diff --git a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java index 64d9d13c35a6e..58690fa283fd1 100644 --- a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java +++ b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java @@ -16,6 +16,10 @@ public class FrontendResource { @RestClient AccessTokenPropagationService accessTokenPropagationService; + @Inject + @RestClient + IdTokenPropagationService idTokenPropagationService; + @Inject @RestClient ServiceWithoutToken serviceWithoutToken; @@ -28,6 +32,14 @@ public Uni userNameAccessTokenPropagation() { return accessTokenPropagationService.getUserName(); } + @GET + @Path("id-token-propagation") + @Produces("text/plain") + @RolesAllowed("user") + public Uni userNameIdTokenPropagation() { + return idTokenPropagationService.getUserName(); + } + @GET @Path("service-without-token") @Produces("text/plain") diff --git a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenPropagationService.java b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenPropagationService.java new file mode 100644 index 0000000000000..8fe9e0e928cdd --- /dev/null +++ b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenPropagationService.java @@ -0,0 +1,20 @@ +package io.quarkus.it.keycloak; + +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; + +import org.eclipse.microprofile.rest.client.annotation.RegisterProvider; +import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; + +import io.smallrye.mutiny.Uni; + +@RegisterRestClient +@RegisterProvider(IdTokenRequestReactiveFilter.class) +@Path("/") +public interface IdTokenPropagationService { + + @GET + @Produces("text/plain") + Uni getUserName(); +} diff --git a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenRequestReactiveFilter.java b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenRequestReactiveFilter.java new file mode 100644 index 0000000000000..82186e45db0c6 --- /dev/null +++ b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/IdTokenRequestReactiveFilter.java @@ -0,0 +1,23 @@ +package io.quarkus.it.keycloak; + +import jakarta.annotation.Priority; +import jakarta.inject.Inject; +import jakarta.ws.rs.Priorities; +import jakarta.ws.rs.core.HttpHeaders; + +import org.jboss.resteasy.reactive.client.spi.ResteasyReactiveClientRequestContext; +import org.jboss.resteasy.reactive.client.spi.ResteasyReactiveClientRequestFilter; + +import io.quarkus.oidc.IdTokenCredential; + +@Priority(Priorities.AUTHENTICATION) +public class IdTokenRequestReactiveFilter implements ResteasyReactiveClientRequestFilter { + + @Inject + IdTokenCredential idToken; + + @Override + public void filter(ResteasyReactiveClientRequestContext requestContext) { + requestContext.getHeaders().putSingle(HttpHeaders.AUTHORIZATION, "Bearer " + idToken.getToken()); + } +} diff --git a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java index c4cf5320e129a..3b3a2a78883e2 100644 --- a/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java +++ b/integration-tests/oidc-token-propagation-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResource.java @@ -1,13 +1,13 @@ package io.quarkus.it.keycloak; -import java.security.Principal; - import jakarta.annotation.security.RolesAllowed; import jakarta.inject.Inject; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; import jakarta.ws.rs.Produces; +import org.eclipse.microprofile.jwt.JsonWebToken; + import io.quarkus.security.Authenticated; import io.smallrye.mutiny.Uni; @@ -16,12 +16,12 @@ public class ProtectedResource { @Inject - Principal principal; + JsonWebToken jwt; @GET @Produces("text/plain") @RolesAllowed("user") public Uni principalName() { - return Uni.createFrom().item(principal.getName()); + return Uni.createFrom().item(jwt.getClaim("typ") + ":" + jwt.getName()); } } diff --git a/integration-tests/oidc-token-propagation-reactive/src/main/resources/application.properties b/integration-tests/oidc-token-propagation-reactive/src/main/resources/application.properties index 321847db72236..36253fa1c4c16 100644 --- a/integration-tests/oidc-token-propagation-reactive/src/main/resources/application.properties +++ b/integration-tests/oidc-token-propagation-reactive/src/main/resources/application.properties @@ -1,4 +1,5 @@ io.quarkus.it.keycloak.AccessTokenPropagationService/mp-rest/uri=http://localhost:8081/protected +io.quarkus.it.keycloak.IdTokenPropagationService/mp-rest/uri=http://localhost:8081/protected io.quarkus.it.keycloak.ServiceWithoutToken/mp-rest/uri=http://localhost:8081/protected quarkus.oidc.application-type=web-app diff --git a/integration-tests/oidc-token-propagation-reactive/src/test/java/io/quarkus/it/keycloak/OidcTokenReactivePropagationTest.java b/integration-tests/oidc-token-propagation-reactive/src/test/java/io/quarkus/it/keycloak/OidcTokenReactivePropagationTest.java index df2184d15568a..7a4cb646a36f0 100644 --- a/integration-tests/oidc-token-propagation-reactive/src/test/java/io/quarkus/it/keycloak/OidcTokenReactivePropagationTest.java +++ b/integration-tests/oidc-token-propagation-reactive/src/test/java/io/quarkus/it/keycloak/OidcTokenReactivePropagationTest.java @@ -29,8 +29,11 @@ public void testGetUserNameWithAccessTokenPropagation() throws Exception { loginForm.getInputByName("password").setValueAttribute("alice"); TextPage textPage = loginForm.getInputByName("login").click(); + assertEquals("Bearer:alice", textPage.getContent()); + + textPage = webClient.getPage("http://localhost:8081/frontend/id-token-propagation"); + assertEquals("ID:alice", textPage.getContent()); - assertEquals("alice", textPage.getContent()); webClient.getCookieManager().clearCookies(); } }