keycloak-adapter-core dependency removed from keycloak-authorization extension

[Michael-AT-Corporation]

Describe the bug

I wonder why this dependency was removed. The commit which removed it: e9b0fe6#diff-83c81c8e13b9d247a2cfe901fc91d2db1ebe9cc9c7240e7f90e12f37c4ec15f8
I am using the following import:
import org.keycloak.models.UserModel;
in order to get to the following enum:
UserModel.RequiredAction.UPDATE_PASSWORD

Now this no longer works with quarkus 3.3.0. I couldn't find it anywhere else.

Expected behavior

A way to accces the value for UPDATE_PASSWORD.

Actual behavior

No response

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

3.3.0

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response

[quarkus-bot]

/cc @pedroigor (keycloak), @sberyozkin (keycloak)

[sberyozkin]

@Michael-AT-Corporation AFAIK the changes in #34740 were about supporting, starting from Keycloak 22.0.x, the relocation of the keycloak authorization related code to a new library.

However I don't understand the significance of dropping keycloak-adapter-core.
@pedroigor Can you comment please ? Can this library be added back or is org.keycloak.models.UserModel now available in another library or package ?

Thanks

[sberyozkin]

@Michael-AT-Corporation I'll update the migration note once we have a better picture, or we may have to add it back, lets see what Pedro says. AFAIK, it was not meant to be a breaking kind of change

[sberyozkin]

@Michael-AT-Corporation Hi, we've talked with Pedro @pedroigor. keycloak-adapter-core is no longer relevant to the actual Keycloak Authorization functionality which is why it was dropped with the update to KC 22.0.1.

Can you please try adding this dependency manually to your application and confirm it is not affecting the new KC 22.0.1 integration ?

I guess we can add it back if it is a real problem for you. But carrying this dependency which is not used won't be great for quarkus-keycloak-authorization because the history shows we keep picking up Keycloak server-side CVEs not affecting Quarkus but with the affected code residing in keycloak-adapter-core so dropping it will benefit everyone.

So can you please try adding this dependency and let us know if it works ?

[sberyozkin]

@Michael-AT-Corporation I've added a breaking-change label to #34740, even though it is not affecting the keycloak-authorization itself. I'll add a migration note - but waiting for more feedback, thanks

[Michael-AT-Corporation]

@sberyozkin Yes when i add the dependency manually it works. Thanks for looking into this. :)

[sberyozkin]

@Michael-AT-Corporation Thanks for confirming it.

[pedroigor]

@Michael-AT-Corporation @sberyozkin Yeah, the dependency is no longer needed because the policy enforcer is not based on Keycloak Adapters anymore. The Keycloak Java Adapters are also being removed.

I agree we should avoid (re) introducing it so that people can just add it to their projects whenever needed.

[famod]

I agree we should avoid (re) introducing it so that people can just add it to their projects whenever needed.

I think in that case something should be added to the docs.

[sberyozkin]

Hi all,

I've added a note to https://github.com/quarkusio/quarkus/wiki/Migration-Guide-3.3#keycloak-authorization.

Please update it with further clarifications if you'd like