Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the authorization server as response. This interceptor does Session Management and can thereby translate Session IDs to OAuth2/OIDC Access Tokens. Beyond regular OIDC-compliant authorization servers, this interceptor can also be used with Azure B2C.

Syntax

oauth2Resource2:
  '$ref': <string>
  afterErrorUrl: <string>
  afterLogoutUrl: <string>
  appendAccessTokenToRequest: <boolean>
  callbackPath: <string>
  cookieOriginalExchangeStore: {}
  customHeaderUserPropertyPrefix: <string>
  github: {}
  google: {}
  inMemorySessionManager2: {}
  jwtSessionManager: {}
  loginParameters:
    - <loginParameter>
  logoutUrl: <string>
  membrane: {}
  memcachedOriginalExchangeStore: {}
  memcachedSessionManager: {}
  microsoftEntraID: {}
  onlyRefreshToken: <boolean>
  publicURL: <string>
  redisOriginalExchangeStore: {}
  redisSessionManager: {}
  revalidateTokenAfter: <number>
  sessionOriginalExchangeStore: {}
  skipUserInfo: <boolean>

oauth2Resource2:
  '$ref': <string>
  afterErrorUrl: <string>
  afterLogoutUrl: <string>
  appendAccessTokenToRequest: <boolean>
  callbackPath: <string>
  cookieOriginalExchangeStore: {}
  customHeaderUserPropertyPrefix: <string>
  github: {}
  google: {}
  inMemorySessionManager2: {}
  jwtSessionManager: {}
  loginParameters:
    - <loginParameter>
  logoutUrl: <string>
  membrane: {}
  memcachedOriginalExchangeStore: {}
  memcachedSessionManager: {}
  microsoftEntraID: {}
  onlyRefreshToken: <boolean>
  publicURL: <string>
  redisOriginalExchangeStore: {}
  redisSessionManager: {}
  revalidateTokenAfter: <number>
  sessionOriginalExchangeStore: {}
  skipUserInfo: <boolean>

Attributes

Name	Required	Default	Description	Examples
$ref	false	-	Reference a component defined under components.	-
afterErrorUrl	false	-	-	-
afterLogoutUrl	false	-	-	-
appendAccessTokenToRequest	false	-	-	-
callbackPath	false	oauth2callback	the path used for the OAuth2 callback. ensure that it does not collide with any path used by the application	-
customHeaderUserPropertyPrefix	false	null	A user property prefix (e.g. "header"), which can be used to make the interceptor emit custom per-user headers. For example, if you have a user property "headerX: Y" on a user U, and the user U logs in, all requests belonging to this user will have an additional HTTP header "X: Y". If null, this feature is disabled.	-
logoutUrl	false	-	Path (as seen by the user agent) to call to trigger a log out. If the Authorization Server supports OpenID Connect RP-Initiated Logout 1.0, the user logout ("single log out") will be triggered there as well.	-
onlyRefreshToken	false	-	-	-
revalidateTokenAfter	false	-1	time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0	-
skipUserInfo	false	-	-	-

Child Structure

Element	Cardinality	Description
cookieOriginalExchangeStore	0..1
github	0..1
google	0..1
inMemorySessionManager2	0..1
jwtSessionManager	0..1
loginParameter	0..*
membrane	0..1
memcachedOriginalExchangeStore	0..1
memcachedSessionManager	0..1
microsoftEntraID	0..1
publicURL	0..1
redisOriginalExchangeStore	0..1	Used for storing exchanges temporarily in Redis. Supports authentication with or without password and username
redisSessionManager	0..1
sessionOriginalExchangeStore	0..1

Can be used in

abort api case chain components for global if interceptor internal otherwise proxy registration request response serviceProxy soapProxy stompProxy time transport wsStompReassembler