quarkus-elytron-security-oauth2 does not work as described in documentation

[ineednousername]

there are two problems with the documentation found at https://quarkus.io/guides/security-oauth2

Problem1:

Describe the bug
open https://quarkus.io/guides/security-oauth2
go to

Creating the Maven project

First, we need a new project. Create a new project with the following command:

run

mvn io.quarkus:quarkus-maven-plugin:1.8.2.Final:create \
    -DprojectGroupId=org.acme \
    -DprojectArtifactId=security-oauth2-quickstart \
    -DclassName="org.acme.security.oauth2.TokenSecuredResource" \
    -Dpath="/secured" \
    -Dextensions="resteasy-jsonb, security-oauth2"
cd security-oauth2-quickstart
mvn clean install 

Expected behavior
tests and build runs fine with mvn clean install -Pnative

Actual behavior

[ERROR] org.acme.security.oauth2.TokenSecuredResourceTest.testHelloEndpoint  Time elapsed: 0.045 s  <<< ERROR!
java.lang.RuntimeException: java.lang.RuntimeException: Failed to start quarkus
Caused by: java.lang.RuntimeException: Failed to start quarkus
Caused by: io.quarkus.runtime.configuration.ConfigurationException: client-id, client-secret and introspection-url must be configured when the oauth2 extension is enabled

[INFO] 
[INFO] Results:
[INFO] 
[ERROR] Errors: 
[ERROR]   TokenSecuredResourceTest.testHelloEndpoint » Runtime java.lang.RuntimeExceptio...
[INFO] 
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0
[INFO] 

Problem2:

Describe the bug

the documentation open https://quarkus.io/guides/security-oauth2 states the following:

If you don’t want to use the Maven plugin, you can just include the dependency in your pom.xml:

io.quarkus
quarkus-elytron-security-oauth2

which does not work out of the box
if you have a project not containing the following dependency e.g. a project that is using jackson

<dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-resteasy-jsonb</artifactId>
    </dependency>

and you run mvn clean install -Pnative you will get

Actual behavior

rror: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.Json. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:146)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(URL, String, String, String, SSLContext, HostnameVerifier): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:119)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:90)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(Object): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:93)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
Call path from entry point to org.wildfly.security.json.util.JsonUtil.toAttributes(Object): 
	at org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:94)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)

com.oracle.svm.core.util.UserError$UserException: Unsupported features in 3 methods
Detailed message:
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.Json. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:146)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(URL, String, String, String, SSLContext, HostnameVerifier): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:119)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:90)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(Object): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:93)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
Call path from entry point to org.wildfly.security.json.util.JsonUtil.toAttributes(Object): 
	at org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:94)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)

	at com.oracle.svm.core.util.UserError.abort(UserError.java:79)
	at com.oracle.svm.hosted.FallbackFeature.reportAsFallback(FallbackFeature.java:217)
	at com.oracle.svm.hosted.NativeImageGenerator.runPointsToAnalysis(NativeImageGenerator.java:765)
	at com.oracle.svm.hosted.NativeImageGenerator.doRun(NativeImageGenerator.java:555)
	at com.oracle.svm.hosted.NativeImageGenerator.lambda$run$0(NativeImageGenerator.java:468)
	at java.base/java.util.concurrent.ForkJoinTask$AdaptedRunnableAction.exec(ForkJoinTask.java:1407)
	at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290)
	at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020)
	at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656)
	at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594)
	at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:183)
Caused by: com.oracle.graal.pointsto.constraints.UnsupportedFeatureException: Unsupported features in 3 methods
Detailed message:
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.Json. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:146)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(URL, String, String, String, SSLContext, HostnameVerifier): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.introspectAccessToken(OAuth2IntrospectValidator.java:119)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:90)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
Call path from entry point to org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(Object): 
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.isValidToken(OAuth2IntrospectValidator.java:104)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:93)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)
Error: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: javax.json.JsonObject. To diagnose the issue you can use the --allow-incomplete-classpath option. The missing type is then reported at run time when it is accessed the first time.
Trace: 
	at parsing org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
Call path from entry point to org.wildfly.security.json.util.JsonUtil.toAttributes(Object): 
	at org.wildfly.security.json.util.JsonUtil.toAttributes(JsonUtil.java:43)
	at org.wildfly.security.auth.realm.token.validator.OAuth2IntrospectValidator.validate(OAuth2IntrospectValidator.java:94)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.validateToken(TokenSecurityRealm.java:207)
	at org.wildfly.security.auth.realm.token.TokenSecurityRealm$TokenRealmIdentity.verifyEvidence(TokenSecurityRealm.java:152)
	at org.wildfly.security.auth.server.ServerAuthenticationContext$UnassignedState.verifyEvidence(ServerAuthenticationContext.java:1737)
	at org.wildfly.security.auth.server.ServerAuthenticationContext.verifyEvidence(ServerAuthenticationContext.java:766)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:311)
	at org.wildfly.security.auth.server.SecurityDomain.authenticate(SecurityDomain.java:272)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:48)
	at io.quarkus.elytron.security.runtime.ElytronTokenIdentityProvider$1.get(ElytronTokenIdentityProvider.java:43)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.initializeLazyValue(SystemPropertiesSupport.java:190)
	at com.oracle.svm.core.jdk.SystemPropertiesSupport.getProperty(SystemPropertiesSupport.java:143)
	at com.oracle.svm.core.jdk.Target_java_lang_System.getProperty(JavaLangSubstitutions.java:331)
	at com.oracle.svm.jni.JNIJavaCallWrappers.jniInvoke_VARARGS:Ljava_lang_System_2_0002egetProperty_00028Ljava_lang_String_2_00029Ljava_lang_String_2(generated:0)

	at com.oracle.graal.pointsto.constraints.UnsupportedFeatures.report(UnsupportedFeatures.java:129)
	at com.oracle.svm.hosted.NativeImageGenerator.runPointsToAnalysis(NativeImageGenerator.java:762)
	... 8 more
Error: Image build request failed with exit status 1
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

** Expected behaviour
When following the documentation
mvn install -Pnative should produce a valid native runner

maybe add to the documentation

If you don’t want to use the Maven plugin, you can just include the dependencies in your pom.xml:

<dependency>
    <groupId>io.quarkus</groupId>
    <artifactId>quarkus-elytron-security-oauth2</artifactId>
</dependency>

<dependency>
          <groupId>io.quarkus</groupId>
          <artifactId>quarkus-resteasy-jsonb</artifactId>
 </dependency>

** How to reproduce add the
clone: https://github.com/ineednousername/reproducer-elytron
run: mvn clean install -Pnative -DskipTests

[sberyozkin]

@loicmathieu Hi Loic - can you please have a look, thanks

[loicmathieu]

Hello,

Problem 1: the behaviour is normal as the configuration was not done inside application.properties. The steps to configure the OAuth2 server are described here: https://quarkus.io/guides/security-oauth2#setting-up-application-properties I agree they should be put before in the guide as the generating-a-token. Both sections must reside inside the creating-the-maven-project sectipn.

Problem 2: as I understand it, using elytron-security-oauth2 without JSONB (for example with only quarkus-resteasy) failed in native ? In this case adding quarkus-jsonb as a dependency should fix that. I need more test on this one as it appears to use javax.json and not JSONB.

[loicmathieu]

#12635 should fix the native image issue (Problem 2).

[ineednousername]

@loicmathieu

Problem 2: as I understand it, using elytron-security-oauth2 without JSONB (for example with only quarkus-resteasy) failed in native ? In this case adding quarkus-jsonb as a dependency should fix that. I need more test on this one as it appears to use javax.json and not JSONB.

Yes for example a project that not even uses JSONB or a project that uses jackson. There it would be just confusing to add jsonb even though it is not directly used by the project, but required to add to make quarkus-elytron-security-oauth2 work. Also you would only find out while building the native image and would be confused like I was in the beginning ;)

Problem 1: the behaviour is normal as the configuration was not done inside application.properties. The steps to configure the OAuth2 server are described here: https://quarkus.io/guides/security-oauth2#setting-up-application-properties I agree they should be put before in the guide as the generating-a-token. Both sections must reside inside the creating-the-maven-project sectipn.

Don't fully agree on that here, since for me as a user of quarkus it would be better and easier to understand to have a self contained example that works out of the box. But clearly that was not you intention here.

[loicmathieu]

Don't fully agree on that here, since for me as a user of quarkus it would be better and easier to understand to have a self contained example that works out of the box. But clearly that was not you intention here.

So what do you propose here ? For OAuth2 to work we need an OAuth2 server. Typically, a user will use embedded security in localhost and OAuth2 when deploying on a server. We already explained a little later on the guide how to mock an OAuth2 server for integration test but for local if you don't want to use an embedded authentication you must configure a valid OAuth2 server.

[ineednousername]

@loicmathieu

So what do you propose here ? For OAuth2 to work we need an OAuth2 server. Typically, a user will use embedded security in localhost and OAuth2 when deploying on a server. We already explained a little later on the guide how to mock an OAuth2 server for integration test but for local if you don't want to use an embedded authentication you must configure a valid OAuth2 server.

It is all fine what you write here, my point only was that the test should run out of the box which does not seem to work.
This can just be confusing at first if you create the example via mvn io.quarkus:quarkus-maven-plugin:1.8.2.Final:create and it does not work. Not sure if you can pass application.properties during the project scaffold generation to disable oauth2 quarkus.oauth2.enabled=false, that way the initial project where you start the journey would already report no test failures.
But maybe that is all as intended and I was just confused ;)

[loicmathieu]

OK then, I think the best is to improve the documentation.

If you follow the OAuth2 guide, it means you want to test OAuth2 so for me it's OK that you have an error as long as you didn't configure OAuth.

I'll create an issue to describe the modifications I proposes for the security guides (mostly re-organizing them to have more logical steps by moving the configuration part upper). When done I'll propose to close this one if you'll agree.

Anyway, thanks for your feedback, we try to make our best to have a good experience when using the guides, so we appreciate all feedback on them ;)

[ineednousername]

@loicmathieu

When done I'll propose to close this one if you'll agree.

That is fine, proceed as fits best for you :-)

[loicmathieu]

Thanks ;)

I improve the guide with more logical steps in the PR: #12742
I close this one now, thanks for your feedback.