-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add OidcSession interface #22163
Add OidcSession interface #22163
Conversation
c995277
to
dae61f1
Compare
This interface is simply a wrapper around |
I'll add the docs tomorrow |
dae61f1
to
d1a1316
Compare
integration-tests/oidc-tenancy/src/main/resources/application.properties
Outdated
Show resolved
Hide resolved
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcSessionImpl.java
Show resolved
Hide resolved
d1a1316
to
42c9032
Compare
42c9032
to
fc6b4b8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Indeed a very handy utility for interacting with the session.
One question, wouldn't be possible to leverage the SecurityIdentity
for that? So that we could have a custom version of this type that adds the OIDC capabilities?
I've opened it for review and here is the updated summary:
@FroMage I do hope it will help to simplify some of your code. |
Hi @pedroigor
Interesting, @FroMage also prototyped a proposal where one would do IMHO it would be simpler if we have a dedicated type, I suppose |
I need to add another test |
It totally does for smallrye-jwt when using cookies ;) |
@FroMage, sure, I missed a |
fc6b4b8
to
3860a07
Compare
Hi @FroMage @pedroigor So yeah, if you'd like please open a quarkus security issue to add Also I believe OIDC So, I'd rather keep going with |
Updated one of the tests to return a default tenant id instead of null, ready for review |
I was thinking more about a sub-type rather than changing |
Hey @pedroigor
Do you mean something like That might work, we'd probably need to also add |
Hi @FroMage Can you confirm you are OK for this PR to go in ? I think we can review the idea of |
Let me go ahead with the merge, we can align |
Fixes #22197
Fixes #21928
This is a draft PR for now as I need to add the tests and update the docs.
Here is what it does:
RoutingContext
tenantId
attribute for customTenantResolver
s to avoid having to check the cookie names; it is already reg-ed as aSecurityIdentity
attribute as well, so there should be no need to inline in the faked IdTokenOidcSession
which is a wrapper around the id token and it allows to 1) get tenant id 2) check how long the session will be valid for 3) do the local logout - without the custom code having to deal with the cookies - this last item proved more involved than I thought - but really I just had to move the related code fromCodeAuthenticationMechanism
toOidcUtils
. Removing the cookie has to be handled correctly when the custom path/domain is set, and Uni has to be used to complete the removal of the matching state from the customTokenStateManager
, ex, if it is stored in the DBCC @FroMage