Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Startup fails if OIDC provider is not available #21706

Closed
sandronm opened this issue Nov 25, 2021 · 4 comments · Fixed by #21710
Closed

Startup fails if OIDC provider is not available #21706

sandronm opened this issue Nov 25, 2021 · 4 comments · Fixed by #21710
Labels
area/oidc kind/bug Something isn't working
Milestone
2.5.1.Final

Comments

@sandronm
Copy link

Describe the bug

I'm using the quarkus-oidc extension (multi-tenants) to securize my rest endpoints.
I defined the default oidc server as follow:

%prod.quarkus.oidc.auth-server-url=https://www.myoidcserver.com
%prod.quarkus.oidc.token.issuer=my-issuer
%prod.quarkus.oidc.token.audience=my-audience
%prod.quarkus.oidc.credentials.jwt.token-key-id=my-jwt-token-id
%prod.quarkus.oidc.jwks-path=/jwt/jwk-set.json
%prod.quarkus.oidc.token.header=My-Authorization
%prod.quarkus.oidc.discovery-enabled=false
%prod.quarkus.oidc.token.allow-jwt-introspection=false
%prod.quarkus.oidc.token.allow-opaque-token-introspection=false

Expected behavior

I should be able to run my docker container even if https://www.myoidcserver.com is not reachable.
Just like mentionned here: #16725

Actual behavior

I got the following exception:

io.quarkus.oidc.common.runtime.OidcEndpointAccessException
        at io.quarkus.oidc.runtime.OidcProviderClient.getJsonWebKeySet(OidcProviderClient.java:77)
        at io.quarkus.oidc.runtime.OidcProviderClient.lambda$getJsonWebKeySet$0(OidcProviderClient.java:56)
        at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
        at io.smallrye.mutiny.operators.uni.UniOnItemTransform$UniOnItemTransformProcessor.onItem(UniOnItemTransform.java:36)
        at io.smallrye.mutiny.vertx.AsyncResultUni.lambda$subscribe$1(AsyncResultUni.java:35)
        at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:717)
        at io.vertx.mutiny.ext.web.client.HttpRequest$10.handle(HttpRequest.java:714)
        at io.vertx.ext.web.client.impl.HttpContext.handleDispatchResponse(HttpContext.java:370)
        at io.vertx.ext.web.client.impl.HttpContext.execute(HttpContext.java:357)
        at io.vertx.ext.web.client.impl.HttpContext.next(HttpContext.java:335)
        at io.vertx.ext.web.client.impl.HttpContext.fire(HttpContext.java:302)
        at io.vertx.ext.web.client.impl.HttpContext.dispatchResponse(HttpContext.java:264)
        at io.vertx.ext.web.client.impl.HttpContext.lambda$null$8(HttpContext.java:519)
        at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:100)
        at io.vertx.core.impl.AbstractContext.dispatch(AbstractContext.java:63)
        at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:38)
        at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:164)
        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:497)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:829)

How to Reproduce?

  1. Install the extension quarkus-oidc
  2. Define the oidc params (copy/paste my params listed above)
  3. mvnv package
  4. docker build
  5. docker run

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

2.4.2.Final

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response
@sandronm sandronm added the kind/bug Something isn't working label Nov 25, 2021
@quarkus-bot
Copy link

quarkus-bot bot commented Nov 25, 2021

/cc @pedroigor, @sberyozkin

@sberyozkin
Copy link
Member

sberyozkin commented Nov 25, 2021
edited
Loading

@sandronm Thanks, it definitely works (and is tested) with the discovery enabled (the recovery is attempted during the first request) but indeed there could be some issues if it is disabled

@sandronm
Copy link
Author

I didn't tried with the discovery enabled I have to admit @sberyozkin :-)
But unfortunately for my usecase I cannot rely on this feature.

@sberyozkin
Copy link
Member

Np, we'll have a look

@sberyozkin sberyozkin mentioned this issue Nov 25, 2021
Merged
@quarkus-bot quarkus-bot bot added this to the 2.6 - main milestone Nov 30, 2021
@gsmet gsmet modified the milestones: 2.6 - main, 2.5.1.Final Nov 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc kind/bug Something isn't working
Projects
None yet
Milestone
2.5.1.Final
Development

Successfully merging a pull request may close this issue.

Get OIDC recover from the connection failure if the discovery is disabled sberyozkin/quarkus
3 participants
@sberyozkin @gsmet @sandronm