OIDC authentication for websockets doesn't work in 1.13.*

[oberstrike]

As @devauxbr mentioned, the bug is not related to Kotlin and may be fixed in the future.

[quarkus-bot]

/cc @evanchooly

[sberyozkin]

Hi @oberstrike It is hard to do anything about this issue without a reproducer - please create the one for us to have a look

[oberstrike]

@sberyozkin its really hard to make a reproducer because it has so many dependencies like keycloak configuration etc. But I'll try my best to do one.

[devauxbr]

Hello

I have encountered the exact same issue while upgrading my WebSocket Quarkus app to 1.13+
I don't use Kotlin, but my app relies on a custom HttpAuthenticationMechanism. I managed to create a minimalistic bug reproducer here

I've been quickly digging through the new quarkus-websocket extension source code. From what I understand, the old extension relied on the legacy Undertow Servlet WebSocket implementation that got the WebSocket Session Principal correctly populated from the Servlet layer. The new Vertx implementation does not retrieve the Principal yet (as this todo suggests)

Hope this helps ! 🤞

[oberstrike]

Now they have passed 2 month since we found out what the problem is. When will the problem be fixed? Or is there a workaround exist?

[aldoborrero]

Care to comment @stuartwdouglas ?

[aldoborrero]

Playing around with the code and thanks to @devauxbr initial cursory research, inside VertxWebSocketHttpExchange we do have access to the original RoutingContext in the class attribute exchange.

Upon closer inspection, I can see the principal is correctly populated inside the exchange.data() map like we can see below:

Is it safe to assume that we can return directly that object in method getUserPrincipal? Or is there any other implication I'm not taking into account (which will be probably)?

Something like: