Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. This interceptor does Session Management and can thereby translate Session IDs to OAuth2/OIDC Access Tokens. Beyond regular OIDC-compliant authorization servers, this interceptor can also be used with Azure B2C.
Attributes
| Name | Required | Default | Description | Examples |
|---|
| afterErrorUrl | false | - | - | - |
| afterLogoutUrl | false | - | - | - |
| appendAccessTokenToRequest | false | - | - | - |
| callbackPath | false | oauth2callback | the path used for the OAuth2 callback. ensure that it does not collide with any path used by the application | - |
| customHeaderUserPropertyPrefix | false | null | A user property prefix (e.g. "header"), which can be used to make the interceptor emit custom per-user headers. For example, if you have a user property "headerX: Y" on a user U, and the user U logs in, all requests belonging to this user will have an additional HTTP header "X: Y". If null, this feature is disabled. | - |
| logoutUrl | false | - | Path (as seen by the user agent) to call to trigger a log out. If the Authorization Server supports OpenID Connect RP-Initiated Logout 1.0, the user logout ("single log out") will be triggered there as well. | - |
| onlyRefreshToken | false | - | - | - |
| revalidateTokenAfter | false | -1 | time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0 | - |
| skipUserInfo | false | - | - | - |
Child Elements
Can be used in