Configuration Reference

Micronaut Security Config Properties

Table 1. Configuration Properties for SecurityFilterConfigurationProperties
Property	Type	Description
`micronaut.security.filter.enabled`	boolean
`micronaut.security.filter.path`	java.lang.String	Pattern the {@link SecurityFilter} should match. Default value `/**`. URLS NOT MATCHED BY PREVIOUS PATTERN ARE NOT SECURED

🔗

Table 2. Configuration Properties for OauthControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.oauth.post-content-types`	java.util.Set	Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded
`micronaut.security.endpoints.oauth.enabled`	boolean	Whether the controller is enabled.
`micronaut.security.endpoints.oauth.path`	java.lang.String	Sets the path to map the {@link OauthController} to. Default value ("/oauth/access_token").
`micronaut.security.endpoints.oauth.get-allowed`	boolean

🔗

Table 3. Configuration Properties for LogoutControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.logout.post-content-types`	java.util.Set	Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded
`micronaut.security.endpoints.logout.enabled`	boolean	Whether the controller is enabled.
`micronaut.security.endpoints.logout.path`	java.lang.String	Path to the LogoutController. Default value "/logout".
`micronaut.security.endpoints.logout.get-allowed`	boolean

🔗

Table 4. Configuration Properties for RedirectConfigurationProperties$UnauthorizedRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.unauthorized.url`	java.lang.String	Where the user is redirected to after trying to access a secured route. Default value ("/").
`micronaut.security.redirect.unauthorized.enabled`	boolean	Whether it should redirect on unauthorized rejections. Default value (true).

🔗

Table 5. Configuration Properties for RedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.login-success`	java.lang.String	Where the user is redirected to after a successful login. Default value ("/").
`micronaut.security.redirect.login-failure`	java.lang.String	Where the user is redirected to after a failed login. Default value ("/").
`micronaut.security.redirect.logout`	java.lang.String	URL where the user is redirected after logout. Default value ("/").
`micronaut.security.redirect.prior-to-login`	boolean	If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false.
`micronaut.security.redirect.enabled`	boolean	Sets whether Redirection configuration enabled. Default value (true).

🔗

Table 6. Configuration Properties for HttpHeaderTokenPropagatorConfigurationProperties
Property	Type	Description
`micronaut.security.token.propagation.header.enabled`	boolean	Enable HttpHeaderTokenPropagator. Default value (true).
`micronaut.security.token.propagation.header.prefix`	java.lang.String
`micronaut.security.token.propagation.header.header-name`	java.lang.String

🔗

Table 7. Configuration Properties for TokenPropagationConfigurationProperties
Property	Type	Description
`micronaut.security.token.propagation.service-id-regex`	java.lang.String
`micronaut.security.token.propagation.uri-regex`	java.lang.String
`micronaut.security.token.propagation.service-id-pattern`	java.util.regex.Pattern
`micronaut.security.token.propagation.uri-pattern`	java.util.regex.Pattern
`micronaut.security.token.propagation.enabled`	boolean	Enables TokenPropagationHttpClientFilter. Default value false
`micronaut.security.token.propagation.path`	java.lang.String

🔗

Table 8. Configuration Properties for IntrospectionConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.introspection.enabled`	boolean
`micronaut.security.endpoints.introspection.path`	java.lang.String	Path to the IntrospectionController. Default value "/token_info"

Table 9. Configuration Properties for RefreshTokenCookieConfigurationProperties
Property	Type	Description
`micronaut.security.token.refresh.cookie.cookie-domain`	java.lang.String
`micronaut.security.token.refresh.cookie.cookie-http-only`	java.lang.Boolean
`micronaut.security.token.refresh.cookie.cookie-secure`	java.lang.Boolean
`micronaut.security.token.refresh.cookie.cookie-max-age`	java.time.Duration
`micronaut.security.token.refresh.cookie.cookie-same-site`	SameSite	Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: `Strict`, `Lax` or `None`.
`micronaut.security.token.refresh.cookie.enabled`	boolean
`micronaut.security.token.refresh.cookie.cookie-name`	java.lang.String
`micronaut.security.token.refresh.cookie.cookie-path`	java.lang.String

