NAME})
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.enabled`	boolean	Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true).

🔗

Table 45. Configuration Properties for DefaultStateConfiguration
Property	Type	Description
`micronaut.security.oauth2.state.persistence`	java.lang.String	Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").
`micronaut.security.oauth2.state.enabled`	boolean	Sets whether a state parameter will be sent. Default (true).

🔗

Table 46. Configuration Properties for AuthorizationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.authorization`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$AuthorizationEndpointConfigurationProperties	Sets the authorization endpoint configuration.
`micronaut.security.oauth2.clients.*.openid.authorization.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.authorization.response-type`	ResponseType	Determines the authorization processing flow to be used. Default value (code).
`micronaut.security.oauth2.clients.*.openid.authorization.response-mode`	java.lang.String	Mechanism to be used for returning authorization response parameters from the authorization endpoint.
`micronaut.security.oauth2.clients.*.openid.authorization.display`	Display	Controls how the authentication interface is displayed.
`micronaut.security.oauth2.clients.*.openid.authorization.prompt`	Prompt	Controls how the authentication server prompts the user.
`micronaut.security.oauth2.clients.*.openid.authorization.max-age`	java.lang.Integer	Maximum authentication age.
`micronaut.security.oauth2.clients.*.openid.authorization.ui-locales`	java.util.List	Preferred locales for authentication.
`micronaut.security.oauth2.clients.*.openid.authorization.acr-values`	java.util.List	Authentication class reference values.

🔗

Table 47. Configuration Properties for TokenEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.token`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$TokenEndpointConfigurationProperties	Sets the token endpoint configuration.
`micronaut.security.oauth2.clients.*.openid.token.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.token.auth-method`	AuthenticationMethod	Authentication Method
`micronaut.security.oauth2.clients.*.openid.token.content-type`	MediaType	The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).

🔗

Table 48. Configuration Properties for UserInfoEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.user-info`	OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$UserInfoEndpointConfigurationProperties	Sets the user info endpoint configuration.
`micronaut.security.oauth2.clients.*.openid.user-info.url`	java.lang.String	The endpoint URL

🔗

Table 49. Configuration Properties for RevocationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.revocation`	OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties	Sets the revocation endpoint configuration.
`micronaut.security.oauth2.clients.*.revocation.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.revocation.auth-method`	AuthenticationMethod	Authentication Method

🔗

Table 50. Configuration Properties for DefaultNonceConfiguration
Property	Type	Description
`micronaut.security.oauth2.openid.nonce.persistence`	java.lang.String	Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").
`micronaut.security.oauth2.openid.nonce.enabled`	boolean	Sets whether a nonce parameter will be sent. Default (true).

🔗

Table 51. Configuration Properties for EndSessionConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.end-session`	OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties	The end session configuration.
`micronaut.security.oauth2.openid.end-session.redirect-uri`	java.lang.String	The URI the OpenID provider should redirect to after logging out. Default value ("/logout").

🔗

Table 52. Configuration Properties for OauthConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.enabled`	boolean	Sets whether the OAuth 2.0 support is enabled. Default value (true).
`micronaut.security.oauth2.callback-uri`	java.lang.String	The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}").
`micronaut.security.oauth2.login-uri`	java.lang.String	The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}").
`micronaut.security.oauth2.default-provider`	java.lang.String	The default authentication provider for an OAuth 2.0 authorization code grant flow.

Security Session Config Properties

🔗

Table 53. Configuration Properties for SecuritySessionConfigurationProperties
Property	Type	Description
`micronaut.security.session.enabled`	boolean	Sets whether the session config is enabled. Default value (true).