Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OIDC enhancements #15639

Merged
merged 1 commit into from
Mar 11, 2021
Merged

OIDC enhancements #15639

merged 1 commit into from
Mar 11, 2021

Conversation

sberyozkin
Copy link
Member

@sberyozkin sberyozkin commented Mar 11, 2021
edited
Loading

Fixes #15545.
Fixes #15524.
Fixes #13666.

There are 3 distinct but simple enough enhancements/bug fixes so I've done a single PR instead of opening 3 PRs.

  1. Default quarkus.oidc.authentication.cookie-path to '/' and deprecate quarkus.oidc.authentication.restore-path-after-redirect #15545

cookie-path is defaulted to / - it has really should've been done earlier - so many users have lost a lot of time on finding it has to be done - it was not set originally because the very first case was about redirecting the user to the same original request URI so the cookies were not lost. It is actually already documented that the users should set cookie-path to / at least - but I guess the users would not always start from the docs :-)

restore-path-after-redirect is now false by default. Once I saw @danielpetisme's blog post I thought that was it, having the users to do:

# users should not be asked to do it all the time
cookie-path=/

redirect-path=/callback
# This is not good, redirect-path is configured, so why state the obvious :-) ?  
restore-path-after-redirect=false

was not cool at all :-)

The only reason I've kept restore-path-after-redirect is because a very specific case is still tested, where, with even with redirect-path the original request is still restored - the idea as far as I recall was to use redirect-path just to meet the provider requirement that the same redirect_uri is used while still restoring the original URI at the endpoint level - not sure if anyone even depends on it - but for now it is safer to keep it;

Note the original request URI is always restored anyway if no redirect-path is set

  1. oidc and oidc-client have the same configuration exception when the required properties are missing #15524 - better exception messages to distinguish between oidc/oidc-client config errors (more work may be needed later on - just a start)

  2. Add OidcConfigurationMetadata injectable request-scoped bean #13666 - @danielpetisme has asked for it - it is easy to do so I've just added a producer and a test

@sberyozkin sberyozkin requested a review from pedroigor March 11, 2021 15:09
@sberyozkin sberyozkin merged commit ee863ae into quarkusio:master Mar 11, 2021
@quarkus-bot quarkus-bot bot added this to the 1.13 - master milestone Mar 11, 2021
@sberyozkin sberyozkin deleted the oidc_enhancements branch March 11, 2021 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pedroigor pedroigor pedroigor approved these changes

Assignees
No one assigned
Labels
area/documentation area/oidc
Projects
None yet
Milestone
1.13.0.CR1
2 participants
@sberyozkin @pedroigor