🔗

Table 10. Configuration Properties for SecurityConfigurationProperties
Property	Type	Description
`micronaut.security.authentication`	AuthenticationMode	Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie, idtoken. Should only be supplied if the service handles login and logout requests.
`micronaut.security.enabled`	boolean	If Security is enabled. Default value true
`micronaut.security.intercept-url-map`	java.util.List	Map that defines the interception patterns.
`micronaut.security.ip-patterns`	java.util.List	Allowed IP patterns. Default value (["0.0.0.0"])
`micronaut.security.intercept-url-map-prepend-pattern-with-context-path`	boolean	Whether the intercept URL patterns should be prepended with context path if defined. Defaults to true.
`micronaut.security.authentication-provider-strategy`	AuthenticationStrategy	Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL.
`micronaut.security.reject-not-found`	boolean	Whether the server should respond with 401 for requests that do not match any routes on the server, if you set it to false, it will return 404 for requests that do not match any routes on the server. Default value (true).

Table 11. Configuration Properties for TokenCookieConfigurationProperties
Property	Type	Description
`micronaut.security.token.cookie.cookie-domain`	java.lang.String
`micronaut.security.token.cookie.cookie-http-only`	java.lang.Boolean
`micronaut.security.token.cookie.cookie-secure`	java.lang.Boolean
`micronaut.security.token.cookie.cookie-max-age`	java.time.Duration
`micronaut.security.token.cookie.cookie-same-site`	SameSite	Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: `Strict`, `Lax` or `None`.
`micronaut.security.token.cookie.enabled`	boolean	Whether JWT cookie configuration is enabled. Default value (true).
`micronaut.security.token.cookie.cookie-name`	java.lang.String	Cookie Name. Default value ("JWT").
`micronaut.security.token.cookie.cookie-path`	java.lang.String	The path of the cookie. Default value ("/").

🔗

Table 12. Configuration Properties for LoginControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.login.post-content-types`	java.util.Set	Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded
`micronaut.security.endpoints.login.enabled`	boolean	Whether the controller is enabled.
`micronaut.security.endpoints.login.path`	java.lang.String	Path to the controller.

🔗

Table 13. Configuration Properties for RedirectConfigurationProperties$ForbiddenRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.forbidden.url`	java.lang.String	Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").
`micronaut.security.redirect.forbidden.enabled`	boolean	Whether it should redirect on forbidden rejections. Default value (true).

🔗

Table 14. Configuration Properties for BasicAuthAuthenticationConfiguration
Property	Type	Description
`micronaut.security.basic-auth.enabled`	boolean	Enables the {@link BasicAuthAuthenticationFetcher}. Default value true.

🔗

Table 15. Configuration Properties for RedirectConfigurationProperties$RefreshRedirectConfigurationProperties
Property	Type	Description
`micronaut.security.redirect.refresh.url`	java.lang.String	Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").
`micronaut.security.redirect.refresh.enabled`	boolean	Whether it should redirect on forbidden rejections. Default value (true).

🔗

Table 16. Configuration Properties for TokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.enabled`	boolean	Sets whether the configuration is enabled. Default value true.
`micronaut.security.token.roles-name`	java.lang.String
`micronaut.security.token.name-key`	java.lang.String
`micronaut.security.token.roles-separator`	java.lang.String	If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value DEFAULT_ROLES_SEPARATOR.

🔗

Table 17. Configuration Properties for BearerTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.bearer.enabled`	boolean	Set whether to enable bearer token authentication. Default value true.
`micronaut.security.token.bearer.prefix`	java.lang.String	Sets the prefix to use for the auth token. Default value Bearer.
`micronaut.security.token.bearer.header-name`	java.lang.String	Sets the header name to use. Default value Authorization.

🔗

Table 18. Configuration Properties for X509ConfigurationProperties
Property	Type	Description
`micronaut.security.x509.subject-dn-regex`	java.lang.String	Set the Subject DN regex. Default value "CN=(.*?)(?:,
$)".	`micronaut.security.x509.enabled`	boolean

🔗

Table 19. Configuration Properties for AccessTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.generator.access-token.expiration`	java.lang.Integer	Access token expiration. Default value (3600).

