client config OAuth2 Authentication
| Property | Description |
|---|---|
nessie.authentication.oauth2.issuer-url | OAuth2 issuer URL. The root URL of the OpenID Connect identity issuer provider, which will be used for discovering supported endpoints and their locations. For Keycloak, this is typically the realm URL: https://<keycloak-server>/realms/<realm-name>. Endpoint discovery is performed using the OpenID Connect Discovery metadata published by the issuer. See OpenID Connect Discovery 1.0 for more information. Either this property or ( nessie.authentication.oauth2.token-endpoint) must be set. |
nessie.authentication.oauth2.token-endpoint | URL of the OAuth2 token endpoint. For Keycloak, this is typically https://<keycloak-server>/realms/<realm-name>/protocol/openid-connect/token . Either this property or ( nessie.authentication.oauth2.issuer-url) must be set. In case it is not set, the token endpoint will be discovered from the issuer URL (nessie.authentication.oauth2.issuer-url), using the OpenID Connect Discovery metadata published by the issuer. |
nessie.authentication.oauth2.grant-type | The grant type to use when authenticating against the OAuth2 server. Valid values are: * “client_credentials” * “password” * “authorization_code” * “device_code” * “token_exchange” Optional, defaults to “client_credentials”. |
nessie.authentication.oauth2.client-id | Client ID to use when authenticating against the OAuth2 server. Required if using OAuth2 authentication, ignored otherwise. |
nessie.authentication.oauth2.client-secret | Client secret to use when authenticating against the OAuth2 server. Required if using OAuth2 authentication, ignored otherwise. |
nessie.authentication.oauth2.client-scopes | Space-separated list of scopes to include in each request to the OAuth2 server. Optional, defaults to empty (no scopes). The scope names will not be validated by the Nessie client; make sure they are valid according to RFC 6749 Section 3.3 . |