Package dev.relism.flash.ext.oidc

Class OidcExtension

java.lang.Object
dev.relism.flash.ext.oidc.OidcExtension
All Implemented Interfaces:
FlashExtension
public class OidcExtension extends Object implements FlashExtension
Full OIDC Authorization Code + PKCE flow for Flash.

At provide(dev.relism.flash.extension.FlashContext), the extension:

  1. Fetches the provider discovery document — fail-fast at startup.
  2. Provides OidcMiddleware and JwtValidator in the context.
  3. Registers annotation processors for Authenticated, RolesAllowed and ScopesAllowed.

At routes(dev.relism.flash.extension.FlashRegistrar<?>, dev.relism.flash.extension.FlashContext), three routes are registered:

  • GET {prefix}/login — builds the authorization URL and redirects.
  • GET {prefix}/callback — exchanges the code, creates a session, redirects.
  • POST {prefix}/logout — invalidates the session, redirects to provider end-session endpoint (if available) or to OidcConfig.postLogoutRedirectUri().

 // Keycloak
 app.install(new OidcExtension(
     OidcConfig.builder(
             "https://keycloak.example.com/realms/myrealm",
             "my-app", "secret", "/auth/callback")
         .rolesClaimPath("realm_access.roles")
         .build()));

 // Two providers / tenants on one server
 app.install(new OidcExtension(tenantAConfig))
    .install(new OidcExtension(tenantBConfig));