All Classes and Interfaces

Class
Description
Builds an absolute URL for the current server.
Base class for cookie configuration properties classes.
A base class for authorization responses to extend from.
Abstract class to create a Client for client credentials grant.
Base class for SecureGrant implementations.
Base class for condition implementations.
Base configuration for CookieConfiguration implementations.
Abstract encryption configuration.
A base class to extend from to log out of an OpenID provider.
Base implementation class for OutgoingRequestProcessorMatcher.
Binds the authentication object to a route argument.
A base SecurityRule class to extend from that provides helper methods to get the roles from the claims and compare them to the roles allowed by the rule.
 
Abstract implementation of TokenAuthenticationFactory which creates an authentication for a set of claims.
A base class that provides getters for common context properties.
Stores the combination of access and refresh tokens.
Contract to generate AccessRefreshToken for a particular user.
Implementation of LoginHandler for Token Based Authentication.
Configuration for access tokens.
Access token configuration.
Configuration for the access token cookie.
Triggered when a JWT access token is generated.
Representation of an Address Claim which represents a physical mailing address.
Utility to retrieve beans from the Application Context associated to the AOT Context.
A contract for a class convertible to a map.
A ConvertibleValues implementation that uses Attributes as the backing data source.
ID Token Audience validator.
Validates JWT audience claim contains a configured value.
Provides specific configuration to logout from Auth0.
Represents the state of an authentication.
Binds the authentication object to a route argument.
A runtime exception thrown when authentication fails.
Handles the server response when an AuthenticationException is thrown.
Signalises an authentication failure and stores the failure reason.
Enums describes the different authentication failures.
Describes a bean which attempts to read an Authentication from an HTTP Request being executed.
Adapter from JWTClaimsSet to Authentication.
Client Authentication methods that are used by Clients to authenticate to the Authorization Server when using the Token Endpoint.
Different authentication strategies shipped with Micronaut Security.
A condition that matches a supplied list of authentication modes.
Defines the Authentication mode being used.
Deprecated, for removal: This API element is subject to removal in a future version.
Use AuthenticationProvider for an imperative API or ReactiveAuthenticationProvider for a reactive API instead.
Defines an API to authenticate a user with the given request.
Represents a request to authenticate.
The response of an authentication attempt.
Options for how to handle multiple authentication providers.
An Authenticator operates on several ReactiveAuthenticationProvider instances returning the first authenticated AuthenticationResponse.
Authorization Code Grant Request.
OAuth 2.0 authorization endpoint configuration.
Error codes for an Authentication Error Response message returned from the OP's Authorization Endpoint in response to the Authorization Request message sent by the RP.
Open ID Connect Authentication Error Response.
A runtime exception thrown when a Oauth 2.
An exception handler for AuthorizationErrorResponseException.
Exception thrown when access to a protected resource is denied.
Responsible for redirecting to an OAuth 2.0 provider for authentication.
OAuth 2.0 Authorization Request.
OAuth 2.0 Authentication Response.
Authorization Servers.
Authorized party claim validation.
Provides specific configuration to logout from AWS Cognito.
Configuration for basic authentication.
An implementation of AuthenticationFetcher that decodes a username and password from the Authorization header and authenticates the credentials against any ReactiveAuthenticationProviders available.
Utility class for Basic Auth.
Encapsulates an Access Token response as described in RFC 6749.
Configuration for the BearerTokenReader.
Default implementation of BearerTokenConfiguration.
Reads JWT token from HttpHeaders.AUTHORIZATION header.
 
Authentication claims.
Identifies the recipients that the JWT is intended for.
 
An implementation of the Authentication interface intended to be used by clients that deserialize token information into an authentication.
 
Client credentials configuration.
Condition to determine if the client credentials grant is enabled for a given OAuth 2.0 client.
Factory to create ClientCredentialsClient beans.
Client Credentials Grant.
 
Propagates a token obtained via client credentials based off of a header.
HTTP header client credentials token propagation configuration.
An HttpClientFilter to add an access token to outgoing request thanks to a Client Credentials request.
Responsible for retrieving and writing tokens obtained via a client credentials request.
A token request context for sending a client credentials request to an OAuth 2.0 provider.
Generates a Code Verifier for PKCE.
A security rule implementation backed by the SecurityConfiguration.getInterceptUrlMap().
Responsible for mapping the result of LDAP authentication to an AuthenticationResponse.
Contract for building and closing LDAP contexts.
Implementation of ContextSettings that derives its values from an instance of LdapConfiguration.
Contract to hold settings for creating an LDAP context.
Base configuration for all controllers.
It evaluates to true if micronaut.security.authentication is set to idtoken or cookie.
Abstract class which defines an implementation of RedirectingLoginHandler where a redirect response is issued.
Nonce persistence with a cookie.
 
