Class JwkSetSecretStoreHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.secrets.JwkSetSecretStoreHeaplet
All Implemented Interfaces:
Heaplet

public class JwkSetSecretStoreHeaplet extends GenericHeaplet
This heaplet represents an instance of a JwkSetSecretStore resolving secrets from an URL of a JSON Web Key Set(JWKSet).
 {
       "type": "JwkSetSecretStore",
       "config": {
         "jwkUrl":                 expression                 [REQUIRED - URL to the JwkSet.]
         "leaseExpiry":            expression<duration>       [OPTIONAL - defaults to 5 minutes.]
         "handler":                handler                    [OPTIONAL - the handler to GET the JWKs URL,
                                                                        - default to ClientHandler.]
         "cacheTimeout":           duration                   [OPTIONAL - cache timeout to avoid reloading the cache
                                                                          all the time when doing encryption -
                                                                          default is "2 minutes".]
         "cacheMissCacheTime":     duration                   [OPTIONAL - the cache time before reloading the cache
                                                                          in case of a cache miss -
                                                                          default is "2 minutes".]
       }
    }
 
Note: since 7.0.0 the cacheTimeout cannot be deactivated. Its value can not be lower than 10 seconds.

Example:

 {
       "type": "JwkSetSecretStore",
       "config": {
         "jwkUrl": "http://openam.example.com:8090/openam/oauth2/connect/jwk_uri",
         "handler": "ClientHandler"
       }
    }
 
See Also: