Skip to content

Conversation

@melix
Copy link
Collaborator

@melix melix commented Jun 28, 2022

This commit introduces an OAuth2 test resource module, which would
be automatically enabled if the micronaut-security-oauth2 module
is found on classpath.

This module currently only defines a single resolver for Keycloak.

This commit introduces an OAuth2 test resource module, which would
be automatically enabled if the `micronaut-security-oauth2` module
is found on classpath.

This module currently only defines a single resolver for Keycloak.
@melix melix added this to the 1.0.0-M5 milestone Jun 28, 2022
@melix melix self-assigned this Jun 28, 2022
@melix melix added the type: improvement A minor improvement to an existing feature label Jun 28, 2022
@melix
Copy link
Collaborator Author

melix commented Jun 28, 2022

@sdelamo I'd be glad to get your feedback on this. Especially, I'm not sure what properties make sense to provide. I wrote a simple test which seems to work fine, but you'd better take a look. The provider is also supposed to provide JWT tokens, but for this I have no idea how to test it.

There's a question we must answer: this new oauth test resource module would be added automatically if micronaut-security-oauth2 is on classpath. However, as I understand, you can have many oauth2 clients. This means that potentially, if we add, say, support for Cognito, then we would automatically spawn a container for Keycloak and Cognito, if I understand properly. Or is there a way to restrict the clients?

@sonarqubecloud
Copy link

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 2 Code Smells

86.0% 86.0% Coverage
0.0% 0.0% Duplication

@melix
Copy link
Collaborator Author

melix commented Jun 29, 2022

Looking at build results, it appears that this module cannot be used with Java 8. This can be an issue with inference, in case a Java 8 app uses Micronaut Security Oauth2. However, there's a workaround which is to disable inference in this case.

@melix melix removed this from the 1.0.0-M5 milestone Jun 29, 2022
@morki
Copy link

morki commented Jul 4, 2022

Hi @melix, thank you very much for this module, but I have a question. From the code, it seems it is hardcoded to provider name "keycloak" in the configuration and enabled only for this one provider name. We use custom provider names and multiple providers (all backed by keycloak). Will it be supported in this case? I think it should be more open like datasources.

@melix
Copy link
Collaborator Author

melix commented Jul 5, 2022

I'm missing experience with OAuth2 configuration in general to tell if it's doable or not. Test resources need a way to figure out that it's a keycloak server which needs to be spawned. Currently it uses the clients.keycloak property for this. If we can't use that, what should we use instead?

@morki
Copy link

morki commented Jul 5, 2022

In my opinion, we should add support to security module. some new property like vendor for every provider.

It is connected to this issue micronaut-projects/micronaut-security#1024 (comment).

Maybe we should consider implementing this first and replace existing automatic "guesing" in EndSessionEndpointResolver.

What do you think @sdelamo?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

type: improvement A minor improvement to an existing feature

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants