New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enhance TestSecurity OIDC module to support the injection of UserInfo and OidcConfigurationMetadata #16697
Comments
/cc @manovotn, @mkouba, @pedroigor |
go go go :) |
It is not only the issue of the I tried it more today in my sample application, https://github.com/hantsy/quarkus-sandbox/tree/master/oidc-api-auth0 This is a service application(the default application type is service). I have an If it is activated, and starts the application, then I used a client to test the APIs, see IntegrationTests, it will raise the So the final solution is in a service type application, |
@sberyozkin BTW, not sure it can be categorized as an issue. When the As I understand it, a service type application or the Resource server role in OAuth2 protocol, it should not contain a client-id. The client-id and client-secrets are part of the client application when an Oauth2 Client application role is registered. I also create a similar service API spring application, just need to declare it as a ResourceServer and specify the issuer-uri configuration, no need others, all work well, see: https://github.com/hantsy/spring-webmvc-auth0-sample/blob/master/src/main/resources/application.yml#L49 |
Wow, I totally missed all the comments :-) (the secret is I only check the issues manually to minimize the amount of notifications), anyway, sorry for a delay... @Marcus-Biel-idnow - OK :-), will try to prioritize soon enough, should be straightforward enough to fix
The problem is that if the path request is public then
It has been discussed before - it is not a good idea to drop it (even if somewhere else it is not needed) since, when the token verification fails, all that can be logged is that the token fails - no way to link it to the client which requested this token - we don't log it yet - but I'll make sure the client id is logged - additionally, |
Description
OidcConfigurationMetadata
can be initialized fromquarkus.oidc.jwk-path
, etcUserInfo
from a security attribute with auserinfo.
prefixThe text was updated successfully, but these errors were encountered: