CODEWITHSUNDEEP
quarkusmicroprofile
Niklas Heidloff
Niklas Heidloff

Reputation: 962

How to use @IdToken in Quarkus Apps when application-type=service?

I can access @IdToken when running this Quarkus guide: https://quarkus.io/guides/security-openid-connect-web-authentication. It uses "quarkus.oidc.application-type=web-app".

However when I try to access @IdToken in this other Quarkus guide (https://quarkus.io/guides/security-openid-connect), I get the following exception:

io.quarkus.oidc.OIDCException: Current identity is not associated with an ID token

The only difference that I see is that the second guide uses "quarkus.oidc.application-type=service" which is the default.

I've tried to pass in both an access token and an id token, which I retrieve from Keycloak earlier, in the Authorization header, but without luck.

How can I get @IdToken to work to protect service applications as in the second guide?

To reproduce copy this snippet in https://github.com/quarkusio/quarkus-quickstarts/blob/master/security-openid-connect-quickstart/src/main/java/org/acme/security/openid/connect/UsersResource.java:

@Inject
@IdToken
JsonWebToken idToken;

@GET
@RolesAllowed("user")
@Path("/myname")
public String getUserName() {
   return idToken.getName();
}

Thanks!

Upvotes: 0

Views: 1303

Answers (1)

Sergey Beryozkin
Sergey Beryozkin

Reputation: 863

Quarkus OIDC service applications can only deal with the bearer tokens coming with the HTTP Authorization header. Quarkus OIDC web-app applications are extracting ID and access tokens from the authorization code grant response. So for the service application you can get the name directly from the access token. If the access token is opaque/binary then the user name will be returned with the token instrospection response and can be accessed from Principal.getName()(supported starting from Quarkus 1.6.0.CR1) HTH

Upvotes: 2

Related Questions