Utility Abstract class for Cookie Persistence.
Persists the Proof of Key Exchange (PKCE) code_verifier value in a cookie.
 
Stores the last unauthorized URL in a cookie to redirect back to after logging in.
Persists the state value in a cookie.
 
Reads the token from the configured io.micronaut.security.token.jwt.cookie.
An annotation for use with Micronaut Data entities that will cause the annotated field to be automatically populated on save with the identity of the currently authenticated user.
Generates http responses with access and refresh token.
Default implementation of AuthorizationErrorResponse.
Provides the default behavior for responding to an AuthorizationException.
Builds an authorization redirect url.
ClientCredentialsClient for OAuth 2.0 clients which configures the token endpoint information directly.
Client for Client Credentials for OAuth 2.0 clients which user open id configuration.
The default token propagator that uses the default header configuration.
DefaultImplementation of CodeVerifierGenerator which generates a random code verifier using PkceConfiguration.getEntropy().
The default implementation to create an AuthenticationResponse from a successful ldap authentication result.
Default implementation of ContextBuilder.
Default implementation of EndpointConfiguration.
The default implementation of EndSessionCallbackUrlBuilder.
A controller for the end session endpoint.
Decorates a InterceptUrlPattern}.
Validates the IntrospectionRequest.getToken() with the available TokenValidator.
Default implementation of JwkSetFetcher for JWKSet.
AOT Optimizations.
Default implementation of JwkValidator which uses a JSON Web Signature (JWS) verifier.
Extracts the JWT claims and uses the AuthenticationJWTClaimsSetAdapter to construction an Authentication object.
Default implementation of LdapGroupProcessor.
Default implementation of LdapSearchService.
Configuration properties implementation of nonce validation configuration.
Generates a random UUID nonce.
The default implementation of AuthorizationResponse for OAuth 2.0 provider authorization responses.
Default implementation of OauthAuthorizationResponseHandler.
The default implementation of OauthClient.
Default implementation of OauthController.
Default implementation of OauthRouteUrlBuilder.
The default implementation of OpenIdAuthenticationMapper that uses the subject claim for the username and populates the attributes with the non JWT standard claims.
 
Default implementation of OpenIdAuthorizationResponseHandler.
The default implementation of OpenIdClient.
 
Builder.
Default implementation of OpenIdProviderMetadataFetcher.
AOT Optimizations.
Deprecated, for removal: This API element is subject to removal in a future version.
Use DefaultReactiveOpenIdTokenResponseValidator instead
Generates a Proof Key for Code Exchange and persists.
Default implementation of ProviderResolver.
Get redirection URLs combining context path and redirect configuration.
Default implementation of RolesFinder.
The default implementation of SecureEndpoint.
Default implementation of SecureEndpointConfiguration.
Default implementation of SecurityService.
Default state implementation.
Configuration properties implementation of state validation configuration.
A default state provider that stores the original request URI to redirect back to after authentication.
State validator implementation.
The default implementation of TokenEndpointClient.
Default implementation of TokenResolver.
OpenID connect Display parameter.
Elliptic curve encryption configuration.
 
Elliptic curve signature.
Elliptic curve signature configuration.
Elliptic curve signature generator.
Elliptic curve signature generation configuration.
Encryption configuration.
Converts a string to an EncryptionMethod.
An OAuth 2.0 provider endpoint.
Endpoint configuration contract.
A contract for generating the URL used by OpenID providers to redirect back to after logging the user out.
OpenID end session configuration.
Handles a log out request that redirects to an OpenID provider.
Represents the end session endpoint of an OpenID provider.
End session endpoint configuration.
Responsible for resolving which end session request to use for a given OpenID client configuration.
OAuth 2.0.
OAuth 2.0 Error Response.
An AuthenticationProvider which forces you to define the executor to be used.
Validate JWT is not expired.
Failed Authentication Scenario.
Configuration about where to redirect if forbidden.
A generated file.
Any JwtTokenValidator which should be verified for any JWT should implement this interface.
The OAuth 2.0 grant types.
Implementation of SearchSettings that derives values from an instance of LdapConfiguration.GroupConfiguration.
Implementation of JwksClient that uses the Micronaut HttpClient.
Propagates a token based off of a header.
HTTP header token propagation configuration.
Http header token propagation configuration.
Reads a token from an HTTP request and removes prefix from HTTP Header Value.
AuthenticationProvider for HttpRequest.
For AuthenticationMode.IDTOKEN authentication mode performs the following verification as described in the OpenID Connect Spec.
Resolves a Id Token Hint.
Sets CookieLoginHandler`s cookie value to the idtoken received from an authentication provider.
 
 
Encapsulates the configuration of IntrospectionController.
 
 
Introspection endpoint configuration.
A parameter representing the token along with optional parameters representing additional context that is known by the protected resource to aid the authorization server in its response.
 
Exception thrown if authorization response state parameter validation fails.
A security rule implementation backed by the SecurityConfigurationProperties.getIpPatterns() ()}.
The Issuer Identifier for the OpenID Provider (which is typically obtained during Discovery) MUST exactly match the value of the iss (issuer) Claim.
Validates JWT issuer claim matches a configured value.
A single ASCII error code as described in Issuing an Access Token - Error Response section of OAuth 2.0 spec.
Jackson based implementation for state serdes.
Allows using the DenyAll annotation in Micronaut.
Allows using the PermitAll annotation in Micronaut.
Allows using the RolesAllowed annotation in Micronaut.
Decrypts an encrypted token.
JSON Web Token (JWT) parser.
API to validate the signature of a JSON Web Token with beans of type SignatureConfiguration.
JSON Web Token (JWT) validator.
Generates the "jti" (Token ID) claim, which provides a unique identifier for the token.
Converts a string to a JWEAlgorithm.
Defines an interface for JSON Web Key (JKW) providers.
Designates a class which caches a Json Web Key Set which may typically be fetched from a remote authorization server.
Client for loading Json Web Key Set content over http.
Fetch a Json Web Key Set by a given url.
SignatureConfiguration backed by a JWKSet.
Optimization to fetch Json Web Key Set at build time.
Deprecated, for removal: This API element is subject to removal in a future version.
Not used.
JSON Web Key Set Configuration.
JSON Web Key Set (JWKS) Signature Configuration properties holder.
Utility class to verify signatures with a JWKSet.
Factory to create ReactiveJwksSignature beans for the OpenIdProviderMetadata.getJwksUri() of OpenID clients.
Validates a JWT signature with a JSON Web Key (JWK).
Converts a string to a JWSAlgorithm.
Creates an Authentication object from a JWT token.
JWT bearer assertion grant.
Adapts from JWTClaimsSet to Claims.
 
Utils class to instantiate a JWClaimsSet give a map of claims.
Provides a contract to create custom JWT claims validations.
Configuration to enable or disable beans of type JwtClaimsValidator.
ConfigurationProperties implementation of JwtClaimsValidatorConfiguration.
Represents configuration of the JWT token.
JwtConfiguration implementation.
An implementation of OpenIdClaims backed by an JWTClaimsSet.
JWT Token Generation.
Deprecated, for removal: This API element is subject to removal in a future version.
Deprecated, for removal: This API element is subject to removal in a future version.
A builder for JwtValidator.
 
Provides specific configuration to logout from Keycloak.
Endpoint which exposes a JSON Web Key Set built with the JWK provided by JwkProvider beans.
Encapsulates the configuration of KeysController.
Configures the KeysController.
Converts a string to a KeyType.
Authenticates against an LDAP server using the configuration provided through LdapConfiguration.
Factory to create an LDAP authentication provider if the configuration is enabled.
Configuration for LDAP authentication.
The context configuration.
The group configuration.
The user search configuration.
Condition to enable the LDAP authentication provider.
Contract to allow the list of groups returned from LDAP to be transformed and appended to from other sources.
Contains the data returned from an LDAP search.
Contract for searching LDAP using an existing context.
Utility methods to avoid verbosity of logging statements.
Handles login requests.
Encapsulates the configuration of LoginController.
 
Event triggered when an unsuccessful login takes place.
Defines how to respond to a successful or failed login attempt.
Resolves a LoginHint.
Event triggered when a successful login takes place.
 
Encapsulates the configuration of LogoutController.
Implementation of LogoutControllerConfiguration used to configure the LogoutController.
Event triggered when the user logs out.
Responsible for logging the user out and returning an appropriate response.
A Claims implementation backed by a Map.
Utility class to mock authentication scenarios.
Represents a mutable state object.
Responsible for validating the nonce claim.
Configuration options for nonce validation.
Generates a nonce.
Persists the nonce for later retrieval necessary for validation.
Validate current time is not before the not-before claim of a JWT token.
A contract for mapping an OAuth 2.0 token endpoint response to a AuthenticationResponse object.
Configuration for Authorization Endpoint Configuration.
A marker contract to denote a given authorization request is not part of the OpenID standard.
A marker interface for normal OAuth 2.0 authorization responses.
Responsible for handling the authorization callback response from an OAuth 2.0 provider.
A contract for an OAuth 2.0 client.
Condition to create an OauthClient.
OAuth 2.0 client configuration.
Stores configuration of each configured OAuth 2.0 client.
OAuth 2.0 authorization endpoint configuration.
Client credentials configuration.
Client credentials http header token propagation configuration.
Introspection endpoint configuration.
OpenID client configuration.
Authorization endpoint configuration.
End session endpoint configuration.
Registration endpoint configuration.
Token endpoint configuration.
User info endpoint configuration.
Revocation endpoint configuration.
OAuth 2.0 token endpoint configuration.
A token request context for sending an authorization code grant request to an OAuth 2.0 provider.
OAuth 2.0 Configuration.
ConfigurationProperties implementation of OauthClientConfiguration.
OpenID configuration.
Claims configuration.
Claims Validator configuration.
End session configuration.
A controller that handles token refresh.
Responsible for OAuth 2.0 authorization redirect, authorization callback, and end session redirects.
Encapsulates the configuration of OauthController.
Configures the provided OauthController.
An Runtime exception which implements ErrorResponse.
Returns an application/json response for a OauthErrorResponseException with status 400.
Deprecated, for removal: This API element is subject to removal in a future version.
A token request context for sending a password grant request to an OAuth 2.0 provider.
Responsible for building URLs to routes the client will receive.
A single ASCII error code as described in Obtaining Authorization - Error Response seciton of OAuth 2.0 spec.
Provides specific configuration to logout from Okta.
Configuration for additional claims to be added to the resulting JWT created from an OpenID authentication.
Responsible for converting an OpenID token response to a Authentication representing the authenticated user.
The OpenID extensions to the standard OAuth 2.0 authorization request.
An extension of AuthorizationResponse that allows for retrieval of the persisted nonce value.
Responsible for handling the authorization callback response from an OpenID provider.
ID Token.
Configuration to determine if a claim validation is enabled.
JWT Claims Validator for ID Token.
Extends the OauthClient with OpenID specific functionality.
Condition to create an OpenIdClient.
Configuration for an OpenID client.
A token request context for sending an authorization code grant request to an OpenID provider.
Configuration for OpenID not specific to a client.
Deprecated, for removal: This API element is subject to removal in a future version.
A token request context for sending a password grant request to an OpenID provider.
Metadata describing the configuration of OpenID Providers.
Fetches OpenIdProviderMetadata for a OpenIdClientConfiguration.
Optimization to fetch OpenID Configuration at build time.
 
OpenID Connect scope values.
Id Token Access Token Response.
Deprecated, for removal: This API element is subject to removal in a future version.
Resource Owner Password Credentials Grant.
Condition to enable the password grant authentication flow for an OAuth provider.
Base configuration for persistable endpoints.
Proof Key for Code Exchange.
Proof Key for Code Exchange Challenge.
Configuration for PKCE.
Configuration properties implementation of PKCE.
API to Build/Persist a PKCE (Proof Key for Code Exchange).
 
Persists the Proof of Key Exchange (PKCE) for later retrieval.
Pkce generator for plain challenge method.
Responsible for binding a Principal to a route argument.
Keep track of state before login.
OpenID connect prompt parameter.
Resolves the OAuth 2.0 provider that authenticated the logged in user.
Utility class to get the name qualifier value.
Defines a reactive authentication provider.
Deprecated, for removal: This API element is subject to removal in a future version.
Reactive API to validate the signature of a JSON Web Token with beans of type ReactiveSignatureConfiguration and SignatureConfiguration.
Reactive JSON Web Token (JWT) validator.
Signature configuration which enables verification of remote JSON Web Key Set.
An ReactiveAuthenticationProvider that delegates to an OAuth 2.0 provider using the password grant flow.
An ReactiveAuthenticationProvider that delegates to an OpenID provider using the password grant flow.
Validates an OpenID token response.
Reactive Signature Configuration.
 
ConfigurationProperties implementation of RedirectConfiguration.
Forbidden redirect configuration.
Forbidden redirect configuration.
Unauthorized redirect configuration.
A marker contract to indicate the login handler returns redirecting responses.
Get redirection URLs combining context path and redirect configuration.
Configuration about where to redirect after a successful refresh request.
Configuration for the SignedRefreshTokenGenerator.
ConfigurationProperties implementation of RefreshTokenConfiguration to configure SignedRefreshTokenGenerator.
Configuration for the refresh token cookie.
 
Triggered when a JWT refresh token is generated.
Responsible for generating refresh tokens.
Refresh Token Grant.
Responsible for persisting refresh tokens and retrieving user details by a refresh token.
Responsible for validating a refresh token is in a valid format.
Implementation of JwksClient that uses the Nimbus library's built-in com.nimbusds.jose.util.ResourceRetriever interface.
Authentication Flows response types.
Revocation endpoint configuration.
Retrieves roles from token claims.
RSA encryption configuration.
 
RSA signature.
Encapsulates RSA Signature Configuration.
RSA signature Generator.
Encapsulates RSA Signature Generation Configuration.
SHA-256 based PKCE Generator.
SAML 2.0 bearer assertion grant.
Implementation of SearchSettings that derives values from an instance of LdapConfiguration.SearchConfiguration.
Generic functional interface that returns a list of search results from LDAP.
Contract to provide settings to search LDAP.
Secret encryption configuration.
Encapsulates Secret Encryption Configuration.
 
Create a ConfigurationProperties bean for each sub-property of micronaut.security.token.jwt.signatures.secret.*.
Used to mark a route as requiring authorization before execution.
Security rule implementation for the Secured annotation.
Context for supporting Secured annotation expressions with object references.
Registers Security Evaluation Context.
A contract for an endpoint that requires authentication.
Configuration extension of EndpointConfiguration for endpoints which require authentication.
A contract for a grant that requires authentication.
An implementation of HashMap that also implements SecureGrant.
Defines security configuration properties.
Stores configuration for JWT.
Base class for security events.
Security Filter.
Configuration for SecurityFilter.
ConfigurationProperties implementation of SecurityFilterConfiguration.
Informs the SecurityFilter filter what to do with the given request.
The result of a security rule check.
Provides a set of convenient methods related to authentication and authorization.
Session-based Authentication configuration.
Registers security TypeConverters.
Finds any sensitive endpoints and processes requests that match their id.
An implementation of the Authentication interfaced intended to be used on the server side to create authentication objects from user data found through any means.
Utility methods to prepend a URL with the context path provided via ServerContextPathProvider.
Attempts to retrieve an instance of Authentication from Session.
A condition to check for session authentication mode.
A RedirectingLoginHandler implementation for session based authentication.
LogoutHandler implementation for Session-Based Authentication.
Persists the state in the session.
Persists the Proof of Key Exchange (PKCE) code_verifier in the session.
Persists the state in the session.
Condition which evaluates to true if SHA-256 algorithm is supported.
Signature configuration.
Signature Generator configuration.
The default implementation of RefreshTokenGenerator and RefreshTokenValidator.
Represents the state sent in the authorization request and returned in the authorization response.
State retrieval.
Base class to extend from that handles state retrieval and caching.
Generates a state parameter.
Persists the state for later retrieval necessary for validation.
Responsible for serialization and de-serialization of the state.
Configuration options for state validation.
Validates a state parameter.
Configuration JSON Web Key Sets defined as static resources.
Creates a bean of type StaticJwksSignatureConfiguration per `micronaut.security.token.jwt.signatures.jwks-static.*`.
Validate JWT subject claim is not null.
Successful authentication scenario.
 
 
Creates an Authentication object from a token.
Attempts to retrieve a token form the HttpRequest and if existing validated.
Defines Security Token Configuration.
Defines Security Token Configuration.
Clears the cookie configured via CookieLoginHandler.
Represents configuration for a cookie that will store a token.
 
 
Reads the token from the configured io.micronaut.security.token.jwt.cookie.
Responsible for sending requests to a token endpoint.
TokenEndpoint Configuration.
 
Represent the response of an authorization server to an invalid access token request.
Responsible for generating token strings.
Token propagation Configuration.
Token Propagation Configuration Properties.
HttpClientFilter to enable Token propagation.
Responsible for retrieving and writing tokens for the purpose of propagation between services.
Responsible for reading the token data from a request.
Encapsulate the request to get a new access token.
Responsible for converting token information to an AccessRefreshToken.
Represents the context of a token endpoint request.
Returns the token from the provided request.
Represent the response of an authorization server to a valid access token request.
Triggered when a token is validated.
Responsible for token validation and claims retrieval.
Configuration about where to redirect if unauthorized.
An annotation for use with Micronaut Data entities that will cause the annotated field to be automatically populated on both save and update with the identity of the currently authenticated user.
 
An Authentication derived from an X509Certificate.
Binds the authentication if it's an X509Authentication to a route argument.
Creates an Authentication if an X.509 client certificate is present and a name (CN) can be extracted.
X.509 authentication configuration.
Configuration for X.509 authentication.