Micronaut Security Csrf Config Properties

🔗

Table 20. Configuration Properties for CsrfConfigurationProperties
Property	Type	Description
`micronaut.security.csrf.signature-key`	java.lang.String	The Secret Key that is used to calculate an HMAC as part of a CSRF token generation. Default Value `null`.
`micronaut.security.csrf.http-session-name`	java.lang.String	Key to look for the CSRF token in an HTTP Session. Default Value: "csrfToken".
`micronaut.security.csrf.random-value-size`	int	Random value’s size in bytes. The random value used is used to build a CSRF Token. Default Value: 16.
`micronaut.security.csrf.header-name`	java.lang.String	HTTP Header name to look for the CSRF token. Default Value: "X-CSRF-TOKEN".
`micronaut.security.csrf.field-name`	java.lang.String	Field name in a form url encoded submission to look for the CSRF token. Default Value: "csrfToken".
`micronaut.security.csrf.enabled`	boolean	Whether the CSRF integration is enabled. Default value true.
`micronaut.security.csrf.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.csrf.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.csrf.cookie-name`	java.lang.String	Cookie Name.
`micronaut.security.csrf.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.csrf.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.csrf.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value ({@value AccessTokenConfigurationProperties#DEFAULT_EXPIRATION} seconds).
`micronaut.security.csrf.cookie-same-site`	SameSite	Cookie Same Site Configuration. It defaults to Strict.

🔗

Table 21. Configuration Properties for CsrfFilterConfigurationProperties
Property	Type	Description
`micronaut.security.csrf.filter.methods`	java.util.Set	Filter will only process requests whose method matches any of these methods. Default Value is POST, PUT, DELETE, PATCH.
`micronaut.security.csrf.filter.content-types`	java.util.Set	Filter will only process requests whose content type matches any of these content types. Default Value is application/x-www-form-urlencoded, multipart/form-data.
`micronaut.security.csrf.filter.enabled`	boolean	Whether the filter is enabled. Default value true.
`micronaut.security.csrf.filter.regex-pattern`	java.lang.String	CSRF filter processes only request paths matching this regular expression. Default Value: "^.*$"

Micronaut Security Jwt Config Properties

🔗

Table 22. Configuration Properties for JwtClaimsValidatorConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.claims-validators.issuer`	java.lang.String	Whether the iss claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.
`micronaut.security.token.jwt.claims-validators.audience`	java.lang.String	Whether the aud claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.
`micronaut.security.token.jwt.claims-validators.subject-not-null`	boolean	Whether the JWT subject claim should be validated to ensure it is not null. Default value true.
`micronaut.security.token.jwt.claims-validators.not-before`	boolean
`micronaut.security.token.jwt.claims-validators.expiration`	boolean	Whether the expiration date of the JWT should be validated. Default value true.
`micronaut.security.token.jwt.claims-validators.nonce`	boolean	Whether the nonce claim should be validated when a nonce was present. Default value true.
`micronaut.security.token.jwt.claims-validators.openid-idtoken`	boolean	Whether `IdTokenClaimsValidator`, which performs some fo the verifications described in OpenID Connect Spec, is enabled. Default value true. Only applies for `idtoken` authentication mode.

🔗

Table 23. Configuration Properties for SecretEncryptionConfiguration
Property	Type	Description
`micronaut.security.token.jwt.encryptions.secret.*.secret`	java.lang.String
`micronaut.security.token.jwt.encryptions.secret.*.jwe-algorithm`	com.nimbusds.jose.JWEAlgorithm
`micronaut.security.token.jwt.encryptions.secret.*.encryption-method`	com.nimbusds.jose.EncryptionMethod

🔗

Table 24. Configuration Properties for RefreshTokenConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.generator.refresh-token.enabled`	boolean	Sets whether SignedRefreshTokenGenerator is enabled. Default value (true).
`micronaut.security.token.jwt.generator.refresh-token.jws-algorithm`	com.nimbusds.jose.JWSAlgorithm	{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256
`micronaut.security.token.jwt.generator.refresh-token.secret`	java.lang.String	shared secret. For HS256 must be at least 256 bits.
`micronaut.security.token.jwt.generator.refresh-token.base64`	boolean	Indicates whether the supplied secret is base64 encoded. Default value false.

🔗

Table 25. Configuration Properties for KeysControllerConfigurationProperties
Property	Type	Description
`micronaut.security.endpoints.keys.enabled`	boolean
`micronaut.security.endpoints.keys.path`	java.lang.String	Path to the KeysController. Default value "/keys".

🔗

Table 26. Configuration Properties for JwtConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.enabled`	boolean	Sets whether JWT security is enabled. Default value (true).

