OIDC: New tenant specific service to map a TokenCredential
to a SecurityIdentity
#24069
Labels
Milestone
TokenCredential
to a SecurityIdentity
#24069
Description
With #24051 an attempt was made to allow the
OidcIdentityProvider
to be used to parse an access token and map it to aSecurityIdentity
. However, theOidcIdentityProvider
implements multi-tenancy and to determine the applicable tenant it needs the Vert.xRoutingContext
(cf.DefaultTenantConfigResolver#resolveContext()
), which thus won't work when there is no request (e.g. when processing is triggered from the scheduler).Thus, this issue requests a new injectable service which represents a tenant-specific configuration (request scoped), which would allow mapping a
TokenCredential
(orTokenAuthenticationRequest
?) to aSecurityIdentity
. A dedicated annotation would allow injecting the service for the default tenant configuration or a named tenant configuration (name as given in Quarkus configuration).Implementation ideas
The PR #24051 provides a test case that may serve as an example and basis for a test for this feature.
The text was updated successfully, but these errors were encountered: