Improve documentation for token propagation #19872
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sanne
approved these changes
Sep 2, 2021
sberyozkin
reviewed
Sep 2, 2021
| @@ -596,15 +596,16 @@ quarkus.oidc-client.token-path=/protocol/openid-connect/tokens | |||
| [[token-propagation]] | |||
| == Token Propagation in MicroProfile RestClient client filter | |||
|
|
|||
| `quarkus-oidc-token-propagation` extension provide `io.quarkus.oidc.token.propagation.AccessTokenRequestFilter` and `io.quarkus.oidc.token.propagation.JsonWebTokenRequestFilter` JAX-RS ClientRequestFilters which propagates the current link:security-openid-connect[Bearer] or link:security-openid-connect-web-authentication[Authorization Code Flow] access token as an HTTP `Authorization` `Bearer` scheme value. | |||
| The `quarkus-oidc-token-propagation` extension provides two JAX-RS `javax.ws.rs.client.ClientRequestFilter` class implementations that simplify the propagation of authentication information. | |||
| `io.quarkus.oidc.token.propagation.AccessTokenRequestFilter` propagates the current link:security-openid-connect[Bearer], while `io.quarkus.oidc.token.propagation.JsonWebTokenRequestFilter` propagates the link:security-openid-connect-web-authentication[Authorization Code Flow] access token as an HTTP `Authorization` `Bearer` scheme value. | |||
There was a problem hiding this comment.
@geoand Hi Georgios, no, it is not correct:
io.quarkus.oidc.token.propagation.AccessTokenRequestFilter` propagates the current link:security-openid-connect[Bearer], while `io.quarkus.oidc.token.propagation.JsonWebTokenRequestFilter` propagates the link:security-openid-connect-web-authentication[Authorization Code Flow] access token as an HTTP `Authorization` `Bearer` scheme value.
The access token can be a bearer token coming with HTTP Authorization or acquired with the code flow - both filters work for both cases - the difference is, the JWT one adds some extra support for tokens which are in JWT format, so I'd drop this note
There was a problem hiding this comment.
Aha, thanks.
I'll update the docs then.
There was a problem hiding this comment.
Hopefully it's better now
geoand
force-pushed
the
oidc-token-polish
branch
from
9273cf2 to
f3c65af
Compare
sberyozkin
approved these changes
Sep 2, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This came up when I was looking at #19456