Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keycloak devservice can be started indirectly if quarkus-oidc uses quarkus.oidc.provider #44938

Closed
sberyozkin opened this issue Dec 5, 2024 · 2 comments · Fixed by #44980
Closed

Keycloak devservice can be started indirectly if quarkus-oidc uses quarkus.oidc.provider #44938

sberyozkin opened this issue Dec 5, 2024 · 2 comments · Fixed by #44980
Assignees
@michalvavrik
Labels
area/devservices area/keycloak area/oidc kind/bug Something isn't working
Milestone
3.17.4

Comments

@sberyozkin
Copy link
Member

Describe the bug

At some point, when, for example, both quarkus-oidc and quarkus-oidc-client were included, and no properties like quarkus.oidc.auth-server-url or quarkus.oidc.provider were configured, quarkus-oidc would have Keycloak devservice launched.

Now, quarkus-oidc-client and other OIDC/Keycloak aware extensions can launch Keycloak devservice on its own.

However, if quarkus-oidc has indicated that it does not want Keycloak devservice, then quarkus-oidc-client should not launch it. For example:

<dependency>
            <groupId>io.quarkus</groupId>
            <artifactId>quarkus-oidc</artifactId>
 </dependency>
 <dependency>
      <groupId>io.quarkus</groupId>
      <artifactId>quarkus-rest-client-oidc-token-propagation</artifactId>
 </dependency>

here, quarkus-rest-client-oidc-token-propagation brings quarkus-oidc-client for the optional token exchange, the token propagation will be applied to REST clients which do not deal with OIDC.

And we have for example quarkus.oidc.provider=slack - indicating no Keycloak container is needed. But Keycloak container is still launched.

Expected behavior

If quarkus-oidc does not need it, then client extensions like quarkus-oidc-client should not launch it either.
IMHO it is very unlikely that when quarkus-oidc wants to work for example with Slack, the quarkus-oidc-client still wants to use Keycloak container.

Actual behavior

No response

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response
@sberyozkin sberyozkin added the kind/bug Something isn't working label Dec 5, 2024
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Dec 5, 2024

/cc @geoand (devservices), @pedroigor (keycloak,oidc), @stuartwdouglas (devservices)

@sberyozkin sberyozkin changed the title Keycloak devservice can be started indirectly even if quarkus-oidc indicated it does not need it Keycloak devservice can be started indirectly if quarkus-oidc uses quarkus.oidc.provider Dec 5, 2024
@michalvavrik michalvavrik self-assigned this Dec 5, 2024
@michalvavrik
Copy link
Member

Thanks, it's on the top of my list now.

@michalvavrik michalvavrik mentioned this issue Dec 7, 2024
Merged
@quarkus-bot quarkus-bot bot added this to the 3.18 - main milestone Dec 7, 2024
@gsmet gsmet modified the milestones: 3.18 - main, 3.17.4 Dec 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michalvavrik michalvavrik

Labels
area/devservices area/keycloak area/oidc kind/bug Something isn't working
Projects
None yet
Milestone
3.17.4
3 participants
@sberyozkin @gsmet @michalvavrik