Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the
authorization server as response.
This interceptor does Session Management and can thereby translate Session IDs to OAuth2/OIDC Access Tokens.
Beyond regular OIDC-compliant authorization servers, this interceptor can also be used with Azure B2C.
| Name | Required | Default | Description | Examples |
|---|
| afterErrorUrl |
false |
- |
- |
- |
| customHeaderUserPropertyPrefix |
false |
null
|
A user property prefix (e.g. "header"), which can be used to make the interceptor emit custom per-user headers. For example, if you have a user property "headerX: Y" on a user U, and the user U logs in, all requests belonging to this user will have an additional HTTP header "X: Y". If null, this feature is disabled.
|
- |
| callbackPath |
false |
oauth2callback
|
the path used for the OAuth2 callback. ensure that it does not collide with any path used by the application
|
- |
| logoutUrl |
false |
- |
Path (as seen by the user agent) to call to trigger a log out. If the Authorization Server supports OpenID Connect RP-Initiated Logout 1.0, the user logout ("single log out") will be triggered there as well.
|
- |
| appendAccessTokenToRequest |
false |
- |
- |
- |
| afterLogoutUrl |
false |
- |
- |
- |
| onlyRefreshToken |
false |
- |
- |
- |
| revalidateTokenAfter |
false |
-1
|
time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0
|
- |
| skipUserInfo |
false |
- |
- |
- |