The Imixs open source project today announced the release of Imixs-OIDC 3.0, a security module that combines OpenID Connect (OIDC) authentication flows with Bearer token validation in a single, unified architecture. This Jakarta EE 10 solution addresses the enterprise challenge of maintaining secure user authentication while providing robust API access control within one lightweight, framework-agnostic implementation.
Unified Authentication Architecture
Traditional OIDC implementations force enterprises to choose between user-friendly browser-based authentication and secure API access. Imixs-OIDC eliminates this compromise through its innovative HttpAuthenticationMechanism that dynamically selects the appropriate authentication method based on the incoming request type.
For browser-based access, the system seamlessly redirects users through the standard OIDC authorization code flow, storing user claims in HTTP sessions for subsequent requests.
For API access, the same mechanism validates Bearer tokens against OIDC provider public keys using industry-standard JWT signature verification.
The project provides a unified solution that works seamlessly within the same security context, simplifying development and maintenance.
Technical Features
š Enterprise-Grade Security:
- RSA signature verification (RS256) with automatic key ID (kid) resolution
- Dynamic JWKS endpoint discovery and intelligent public key caching
- JWT expiration validation and comprehensive claim extraction
- Zero-dependency token decoding using Jakarta JSON (no Jackson required)
ā” Lightweight Architecture:
- Built entirely on Jakarta EE Security API 3.0 specifications
- POJO-based design with no framework lock-in
- Automatic discovery via beans.xml with zero-configuration deployment
- Minimal footprint with intelligent provider compatibility
š Universal Provider Support:
- Standards-compliant with any OIDC provider (Keycloak, Auth0, Azure AD, Okta)
- Automatic role resolution across different claim structures
- Optional UserInfo endpoint support for commercial providers
- Flexible claim mapping with environment-based configuration
Seamless Enterprise Integration
The module integrates effortlessly into existing Jakarta EE applications through standard security annotations and web.xml configurations. Developers can protect EJBs, CDI beans, and web resources using familiar `@RolesAllowed` annotations and security constraintsāno proprietary APIs required.
Resource Owner Password Credentials (ROPC) Flow Support enables machine-to-machine communication, making it ideal for microservices architectures and API-driven applications.
- Reduced Development Complexity: Single authentication mechanism for all access patterns
- Enhanced Security Posture: Enterprise-grade token validation with automatic key rotation
- Improved Developer Experience: Standard Jakarta EE security APIs with no vendor lock-in
- Operational Efficiency: Unified monitoring and debugging across authentication flows
Advanced Debugging and Development Support
Imixs-OIDC includes comprehensive debugging capabilities with detailed claim analysis through the `/oidc-debug` REST endpoint and configurable logging. The included OidcContext CDI bean provides runtime access to user claims, roles, and authentication context for custom business logic.
About the Imixs Project
The Imixs project represents over two decades of enterprise software development expertise, focusing on business process management and workflow automation. Built on Jakarta EE and BPMN 2.0 standards, Imixs provides enterprises with comprehensive solutions for digitizing complex business processes. The project's commitment to open source principles and collaborative development has resulted in a robust ecosystem including AI integration, machine learning capabilities, and now advanced security modules.
Technical Specifications
Requirements:
- Jakarta EE 10 Application Server (Wildfly, Payara)
- Java 11+ runtime environment
- OIDC-compliant identity provider
Maven Dependency:
<dependency>
<groupId>org.imixs.security</groupId>
<artifactId>imixs-oidc</artifactId>
<version>3.0.0</version>
</dependency>Availability and Community Engagement
Imixs-OIDC 3.0 is available immediately under the GNU General Public License. The project welcomes contributions from security professionals, enterprise architects, and Jakarta EE developers.
Development Resources:
- GitHub Repository: https://github.com/imixs/imixs-security/tree/main/imixs-oidc
- Comprehensive Documentation: https://doc.office-workflow.com/auth/oidc/keycloak.html
- Community Support: Active development community with enterprise consultation available