Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to customize OIDC JavaRequest checks #34812

Merged
merged 1 commit into from
Jul 18, 2023
Merged

Allow to customize OIDC JavaRequest checks #34812

merged 1 commit into from
Jul 18, 2023

Conversation

sberyozkin
Copy link
Member

This PR is about making it easier for SPA developers to tell Quarkus that XHR/Fetch issued the call - currently they have to set up a header in the script - but if the script engine already sets some header of its own then making this check from a custom JavaScriptRequestChecker bean simplifies the scripts, avoids the creation of redundant headers.

This PR is only about supporting this check at the server side. As documented, SPA may need to reload the page if Keycloak or other providers do not support CORS in their authorization endooints - so Quarkus can help with issuing 499 error (instead of redirects) if it is allowed to do so for JavaScript requests - SPA catch it and reload the page bypassing CORS restrictions in Keycloak.

So JavaScriptRequestChecker is introduced, tests and docs updated.

@sberyozkin sberyozkin requested review from gastaldi and pedroigor July 18, 2023 10:36
@quarkus-bot quarkus-bot bot added area/docstyle issues related for manual docstyle review area/documentation area/oidc labels Jul 18, 2023
@github-actions
Copy link

github-actions bot commented Jul 18, 2023
edited
Loading

🙈 The PR is closed and the preview is expired.

@quarkus-bot

This comment has been minimized.

Sign in to view
gastaldi
gastaldi approved these changes Jul 18, 2023
View reviewed changes
Copy link
Contributor

@gastaldi gastaldi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just minor improvements to the docs

docs/src/main/asciidoc/security-oidc-code-flow-authentication.adoc Outdated Show resolved Hide resolved
docs/src/main/asciidoc/security-oidc-code-flow-authentication.adoc Outdated Show resolved Hide resolved
@sberyozkin
Copy link
Member Author

Thanks @gastaldi, let me apply

@sberyozkin sberyozkin force-pushed the oidc_javascript_checker branch from c303b99 to 9ef513e Compare July 18, 2023 13:43
@quarkus-bot
Copy link

quarkus-bot bot commented Jul 18, 2023

✔️ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

@sberyozkin sberyozkin merged commit 52f7611 into quarkusio:main Jul 18, 2023
@sberyozkin sberyozkin deleted the oidc_javascript_checker branch July 18, 2023 16:21
@quarkus-bot quarkus-bot bot added this to the 3.3 - main milestone Jul 18, 2023
@sberyozkin sberyozkin mentioned this pull request Jul 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gastaldi gastaldi gastaldi approved these changes

@pedroigor pedroigor Awaiting requested review from pedroigor

Assignees
No one assigned
Labels
area/docstyle issues related for manual docstyle review area/documentation area/oidc release/noteworthy-feature
Projects
None yet
Milestone
3.3.0.CR1
Development

Successfully merging this pull request may close these issues.
2 participants
@sberyozkin @gastaldi