Allows only authorized HTTP requests to pass through. Unauthorized requests get a redirect to the
authorization server as response.
| Name | Required | Default | Description | Example |
|---|
| afterErrorUrl |
false |
- |
- |
- |
| customHeaderUserPropertyPrefix |
false |
null
|
A user property prefix (e.g. "header"), which can be used to make the interceptor emit custom per-user headers.
For example, if you have a user property "headerX: Y" on a user U, and the user U logs in, all requests belonging to this
user will have an additional HTTP header "X: Y". If null, this feature is disabled. |
- |
| callbackPath |
false |
oauth2callback
|
the path used for the OAuth2 callback. ensure that it does not collide with any path used by the application |
- |
| logoutUrl |
false |
- |
Path (as seen by the user agent) to call to trigger a log out.
If the Authorization Server supports <a href="https://openid.net/specs/openid-connect-rpinitiated-1_0.html">OpenID
Connect RP-Initiated Logout 1.0</a>, the user logout ("single log out") will be triggered there as well. |
- |
| appendAccessTokenToRequest |
false |
- |
- |
- |
| afterLogoutUrl |
false |
- |
- |
- |
| onlyRefreshToken |
false |
- |
- |
- |
| revalidateTokenAfter |
false |
-1
|
time in seconds until a oauth2 access token is revalidatet with authorization server. This is disabled for values < 0 |
- |
| skipUserInfo |
false |
- |
- |
- |