Configuration Reference

micronaut.security.authentication

AuthenticationMode

Defines which authentication to use. Defaults to null. Possible values bearer, session, cookie, idtoken. Should only be supplied if the service handles login and logout requests.

micronaut.security.enabled

boolean

If Security is enabled. Default value true

micronaut.security.intercept-url-map

java.util.List

Map that defines the interception patterns.

micronaut.security.ip-patterns

java.util.List

Allowed IP patterns. Default value (["0.0.0.0"])

micronaut.security.intercept-url-map-prepend-pattern-with-context-path

boolean

Whether the intercept URL patterns should be prepended with context path if defined. Defaults to true.

micronaut.security.authentication-provider-strategy

AuthenticationStrategy

Determines how authentication providers should be processed. Default value ANY. Possible values: ANY or ALL.

micronaut.security.reject-not-found

boolean

Whether the server should respond with 401 for requests that do not match any routes on the server, if you set it to false, it will return 404 for requests that do not match any routes on the server. Default value (true).

micronaut.security.basic-auth.enabled

boolean

Enables the {@link BasicAuthAuthenticationFetcher}. Default value true.

micronaut.security.endpoints.introspection.enabled

boolean

Enables IntrospectionController. Default value true

micronaut.security.endpoints.introspection.path

java.lang.String

Path to the IntrospectionController. Default value "/token_info"

micronaut.security.endpoints.login.post-content-types

java.util.Set

Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded

micronaut.security.endpoints.login.unsupported-post-content-type-status

int

Status code for unsupported content type. Default to 404

micronaut.security.endpoints.login.enabled

boolean

Enables the controller.

micronaut.security.endpoints.login.path

java.lang.String

Path to the controller.

micronaut.security.endpoints.logout.post-content-types

java.util.Set

Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded

micronaut.security.endpoints.logout.unsupported-post-content-type-status

int

Status code for unsupported content type. Default to 404

micronaut.security.endpoints.logout.enabled

boolean

Enables LogoutController. Default value true.

micronaut.security.endpoints.logout.path

java.lang.String

Path to the LogoutController. Default value "/logout".

micronaut.security.endpoints.logout.get-allowed

boolean

Enables HTTP GET invocations of LogoutController. Default value (false).

micronaut.security.endpoints.oauth.post-content-types

java.util.Set

Supported content types for POST endpoints. Default Value application/json and application/x-www-form-urlencoded

micronaut.security.endpoints.oauth.unsupported-post-content-type-status

int

Status code for unsupported content type. Default to 404

micronaut.security.endpoints.oauth.enabled

boolean

Sets whether the {@link OauthController} is enabled. Default value (true).

micronaut.security.endpoints.oauth.path

java.lang.String

Sets the path to map the {@link OauthController} to. Default value ("/oauth/access_token").

micronaut.security.endpoints.oauth.get-allowed

boolean

Enables HTTP GET invocations of refresh token requests. Only applies to requests sending a cookie (JWT_REFRESH_TOKEN). Default value (true).

micronaut.security.filter.enabled

boolean

Enables {@link SecurityFilter}. Default value true

micronaut.security.filter.path

java.lang.String

Pattern the {@link SecurityFilter} should match. Default value /**. URLS NOT MATCHED BY PREVIOUS PATTERN ARE NOT SECURED

micronaut.security.redirect.login-success

java.lang.String

Where the user is redirected to after a successful login. Default value ("/").

micronaut.security.redirect.login-failure

java.lang.String

Where the user is redirected to after a failed login. Default value ("/").

micronaut.security.redirect.logout

java.lang.String

URL where the user is redirected after logout. Default value ("/").

micronaut.security.redirect.prior-to-login

boolean

If true, the user should be redirected back to the unauthorized request that initiated the login flow. Supersedes the <code>login-success</code> configuration for those cases. Default value false.

micronaut.security.redirect.enabled

boolean

Sets whether Redirection configuration enabled. Default value (true).

micronaut.security.redirect.forbidden.url

java.lang.String

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.redirect.forbidden.enabled

boolean

Whether it should redirect on forbidden rejections. Default value (true).

micronaut.security.redirect.refresh.url

java.lang.String

Where the user is redirected to after trying to access a secured route which he is forbidden to access. Default value ("/").

micronaut.security.redirect.refresh.enabled

boolean

Whether it should redirect on forbidden rejections. Default value (true).

