Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Be able to have private/public key when using smallrye-jwt extension on dev mode #44179

Open
mcruzdev opened this issue Oct 30, 2024 · 10 comments · May be fixed by #44272
Open

Be able to have private/public key when using smallrye-jwt extension on dev mode #44179

mcruzdev opened this issue Oct 30, 2024 · 10 comments · May be fixed by #44272

Comments

@mcruzdev
Copy link
Contributor

Description

Actually, we need to generate a public key in Dev mode to develop with the extension. It would be greate if we have a way to do not worry about it on dev mode.

Implementation ideas

No response

Copy link

quarkus-bot bot commented Oct 30, 2024

/cc @Ladicek (smallrye), @jmartisk (smallrye), @phillip-kruger (smallrye), @radcortez (smallrye), @sberyozkin (jwt)

@sberyozkin
Copy link
Member

Thanks @mcruzdev Good idea, and I recall, @FroMage proposed something similar.

The question is how to use the private key in devmode.
In devmode, quarkus-smallrye-jwt devservice should allocate a key pair and set mp.jwt.verify.publickey but also smallrye.jwt.sign.key for the quarkus-smallrye-jwt-build be able to use it to generate tokens.

It should indeed make it easier to run the quickstart.

But additionally, we can consider adding Dev UI support for users be able to select which claims should be added to the generated token and then use this token to test the service.

@mcruzdev
Copy link
Contributor Author

Thank you for the quick response @sberyozkin!

Just to increment the proposal:

  1. Add a codestart on (quarkus-smallrye-jwt and quarkus-smallrye-jwt-build) with simple sample code
  2. In devmode, quarkus-smallrye-jwt devservice should allocate a key pair and set mp.jwt.verify.publickey but also smallrye.jwt.sign.key for the quarkus-smallrye-jwt-build be able to use it to generate tokens.

  3. Add the DevUI allowing the user to add claims and groups to the token and get the token in a easy way.

@mcruzdev
Copy link
Contributor Author

mcruzdev commented Oct 30, 2024

Having this proposal approved, can I start to contribute with this issue?

@sberyozkin
Copy link
Member

sberyozkin commented Oct 30, 2024

@mcruzdev You are welcome to start, thanks.

Can I propose to start first with generating an in-mem key pair as you proposed and set the suggested properties and confirm that is sufficient for the smallrye-jwt quickstart demo to work in devmode and when running tests, without having to manually set the keys ?
Note though it can be done if none of the smallrye-jwt verification properties is already set, and none of the smallrye-jwt-build signing key properties are set

Thanks

@mcruzdev
Copy link
Contributor Author

Great! Thank you for this suggestion!

@michalvavrik
Copy link
Member

@FroMage proposed something similar

#22182 ?

@sberyozkin
Copy link
Member

That was a CLI level enhancement, which is worth completing (minus EC keys for now), but Steph was talking about the key pair in devmode, he may have done something related in Renarde

@michalvavrik
Copy link
Member

That was a CLI level enhancement, which is worth completing (minus EC keys for now), but Steph was talking about the key pair in devmode, he may have done something related in Renarde

got it, thanks

@mcruzdev mcruzdev linked a pull request Nov 2, 2024 that will close this issue
4 tasks
@mcruzdev mcruzdev changed the title Be able to have private/public key when using smallrye-jwt extension Be able to have private/public key when using smallrye-jwt extension on dev mode Nov 2, 2024
@FroMage
Copy link
Member

FroMage commented Nov 4, 2024

Yup: https://github.com/quarkiverse/quarkus-renarde/blob/main/deployment/src/main/java/io/quarkiverse/renarde/deployment/RenardeProcessor.java#L267

IMO this should be done by JWT as a build step, I don't see why you need a dev service for that.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants