Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support programmatically created OidcClients in custom OIDC Client filters #39261

Closed
sberyozkin opened this issue Mar 7, 2024 · 1 comment · Fixed by #39262
Closed

Support programmatically created OidcClients in custom OIDC Client filters #39261

sberyozkin opened this issue Mar 7, 2024 · 1 comment · Fixed by #39262
Labels
area/oidc kind/enhancement New feature or request
Milestone
3.9.0.CR1

Comments

@sberyozkin
Copy link
Member

Description

Lets say an OidcClient created like this:

@ApplicationScoped
public class OidcClientCreator {

    @Inject
    OidcClients oidcClients;
    @ConfigProperty(name = "quarkus.oidc.auth-server-url")
    String oidcProviderAddress;
    @ConfigProperty(name = "quarkus.oidc.client-id")
    String oidcClientId;
    @ConfigProperty(name = "quarkus.oidc.credentials.secret")
    String oidcClientSecret;

    private volatile OidcClient oidcClient;

    public void init(@Observes StartupEvent event) {
        createOidcClient().subscribe().with(client -> {
            oidcClient = client;
        });
    }

    public OidcClient getOidcClient() {
        return oidcClient;
    }

    private Uni<OidcClient> createOidcClient() {
        OidcClientConfig cfg = new OidcClientConfig();
        cfg.setId("mytestclient");
        cfg.setAuthServerUrl(oidcProviderAddress);
        cfg.setClientId(oidcClientId);
        cfg.getCredentials().setSecret(oidcClientSecret);
        cfg.getGrant().setType(Type.PASSWORD);
        cfg.setGrantOptions(Map.of("password",
                Map.of("username", "jdoe", "password", "jdoe")));
        return oidcClients.newClient(cfg);
    }
}

It is currenty impossible to create a custom OidcClientFilter which extends the abstract filters provided by OIDC Client reactive and classic extensions and use this client, while it would be great to do something like:

@Priority(Priorities.AUTHENTICATION)
public class OidcClientRequestCustomFilter extends AbstractOidcClientRequestReactiveFilter {

    @Inject
    OidcClientCreator oidcClientCreator;

    @Override
    protected Optional<OidcClient> client() {
        return Optional.of(oidcClientCreator.getOidcClient());
    }
}

and let the OIDC filter deal with the token acquisition and refresh.

Implementation ideas

I've been thinking for a while if I should simply update OidcClients to record the newly created OidcClient and I've come to the conclusion it should be avoided, for now at least, as OidcClients would need to deal with the even if theoretical OOM if the number of dynamic clients grows, while trimming some of them would mean that sometimes the above filter code works and sometimes not.

So a short term, simple solution is let custom filter implementations provide an already initialized OidcClient if they have it
@sberyozkin sberyozkin added the kind/enhancement New feature or request label Mar 7, 2024
@quarkus-bot quarkus-bot bot added the area/oidc label Mar 7, 2024
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 7, 2024

/cc @pedroigor (oidc)

@sberyozkin sberyozkin mentioned this issue Mar 7, 2024
Merged
@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/oidc kind/enhancement New feature or request
Projects
None yet
Milestone
3.9.0.CR1
1 participant
@sberyozkin