micronaut.security.redirect.unauthorized.url

java.lang.String

Where the user is redirected to after trying to access a secured route. Default value ("/").

micronaut.security.redirect.unauthorized.enabled

boolean

Whether it should redirect on unauthorized rejections. Default value (true).

micronaut.security.token.enabled

boolean

Sets whether the configuration is enabled. Default value true.

micronaut.security.token.roles-name

java.lang.String

Authentication attributes map key for the user’s roles. Default value "roles".

micronaut.security.token.name-key

java.lang.String

Authentication attributes map key for the user’s name. Default value "sub".

micronaut.security.token.roles-separator

java.lang.String

If the entry used for the roles in the Authentication attributes map is a String, you can use the separator to split its value into multiple roles. Default value DEFAULT_ROLES_SEPARATOR.

micronaut.security.token.bearer.enabled

boolean

Set whether to enable bearer token authentication. Default value true.

micronaut.security.token.bearer.prefix

java.lang.String

Sets the prefix to use for the auth token. Default value Bearer.

micronaut.security.token.bearer.header-name

java.lang.String

Sets the header name to use. Default value Authorization.

micronaut.security.token.cookie.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.token.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie.

micronaut.security.token.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value ({@value #DEFAULT_HTTPONLY}).

micronaut.security.token.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.token.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie.

micronaut.security.token.cookie.cookie-same-site

SameSite

Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: Strict, Lax or None.

micronaut.security.token.cookie.enabled

boolean

Sets whether JWT cookie configuration is enabled. Default value (true).

micronaut.security.token.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("JWT").

micronaut.security.token.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.token.generator.access-token.expiration

java.lang.Integer

Access token expiration. Default value (3600).

micronaut.security.token.propagation.service-id-regex

java.lang.String

a regular expression to match the service id.

micronaut.security.token.propagation.uri-regex

java.lang.String

a regular expression to match the uri.

micronaut.security.token.propagation.service-id-pattern

java.util.regex.Pattern

micronaut.security.token.propagation.uri-pattern

java.util.regex.Pattern

micronaut.security.token.propagation.enabled

boolean

Enables TokenPropagationHttpClientFilter. Default value false

micronaut.security.token.propagation.path

java.lang.String

Configures TokenPropagationHttpClientFilter path. Default value "/**"

micronaut.security.token.propagation.header.enabled

boolean

Enable HttpHeaderTokenPropagator. Default value (true).

micronaut.security.token.propagation.header.prefix

java.lang.String

Value prefix for Http Header. Default value ("Bearer").

micronaut.security.token.propagation.header.header-name

java.lang.String

Http Header to be used to propagate the token. Default value ("Authorization")

micronaut.security.token.refresh.cookie.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.token.refresh.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie.

micronaut.security.token.refresh.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value ({@value #DEFAULT_HTTPONLY}).

micronaut.security.token.refresh.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.token.refresh.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie.

micronaut.security.token.refresh.cookie.cookie-same-site

SameSite

Sets the same-site setting of the cookie. Default value null. Value is case sensitive. Allowed values: Strict, Lax or None.

micronaut.security.token.refresh.cookie.enabled

boolean

Sets whether JWT cookie configuration is enabled. Default value (true).

micronaut.security.token.refresh.cookie.cookie-name

java.lang.String

Cookie Name. Default value ("JWT_REFRESH_TOKEN").

micronaut.security.token.refresh.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value (OauthControllerConfigurationProperties.DEFAULT_PATH).

micronaut.security.x509.subject-dn-regex

java.lang.String

Set the Subject DN regex. Default value "CN=(.*?)(?:,

$)".

micronaut.security.x509.enabled

boolean

Enables the {@link X509AuthenticationFetcher}. Default value false.

micronaut.security.csrf.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.csrf.signature-key

java.lang.String

The Secret Key that is used to calculate an HMAC as part of a CSRF token generation. Default Value null.

micronaut.security.csrf.http-session-name

java.lang.String

Key to look for the CSRF token in an HTTP Session. Default Value: "csrfToken".

micronaut.security.csrf.random-value-size

int

Random value’s size in bytes. The random value used is used to build a CSRF Token. Default Value: 16.

micronaut.security.csrf.header-name

java.lang.String

HTTP Header name to look for the CSRF token. Default Value: "X-CSRF-TOKEN".

