Skip to content

Commit

Permalink
Edit Dev Services and UI for OIDC
Browse files Browse the repository at this point in the history
  • Loading branch information
rolfedh committed Dec 7, 2023
1 parent 018e8e4 commit 04e8d11
Show file tree
Hide file tree
Showing 2 changed files with 117 additions and 107 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,17 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
////
= OpenID Connect (OIDC) and OAuth2 Client and Filters Reference Guide
include::_attributes.adoc[]
:diataxis-type: reference
:categories: security
:topics: security,oidc,client
:extensions: io.quarkus:quarkus-oidc-client

This reference guide explains how to use:
This guide covers Quarkus extensions for OpenID Connect/OAuth 2.0 token management, focusing on acquiring, refreshing, and propagating tokens with Keycloak, crucial for Quarkus app authentication and authorization.

- `quarkus-oidc-client`, `quarkus-oidc-client-reactive-filter` and `quarkus-oidc-client-filter` extensions to acquire and refresh access tokens from OpenID Connect and OAuth 2.0 compliant Authorization Servers such as link:https://www.keycloak.org[Keycloak]
- `quarkus-oidc-token-propagation-reactive` and `quarkus-oidc-token-propagation` extensions to propagate the current `Bearer` or `Authorization Code Flow` access tokens
This includes the following:

- Using `quarkus-oidc-client`, `quarkus-oidc-client-reactive-filter` and `quarkus-oidc-client-filter` extensions to acquire and refresh access tokens from OpenID Connect and OAuth 2.0 compliant Authorization Servers such as link:https://www.keycloak.org[Keycloak].
- Using `quarkus-oidc-token-propagation-reactive` and `quarkus-oidc-token-propagation` extensions to propagate the current `Bearer` or `Authorization Code Flow` access tokens.

The access tokens managed by these extensions can be used as HTTP Authorization Bearer tokens to access the remote services.

Expand Down Expand Up @@ -1131,7 +1134,7 @@ smallrye.jwt.new-token.audience=http://downstream-resource
smallrye.jwt.new-token.override-matching-claims=true
----

As already noted above, use `AccessTokenRequestFilter` if you work with Keycloak or OpenID Connect Provider, which supports a Token Exchange protocol.
As already noted above, use `AccessTokenRequestFilter` if you work with Keycloak or an OpenID Connect Provider, which supports a Token Exchange protocol.

[[integration-testing-token-propagation]]
=== Testing
Expand Down
Loading

0 comments on commit 04e8d11

Please sign in to comment.