🔗

Table 27. Configuration Properties for JwksSignatureConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.signatures.jwks.*.cache-expiration`	java.lang.Integer
`micronaut.security.token.jwt.signatures.jwks.*.url`	java.lang.String
`micronaut.security.token.jwt.signatures.jwks.*.key-type`	com.nimbusds.jose.jwk.KeyType

🔗

Table 28. Configuration Properties for SecretSignatureConfiguration
Property	Type	Description
`micronaut.security.token.jwt.signatures.secret.*.jws-algorithm`	com.nimbusds.jose.JWSAlgorithm
`micronaut.security.token.jwt.signatures.secret.*.secret`	java.lang.String
`micronaut.security.token.jwt.signatures.secret.*.base64`	boolean

🔗

Table 29. Configuration Properties for NimbusJsonWebTokenValidatorConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.nimbus.reactive-validator`	boolean	Whether the bean {@link NimbusReactiveJsonWebTokenValidator} is enabled. Default value true.
`micronaut.security.token.jwt.nimbus.validator`	boolean	Whether the bean {@link NimbusJsonWebTokenValidator} is enabled. Default value true.
`micronaut.security.token.jwt.nimbus.reactive-validator-execute-on-blocking`	boolean	Whether {@link NimbusReactiveJsonWebTokenValidator} should subscribe on a scheduler created with the blocking task executor. Default value false.

🔗

Table 30. Configuration Properties for StaticJwksSignatureConfigurationProperties
Property	Type	Description
`micronaut.security.token.jwt.signatures.jwks-static.*.path`	java.lang.String	A path either starting with `classpath:` or `file:`. You can serve a JSON JWKS from anywhere on disk or the classpath. For example to serve static resources from `src/main/resources/security/jwks.json`, you would use `classpath:security/jwks.json` as the path.

Micronaut Security Ldap Config Properties

🔗

Table 31. Configuration Properties for LdapConfiguration$GroupConfiguration
Property	Type	Description
`micronaut.security.ldap.*.groups.subtree`	boolean
`micronaut.security.ldap.*.groups.base`	java.lang.String
`micronaut.security.ldap.*.groups.filter`	java.lang.String
`micronaut.security.ldap.*.groups.attribute`	java.lang.String
`micronaut.security.ldap.*.groups.enabled`	boolean	Sets if group search is enabled. Default false
`micronaut.security.ldap.*.groups.filter-attribute`	java.lang.String	The argument to pass to the search filter.

🔗

Table 32. Configuration Properties for LdapConfiguration$SearchConfiguration
Property	Type	Description
`micronaut.security.ldap.*.search.subtree`	boolean
`micronaut.security.ldap.*.search.base`	java.lang.String
`micronaut.security.ldap.*.search.filter`	java.lang.String
`micronaut.security.ldap.*.search.attributes`	java.lang.String

🔗

Table 33. Configuration Properties for LdapConfiguration$ContextConfiguration
Property	Type	Description
`micronaut.security.ldap.*.context.server`	java.lang.String
`micronaut.security.ldap.*.context.manager-dn`	java.lang.String
`micronaut.security.ldap.*.context.manager-password`	java.lang.String
`micronaut.security.ldap.*.context.factory`	java.lang.String
`micronaut.security.ldap.*.context.properties`	java.util.Map

🔗

Table 34. Configuration Properties for LdapConfiguration
Property	Type	Description
`micronaut.security.ldap.*.enabled`	boolean	Sets whether this configuration is enabled. Default true.

Micronaut Security Oauth2 Config Properties

🔗

Table 35. Configuration Properties for DefaultNonceConfiguration
Property	Type	Description
`micronaut.security.oauth2.openid.nonce.persistence`	java.lang.String	Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").
`micronaut.security.oauth2.openid.nonce.enabled`	boolean	Sets whether a nonce parameter will be sent. Default (true).

🔗

Table 36. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$EndSessionConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.end-session.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.end-session.enabled`	boolean	The end session enabled flag. Default value (true).

🔗

Table 37. Configuration Properties for OauthConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.enabled`	boolean	Sets whether the OAuth 2.0 support is enabled. Default value (true).
`micronaut.security.oauth2.login-uri`	java.lang.String	The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}").
`micronaut.security.oauth2.callback-uri`	java.lang.String	The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}").
`micronaut.security.oauth2.default-provider`	java.lang.String	The default authentication provider for an OAuth 2.0 authorization code grant flow.