micronaut.security.csrf.field-name

java.lang.String

Field name in a form url encoded submission to look for the CSRF token. Default Value: "csrfToken".

micronaut.security.csrf.enabled

boolean

Whether the CSRF integration is enabled. Default value true.

micronaut.security.csrf.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.csrf.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.csrf.cookie-name

java.lang.String

Cookie Name.

micronaut.security.csrf.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.csrf.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.csrf.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value ({@value AccessTokenConfigurationProperties#DEFAULT_EXPIRATION} seconds).

micronaut.security.csrf.cookie-same-site

SameSite

Cookie Same Site Configuration. It defaults to Strict.

micronaut.security.csrf.filter.methods

java.util.Set

Filter will only process requests whose method matches any of these methods. Default Value is POST, PUT, DELETE, PATCH.

micronaut.security.csrf.filter.content-types

java.util.Set

Filter will only process requests whose content type matches any of these content types. Default Value is application/x-www-form-urlencoded, multipart/form-data.

micronaut.security.csrf.filter.enabled

boolean

Whether the filter is enabled. Default value true.

micronaut.security.csrf.filter.regex-pattern

java.lang.String

CSRF filter processes only request paths matching this regular expression. Default Value: "^.*$"

micronaut.security.endpoints.keys.enabled

boolean

Enables KeysController. Default value true.

micronaut.security.endpoints.keys.path

java.lang.String

Path to the KeysController. Default value "/keys".

micronaut.security.token.jwt.enabled

boolean

Sets whether JWT security is enabled. Default value (true).

micronaut.security.token.jwt.claims-validators.issuer

java.lang.String

Whether the iss claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.

micronaut.security.token.jwt.claims-validators.audience

java.lang.String

Whether the aud claim should be validated to ensure it matches this value. It defaults to null, thus it is not validated.

micronaut.security.token.jwt.claims-validators.subject-not-null

boolean

Whether the JWT subject claim should be validated to ensure it is not null. Default value true.

micronaut.security.token.jwt.claims-validators.not-before

boolean

Whether it should be validated that validation time is not before the not-before claim (nbf) of a JWT token.

micronaut.security.token.jwt.claims-validators.expiration

boolean

Whether the expiration date of the JWT should be validated. Default value true.

micronaut.security.token.jwt.claims-validators.nonce

boolean

Whether the nonce claim should be validated when a nonce was present. Default value true.

micronaut.security.token.jwt.claims-validators.openid-idtoken

boolean

Whether IdTokenClaimsValidator, which performs some fo the verifications described in OpenID Connect Spec, is enabled. Default value true. Only applies for idtoken authentication mode.

micronaut.security.token.jwt.encryptions.secret.*.secret

java.lang.String

Secret used for encryption configuration.

micronaut.security.token.jwt.encryptions.secret.*.jwe-algorithm

com.nimbusds.jose.JWEAlgorithm

{@link com.nimbusds.jose.JWEAlgorithm}.

micronaut.security.token.jwt.encryptions.secret.*.encryption-method

com.nimbusds.jose.EncryptionMethod

{@link com.nimbusds.jose.EncryptionMethod}.

micronaut.security.token.jwt.generator.refresh-token.enabled

boolean

Sets whether SignedRefreshTokenGenerator is enabled. Default value (true).

micronaut.security.token.jwt.generator.refresh-token.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256

micronaut.security.token.jwt.generator.refresh-token.secret

java.lang.String

shared secret. For HS256 must be at least 256 bits.

micronaut.security.token.jwt.generator.refresh-token.base64

boolean

Indicates whether the supplied secret is base64 encoded. Default value false.

micronaut.security.token.jwt.nimbus.reactive-validator

boolean

Whether the bean {@link NimbusReactiveJsonWebTokenValidator} is enabled. Default value true.

micronaut.security.token.jwt.nimbus.validator

boolean

Whether the bean {@link NimbusJsonWebTokenValidator} is enabled. Default value true.

micronaut.security.token.jwt.nimbus.reactive-validator-execute-on-blocking

boolean

Whether {@link NimbusReactiveJsonWebTokenValidator} should subscribe on a scheduler created with the blocking task executor. Default value false.

micronaut.security.token.jwt.signatures.jwks-static.*.path

java.lang.String

A path either starting with classpath: or file:. You can serve a JSON JWKS from anywhere on disk or the classpath. For example to serve static resources from src/main/resources/security/jwks.json, you would use classpath:security/jwks.json as the path.

micronaut.security.token.jwt.signatures.jwks.*.cache-expiration

java.lang.Integer

JWKS cache expiration. Default value 60 seconds.

micronaut.security.token.jwt.signatures.jwks.*.url

java.lang.String

Remote JSON Web Key set url. e.g. https://…​/.well-known/jwks.json

micronaut.security.token.jwt.signatures.jwks.*.key-type

com.nimbusds.jose.jwk.KeyType

Representation of the kty parameter in a JSON Web Key (JWK). Default value (RSA).

micronaut.security.token.jwt.signatures.secret.*.jws-algorithm

com.nimbusds.jose.JWSAlgorithm

{@link com.nimbusds.jose.JWSAlgorithm}. Defaults to HS256

micronaut.security.token.jwt.signatures.secret.*.secret

java.lang.String

Secret used to sign JWT. Length must be at least 256 bits.

micronaut.security.token.jwt.signatures.secret.*.base64

boolean

Indicates whether the supplied secret is base64 encoded.

micronaut.security.ldap.*.enabled

boolean

Sets whether this configuration is enabled. Default true.

micronaut.security.ldap.*.context.server

java.lang.String

Sets the server URL.

micronaut.security.ldap.*.context.manager-dn

java.lang.String

Sets the manager DN.

micronaut.security.ldap.*.context.manager-password

java.lang.String

Sets the manager password.

micronaut.security.ldap.*.context.factory

java.lang.String

Sets the context factory class. Default "com.sun.jndi.ldap.LdapCtxFactory"

micronaut.security.ldap.*.context.properties

java.util.Map

Any additional properties that should be passed to {@link javax.naming.directory.InitialDirContext#InitialDirContext(java.util.Hashtable)}.

micronaut.security.ldap.*.groups.subtree

boolean

Sets if the subtree should be searched. Default true

micronaut.security.ldap.*.groups.base

java.lang.String

Sets the base DN to search from.

micronaut.security.ldap.*.groups.filter

java.lang.String

Sets the group search filter. Default "uniquemember={0}"

micronaut.security.ldap.*.groups.attribute

java.lang.String

Sets the group attribute name. Default "cn"

micronaut.security.ldap.*.groups.enabled

boolean

Sets if group search is enabled. Default false

micronaut.security.ldap.*.groups.filter-attribute

java.lang.String

Sets the name of the user attribute to bind to the group search filter. Defaults to the user’s DN.

micronaut.security.ldap.*.search.subtree

boolean

Sets if the subtree should be searched. Default true

micronaut.security.ldap.*.search.base

java.lang.String

Sets the base DN to search.

micronaut.security.ldap.*.search.filter

java.lang.String

Sets the search filter. Default "(uid={0})"

micronaut.security.ldap.*.search.attributes

java.lang.String

Sets the attributes to return. Default all

micronaut.security.oauth2.enabled

boolean

Sets whether the OAuth 2.0 support is enabled. Default value (true).

micronaut.security.oauth2.login-uri

java.lang.String

The URI template that is used to initiate an OAuth 2.0 authorization code grant flow. Default value ("/oauth/login{/provider}").

micronaut.security.oauth2.callback-uri

java.lang.String

The URI template that OAuth 2.0 providers can use to submit an authorization callback request. Default value ("/oauth/callback{/provider}").

micronaut.security.oauth2.default-provider

java.lang.String

The default authentication provider for an OAuth 2.0 authorization code grant flow.

micronaut.security.oauth2.clients.*.proxy-well-known-oauth-authorization-server

boolean

Whether a request to /.well-known/oauth-authorization-server should be proxied to the authorization server. Default to false.

micronaut.security.oauth2.clients.*.proxy-well-known-openid-configuration

boolean

Whether a request to /.well-known/openid-configuration should be proxied to the authorization server. Default to false.

micronaut.security.oauth2.clients.*.authorization-server

AuthorizationServer

Micronaut attempts to infer the authorization server used by the client based on the issuer. However, if you are using a custom domain, it may be impossible to infer it. You can set it explicitly via this property.

micronaut.security.oauth2.clients.*.client-id

java.lang.String

OAuth 2.0 client id.

micronaut.security.oauth2.clients.*.client-secret

java.lang.String

OAuth 2.0 client secret.

micronaut.security.oauth2.clients.*.enabled

boolean

Sets whether the client is enabled. Default value (true).

micronaut.security.oauth2.clients.*.scopes

java.util.List

Requested scopes. If not specified for OAuth 2.0 clients using OpenID Connect it defaults to profile, email and idtoken

micronaut.security.oauth2.clients.*.grant-type

GrantType

OAuth 2.0 grant type. Default value (authorization_code).

micronaut.security.oauth2.clients.*.authorization.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.authorization.code-challenge-method

java.lang.String

Code Challenge Method to use for PKCE.

micronaut.security.oauth2.clients.*.client-credentials.service-id-regex

java.lang.String

micronaut.security.oauth2.clients.*.client-credentials.uri-regex

java.lang.String

micronaut.security.oauth2.clients.*.client-credentials.advanced-expiration

java.time.Duration

Number of seconds for a token obtained via client credentials grant to be considered expired prior to its expiration date. Default value (30 seconds).

micronaut.security.oauth2.clients.*.client-credentials.scope

java.lang.String

Scope to be requested in the client credentials request. Defaults to none.

micronaut.security.oauth2.clients.*.client-credentials.enabled

boolean

Enables ClientCredentialsClient. Default value true

micronaut.security.oauth2.clients.*.client-credentials.additional-request-params

java.util.Map

Additional parameters included in the client-credentials flow.

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.enabled

boolean

Enable {@link ClientCredentialsHeaderTokenPropagatorConfiguration}. Default value (true).

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.prefix

java.lang.String

Value prefix for Http Header. Default value ({@value #DEFAULT_PREFIX}).

micronaut.security.oauth2.clients.*.client-credentials.header-propagation.header-name

java.lang.String

Http Header to be used to propagate the token. Default value ({@value #DEFAULT_HEADER_NAME})

micronaut.security.oauth2.clients.*.introspection.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.introspection.auth-method

AuthenticationMethod

Authentication Method

micronaut.security.oauth2.clients.*.introspection.authentication-method

java.lang.String

Authentication Method

micronaut.security.oauth2.clients.*.openid.protected-resource-metadata

boolean

Whether the protected resource metadata endpoint should expose the OpenID issuer as an authorization server. Default value: true.

micronaut.security.oauth2.clients.*.openid.issuer

java.net.URL

URL using the https scheme with no query or fragment component that the Open ID provider asserts as its issuer identifier.

micronaut.security.oauth2.clients.*.openid.configuration-path

java.lang.String

The configuration path to discover openid configuration. Default ("/.well-known/openid-configuration").

micronaut.security.oauth2.clients.*.openid.jwks-uri

java.lang.String

The JWKS signature URI.

micronaut.security.oauth2.clients.*.openid.authorization.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.authorization.response-type

ResponseType

Determines the authorization processing flow to be used. Default value (code).

micronaut.security.oauth2.clients.*.openid.authorization.response-mode

java.lang.String

Mechanism to be used for returning authorization response parameters from the authorization endpoint.

micronaut.security.oauth2.clients.*.openid.authorization.display

Display

Controls how the authentication interface is displayed.

micronaut.security.oauth2.clients.*.openid.authorization.prompt

Prompt

Controls how the authentication server prompts the user.

micronaut.security.oauth2.clients.*.openid.authorization.max-age

java.lang.Integer

Maximum authentication age.

micronaut.security.oauth2.clients.*.openid.authorization.ui-locales

java.util.List

Preferred locales for authentication.

micronaut.security.oauth2.clients.*.openid.authorization.acr-values

java.util.List

Authentication class reference values.

micronaut.security.oauth2.clients.*.openid.authorization.code-challenge-method

java.lang.String

Code Challenge Method to use for PKCE.

micronaut.security.oauth2.clients.*.openid.end-session.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.end-session.enabled

boolean

The end session enabled flag. Default value (true).

micronaut.security.oauth2.clients.*.openid.registration.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.openid.token.auth-method

AuthenticationMethod

Authentication Method

micronaut.security.oauth2.clients.*.openid.token.authentication-method

java.lang.String

Authentication Method

micronaut.security.oauth2.clients.*.openid.token.content-type

MediaType

The content type of token endpoint requests. Default value (application/x-www-form-urlencoded).

