Skip to content

Commit

Permalink
Enable PKCE for reactive logout SPA flow test (#943)
Browse files Browse the repository at this point in the history
  • Loading branch information
michalvavrik authored Dec 13, 2022
1 parent 00fe542 commit 5d676c0
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 1 deletion.
6 changes: 6 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -654,6 +654,12 @@ Variants:
Verifies special cases of using reactive OIDC client:
- Proper handling of `Authorization` request header by `OidcClientRequestReactiveFilter`: the filter should always add a single`Authorization` header, not duplicate it in multiple request attempts.

### `security/keycloak-oidc-client-reactive-extended`

Reactive twin of the `security/keycloak-oidc-client-extended`, extends `security/keycloak-oidc-client-reactive-basic` and also covers some special cases that are common for both classic and reactive modules:

- Verifies Proof Of Key for Code Exchange support for a Keycloak and Red Hat Single Sign-On together with OIDC Single Page Application logout flow

### `securty/oidc-client-mutual-tls`

Verifies OIDC client can be authenticated as part of the `Mutual TLS` (`mTLS`) authentication process
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import java.io.IOException;
import java.util.Objects;

import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

import com.gargoylesoftware.htmlunit.SilentCssErrorHandler;
Expand Down Expand Up @@ -41,6 +42,7 @@ public class LogoutSinglePageAppFlowIT {
.withProperty("keycloak.url", () -> keycloak.getURI(Protocol.HTTP).toString())
.withProperties("logout.properties");

@Tag("QUARKUS-2491")
@Test
public void singlePageAppLogoutFlow() throws IOException {
try (final WebClient webClient = createWebClient()) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -550,7 +550,8 @@
"post.logout.redirect.uris" : "*",
"display.on.consent.screen" : "false",
"oauth2.device.authorization.grant.enabled" : "false",
"backchannel.logout.revoke.offline.tokens" : "true"
"backchannel.logout.revoke.offline.tokens" : "true",
"pkce.code.challenge.method" : "S256"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,3 +18,7 @@ quarkus.http.auth.permission.logout.paths=/code-flow/logout
quarkus.http.auth.permission.logout.policy=authenticated

quarkus.oidc.token-cache.max-size=1

# PKCE
quarkus.oidc.authentication.pkce-required=true
quarkus.oidc.authentication.pkce-secret=eUk1p7UB3nFiXZGUXi0uph1Y9p34YhBU

0 comments on commit 5d676c0

Please sign in to comment.