🔗

Table 38. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$AuthorizationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.authorization.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.authorization.response-type`	ResponseType	Determines the authorization processing flow to be used. Default value (code).
`micronaut.security.oauth2.clients.*.openid.authorization.response-mode`	java.lang.String	Mechanism to be used for returning authorization response parameters from the authorization endpoint.
`micronaut.security.oauth2.clients.*.openid.authorization.display`	Display	Controls how the authentication interface is displayed.
`micronaut.security.oauth2.clients.*.openid.authorization.prompt`	Prompt	Controls how the authentication server prompts the user.
`micronaut.security.oauth2.clients.*.openid.authorization.max-age`	java.lang.Integer	Maximum authentication age.
`micronaut.security.oauth2.clients.*.openid.authorization.ui-locales`	java.util.List	Preferred locales for authentication.
`micronaut.security.oauth2.clients.*.openid.authorization.acr-values`	java.util.List	Authentication class reference values.
`micronaut.security.oauth2.clients.*.openid.authorization.code-challenge-method`	java.lang.String	Code Challenge Method to use for PKCE.

🔗

Table 39. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$EndSessionConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.end-session.redirect-uri`	java.lang.String	The URI the OpenID provider should redirect to after logging out. Default value ("/logout").

🔗

Table 40. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-credentials.service-id-regex`	java.lang.String
`micronaut.security.oauth2.clients.*.client-credentials.uri-regex`	java.lang.String
`micronaut.security.oauth2.clients.*.client-credentials.advanced-expiration`	java.time.Duration	Number of seconds for a token obtained via client credentials grant to be considered expired prior to its expiration date. Default value (30 seconds).
`micronaut.security.oauth2.clients.*.client-credentials.scope`	java.lang.String	Scope to be requested in the client credentials request. Defaults to none.
`micronaut.security.oauth2.clients.*.client-credentials.enabled`	boolean	Enables ClientCredentialsClient. Default value true
`micronaut.security.oauth2.clients.*.client-credentials.additional-request-params`	java.util.Map

Table 41. Configuration Properties for CookieNoncePersistenceConfiguration
Property	Type	Description
`micronaut.security.oauth2.openid.nonce.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.oauth2.openid.nonce.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.oauth2.openid.nonce.cookie.cookie-name`	java.lang.String	Cookie Name. Default value `{@link #DEFAULT_COOKIENAME}`.
`micronaut.security.oauth2.openid.nonce.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value (5 minutes).

🔗

Table 42. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$UserInfoEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.user-info.url`	java.lang.String	The endpoint URL

🔗

Table 43. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$TokenEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.token.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.openid.token.auth-method`	AuthenticationMethod
`micronaut.security.oauth2.clients.*.openid.token.authentication-method`	java.lang.String	Authentication Method
`micronaut.security.oauth2.clients.*.openid.token.content-type`	MediaType	The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).

🔗

Table 44. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$ClaimsValidationConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.claims-validation.issuer`	boolean	Whether IssuerClaimValidator is enabled. Default value (true).
`micronaut.security.oauth2.openid.claims-validation.audience`	boolean	Whether AudienceClaimValidator is enabled. Default value (true).
`micronaut.security.oauth2.openid.claims-validation.authorized-party`	boolean	Whether AuthorizedPartyClaimValidator is enabled. Default value (true).

🔗

Table 45. Configuration Properties for OauthClientConfigurationProperties$IntrospectionEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.introspection.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.introspection.auth-method`	AuthenticationMethod
`micronaut.security.oauth2.clients.*.introspection.authentication-method`	java.lang.String	Authentication Method

🔗

Table 46. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.logout-uri`	java.lang.String	The URI used to log out of an OpenID provider. Default value ("/oauth/logout").

🔗

Table 47. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties$RegistrationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.registration.url`	java.lang.String	The endpoint URL

🔗

Table 48. Configuration Properties for OauthClientConfigurationProperties$RevocationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.revocation.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.revocation.auth-method`	AuthenticationMethod
`micronaut.security.oauth2.clients.*.revocation.authentication-method`	java.lang.String	Authentication Method

Table 49. Configuration Properties for CookiePkcePersistenceConfiguration
Property	Type	Description
`micronaut.security.oauth2.pkce.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.oauth2.pkce.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.oauth2.pkce.cookie.cookie-name`	java.lang.String	Cookie Name. Default value `{@link #DEFAULT_COOKIE_NAME}`.
`micronaut.security.oauth2.pkce.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.oauth2.pkce.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.oauth2.pkce.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value (5 minutes).