micronaut.security.oauth2.clients.*.openid.user-info.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.revocation.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.revocation.auth-method

AuthenticationMethod

Authentication Method

micronaut.security.oauth2.clients.*.revocation.authentication-method

java.lang.String

Authentication Method

micronaut.security.oauth2.clients.*.token.url

java.lang.String

The endpoint URL

micronaut.security.oauth2.clients.*.token.auth-method

AuthenticationMethod

Authentication Method

micronaut.security.oauth2.clients.*.token.authentication-method

java.lang.String

Authentication Method

micronaut.security.oauth2.openid.logout-uri

java.lang.String

The URI used to log out of an OpenID provider. Default value ("/oauth/logout").

micronaut.security.oauth2.openid.additional-claims.jwt

boolean

Set to true if the original JWT from the provider should be included in the Micronaut JWT. Default value (false).

micronaut.security.oauth2.openid.additional-claims.access-token

boolean

Set to true if the original access token from the provider should be included in the Micronaut JWT. Default value (false).

micronaut.security.oauth2.openid.additional-claims.refresh-token

boolean

Set to true if the original refresh token from the provider should be included in the Micronaut JWT. Default value (false).

micronaut.security.oauth2.openid.claims-validation.issuer

boolean

Whether IssuerClaimValidator is enabled. Default value (true).

micronaut.security.oauth2.openid.claims-validation.audience

boolean

Whether AudienceClaimValidator is enabled. Default value (true).

micronaut.security.oauth2.openid.claims-validation.authorized-party

boolean

Whether AuthorizedPartyClaimValidator is enabled. Default value (true).

micronaut.security.oauth2.openid.end-session.redirect-uri

java.lang.String

The URI the OpenID provider should redirect to after logging out. Default value ("/logout").

micronaut.security.oauth2.openid.nonce.persistence

java.lang.String

Sets the mechanism to persist the nonce for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.openid.nonce.enabled

boolean

Sets whether a nonce parameter will be sent. Default (true).

micronaut.security.oauth2.openid.nonce.cookie.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.oauth2.openid.nonce.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.openid.nonce.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.oauth2.openid.nonce.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.oauth2.openid.nonce.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.openid.nonce.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.openid.nonce.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.oauth2.pkce.entropy

int

entropy (in bytes) used for the code verifier generation. Default value 64.

micronaut.security.oauth2.pkce.persistence

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value (PERSISTENCE_COOKIE).

micronaut.security.oauth2.pkce.enabled

boolean

Sets whether a state parameter will be sent. Default (true).

micronaut.security.oauth2.pkce.cookie.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.oauth2.pkce.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.pkce.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.oauth2.pkce.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIE_NAME}.

micronaut.security.oauth2.pkce.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.pkce.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.pkce.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.oauth2.protected-resource-metadata.enabled

boolean

Whether /.well-known/oauth-protected-resource is exposed. Default value: true.

micronaut.security.oauth2.state.persistence

java.lang.String

Sets the mechanism to persist the state for later retrieval for validation. Supported values ("session", "cookie"). Default value ("cookie").

micronaut.security.oauth2.state.enabled

boolean

Sets whether a state parameter will be sent. Default (true).

micronaut.security.oauth2.state.cookie.session-cookie

boolean

Whether the cookie is a session cookie. A session cookie does not have an expiration date. cookie-max-age is ignored if session cookie is set to true. Default value (false).

micronaut.security.oauth2.state.cookie.cookie-domain

java.lang.String

Sets the domain name of this Cookie. Default value (null).

micronaut.security.oauth2.state.cookie.cookie-secure

java.lang.Boolean

Sets whether the cookie is secured. Defaults to the secure status of the request.

micronaut.security.oauth2.state.cookie.cookie-name

java.lang.String

Cookie Name. Default value {@link #DEFAULT_COOKIENAME}.

micronaut.security.oauth2.state.cookie.cookie-path

java.lang.String

Sets the path of the cookie. Default value ("/").

micronaut.security.oauth2.state.cookie.cookie-http-only

java.lang.Boolean

Whether the Cookie can only be accessed via HTTP. Default value (true).

micronaut.security.oauth2.state.cookie.cookie-max-age

java.time.Duration

Sets the maximum age of the cookie. Default value (5 minutes).

micronaut.security.session.enabled

boolean

Sets whether the session config is enabled. Default value (true).