Configuration
Application Properties
jmix.authserver.post-logout-url-redirect-parameter-name
Name of a URL parameter of the /logout
request containing a URL to which the user will be redirected after successful logout.
Default value: not set
jmix.authserver.use-default-configuration
Specifies whether the default auto-configuration that sets up authorization server and resource server should be used. If you need to completely rewrite the default configuration, set this property to false
and define your own configuration classes.
Default value: true
jmix.authserver.use-in-memory-authorization-service
If set to true
, uses in-memory storage instead of storing tokens in the database.
Default value: false
jmix.authserver.use-referer-post-logout
If set to true
, the referer
header value is used as the post logout redirect URL.
It has lower priority than the URL set by the jmix.authserver.post-logout-url-redirect-parameter-name property.
Default value: false
jmix.authserver.logout-access-token-header-name
Name of the header to check for access token during logout. Found token will be removed.
Header should contain bearer token: Bearer xxxxx
.
Custom header may be useful in some specific use cases or due to technical limitation.
In most cases default Authorization
header will be enough.
For example: jmix.authserver.logout-access-token-header-name = Custom-Authorization
Header is the only source of token by default. For additional sources check jmix.authserver.logout-access-token-url-parameter-name and jmix.authserver.logout-access-token-body-form-parameter-name
Default value: Authorization
jmix.authserver.logout-access-token-url-parameter-name
Name of the URL parameter to check for access token during logout. Found token will be removed.
For example: jmix.authserver.logout-access-token-url-parameter-name = access_token
This check is disabled by default. To enable it see jmix.authserver.logout-url-parameter-check-for-token-enabled
Default value: token
jmix.authserver.logout-access-token-body-form-parameter-name
Name of the body form parameter to check for access token during logout. Found token will be removed.
For example: jmix.authserver.logout-access-token-body-form-parameter-name = access_token
This check is disabled by default. To enable it see jmix.authserver.logout-body-form-parameter-check-for-token-enabled
Default value: token