Table 50. Configuration Properties for CookieStatePersistenceConfiguration
Property	Type	Description
`micronaut.security.oauth2.state.cookie.cookie-domain`	java.lang.String	Sets the domain name of this Cookie. Default value (null).
`micronaut.security.oauth2.state.cookie.cookie-secure`	java.lang.Boolean	Sets whether the cookie is secured. Defaults to the secure status of the request.
`micronaut.security.oauth2.state.cookie.cookie-name`	java.lang.String	Cookie Name. Default value `{@link #DEFAULT_COOKIENAME}`.
`micronaut.security.oauth2.state.cookie.cookie-path`	java.lang.String	Sets the path of the cookie. Default value ("/").
`micronaut.security.oauth2.state.cookie.cookie-http-only`	java.lang.Boolean	Whether the Cookie can only be accessed via HTTP. Default value (true).
`micronaut.security.oauth2.state.cookie.cookie-max-age`	java.time.Duration	Sets the maximum age of the cookie. Default value (5 minutes).

🔗

Table 51. Configuration Properties for OauthClientConfigurationProperties$OpenIdClientConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.openid.issuer`	java.net.URL	URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier.
`micronaut.security.oauth2.clients.*.openid.configuration-path`	java.lang.String	The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").
`micronaut.security.oauth2.clients.*.openid.jwks-uri`	java.lang.String	The JWKS signature URI.

🔗

Table 52. Configuration Properties for OauthClientConfigurationProperties$TokenEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.token.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.token.auth-method`	AuthenticationMethod
`micronaut.security.oauth2.clients.*.token.authentication-method`	java.lang.String	Authentication Method

🔗

Table 53. Configuration Properties for OauthClientConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-id`	java.lang.String	OAuth 2.0 client id.
`micronaut.security.oauth2.clients.*.client-secret`	java.lang.String	OAuth 2.0 client secret.
`micronaut.security.oauth2.clients.*.enabled`	boolean	Sets whether the client is enabled. Default value (true).
`micronaut.security.oauth2.clients.*.scopes`	java.util.List	Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to `profile`, `email` and `idtoken`
`micronaut.security.oauth2.clients.*.grant-type`	GrantType	OAuth 2.0 grant type. Default value (authorization_code).

🔗

Table 54. Configuration Properties for PkceConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.pkce.entropy`	int	entropy (in bytes) used for the code verifier generation. Default value 64.
`micronaut.security.oauth2.pkce.persistence`	java.lang.String	Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value (PERSISTENCE_COOKIE).
`micronaut.security.oauth2.pkce.enabled`	boolean	Sets whether a state parameter will be sent. Default (true).

🔗

Table 55. Configuration Properties for OauthClientConfigurationProperties$AuthorizationEndpointConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.authorization.url`	java.lang.String	The endpoint URL
`micronaut.security.oauth2.clients.*.authorization.code-challenge-method`	java.lang.String	Code Challenge Method to use for PKCE.

🔗

Table 56. Configuration Properties for OauthClientConfigurationProperties$ClientCredentialsConfigurationProperties$HeaderTokenPropagatorConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.enabled`	boolean	Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true).
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.prefix`	java.lang.String
`micronaut.security.oauth2.clients.*.client-credentials.header-propagation.header-name`	java.lang.String

🔗

Table 57. Configuration Properties for DefaultStateConfiguration
Property	Type	Description
`micronaut.security.oauth2.state.persistence`	java.lang.String	Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").
`micronaut.security.oauth2.state.enabled`	boolean	Sets whether a state parameter will be sent. Default (true).

🔗

Table 58. Configuration Properties for OauthConfigurationProperties$OpenIdConfigurationProperties$AdditionalClaimsConfigurationProperties
Property	Type	Description
`micronaut.security.oauth2.openid.additional-claims.jwt`	boolean	Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false).
`micronaut.security.oauth2.openid.additional-claims.access-token`	boolean	Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false).
`micronaut.security.oauth2.openid.additional-claims.refresh-token`	boolean	Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false).

Micronaut Security Session Config Properties

🔗

Table 59. Configuration Properties for SecuritySessionConfigurationProperties
Property	Type	Description
`micronaut.security.session.enabled`	boolean	Sets whether the session config is enabled. Default value (true).