pacs_system/oauth2__config_8h_source.html

// BSD 3-Clause License

// Copyright (c) 2021-2025, 🍀☀🌕🌥 🌊

// See the LICENSE file in the project root for full license information.


#pragma once


#include <cstdint>

#include <string>

#include <vector>


namespace kcenon::pacs::web::auth {


struct oauth2_config {

    bool enabled = false;


    std::string issuer;


    std::string audience;


    std::string jwks_url;


    std::uint32_t clock_skew_seconds = 60;


    std::vector<std::string> allowed_algorithms = {"RS256", "ES256"};


    bool allow_unknown_users = false;

};


}  // namespace kcenon::pacs::web::auth

kcenon::pacs::web::auth
Definition jwks_provider.h:29

kcenon::pacs::web::auth::oauth2_config
OAuth 2.0 configuration for DICOMweb authorization.
Definition oauth2_config.h:30

kcenon::pacs::web::auth::oauth2_config::enabled
bool enabled
Enable OAuth 2.0 authorization (disabled by default for backward compat)
Definition oauth2_config.h:32

kcenon::pacs::web::auth::oauth2_config::audience
std::string audience
Expected audience (aud claim). Empty = skip audience validation.
Definition oauth2_config.h:38

kcenon::pacs::web::auth::oauth2_config::clock_skew_seconds
std::uint32_t clock_skew_seconds
Allowed clock skew in seconds for exp/nbf validation.
Definition oauth2_config.h:44

kcenon::pacs::web::auth::oauth2_config::jwks_url
std::string jwks_url
JWKS endpoint URL for public key retrieval.
Definition oauth2_config.h:41

kcenon::pacs::web::auth::oauth2_config::allow_unknown_users
bool allow_unknown_users
Allow unknown OAuth users not found in RBAC to access as Viewer When false (default): unknown users r...
Definition oauth2_config.h:52

kcenon::pacs::web::auth::oauth2_config::issuer
std::string issuer
Expected token issuer (iss claim). Empty = skip issuer validation.
Definition oauth2_config.h:35

kcenon::pacs::web::auth::oauth2_config::allowed_algorithms
std::vector< std::string > allowed_algorithms
Allowed signing algorithms (default: RS256, ES256)
Definition oauth2_config.h:47