Cannot override OAuth URL at run time

[berkyvz]

Describe the bug
We decide to use Quarkus in cloud native application as a company but it seems there is a bug. I can not change the properties of quarkus.oauth2
Expected behavior
The oauth properties should be change in runtime without using profile.
Actual behavior
Github Link : https://github.com/berkyvz/quarkus-issues/tree/master/quarkus-oauth2
I have a project with quarkus 1.0.0.Final with gradle. There is .properties file that keeping OAuth properties. The properties shown below;

quarkus.oauth2.client-id=SampleClientId
quarkus.oauth2.client-secret=secret
quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect

I am trying to override these properties with using -D flags at run time. Actually, It seems like it is changing the properties. However, the truth is it can't change the quarkus.oauth2.introspection-url property. I am building project with command ./gradlew clean buildNative --docker-build=true and run with

./build/quarkus-oauth2-0.0.1-SNAPSHOT-runner -Dquarkus.oauth2.client-id=SampleClientId-native -Dquarkus.oauth2.client-secret=secret-native  -Dquarkus.oauth2.introspection-url=http://abc:8081/auth/oauth/introspect-native -Dquarkus.log.level=DEBUG

When I call the controller that simply returns the configuration properties as HashMap<String,String>, the reponse is shown below as JSON;

{
    "quarkus.oauth2.introspection-url": "http://abc:8081/auth/oauth/introspect-native",
    "quarkus.oauth2.client-secret": "secret-native",
    "quarkus.oauth2.client-id": "SampleClientId-native"
}

The controller;
hello/props

@ConfigProperty(name = "quarkus.oauth2.client-id")
private String clientId;
	
@ConfigProperty(name = "quarkus.oauth2.client-secret")
private String clientSecret;
	
@ConfigProperty(name = "quarkus.oauth2.introspection-url")
private String introspectionURL;
	
	
@GET
@Path("/props")
@Produces(MediaType.APPLICATION_JSON)
public HashMap<String, String> getProps(){
	HashMap<String, String> props = new HashMap<String, String>();
	props.put("quarkus.oauth2.client-id", clientId);
	props.put("quarkus.oauth2.client-secret", clientSecret);
	props.put("quarkus.oauth2.introspection-url", introspectionURL);
	return props;
}

But when I send the request to http://localhost:8080/hello/secure it is not using the new prop, it stil uses the localhost instead of http://abc:8081/auth/oauth/introspect-native

The secure controller hello/secure;

@GET
@Path("/secure")
@Produces(MediaType.TEXT_PLAIN)
public String helloRolesAllowed(@Context SecurityContext ctx) {
	Principal caller = ctx.getUserPrincipal();
	String name = caller == null ? "anonymous" : caller.getName();
	return "example";
}

The logs

2019-11-27 12:42:24,378 DEBUG [org.wil.security] (executor-thread-1) Opening connection to token introspection endpoint [http://localhost:8081/auth/oauth/introspect]

Why /props controller send the props as "quarkus.oauth2.introspection-url": "http://abc:8081/auth/oauth/introspect-native" but OAuth still send the request to the http://localhost:8081/auth/oauth/introspect. In addition to this, It works in .jar build package.

To Reproduce
Steps to reproduce the behavior:

1. git clone https://github.com/berkyvz/quarkus-oauth2.git
2. cd quarkus-oauth2
3. /gradlew clean buildNative --docker-build=true
4. ./build/quarkus-oauth2-0.0.1-SNAPSHOT-runner -Dquarkus.oauth2.client-id=SampleClientId-native -Dquarkus.oauth2.client-secret=secret-native -Dquarkus.oauth2.introspection-url=http://abc:8081/auth/oauth/introspect-native -Dquarkus.log.level=DEBUG

Configuration

quarkus.oauth2.client-id=SampleClientId
quarkus.oauth2.client-secret=secret
quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect

Screenshots
(If applicable, add screenshots to help explain your problem.)

Environment (please complete the following information):

• Output of uname -a or ver: Linux berk-yavuz 4.15.0-70-generic OpenTracing -- DOES NOT WORK #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
• Output of java -version: openjdk version "1.8.0_232"
• GraalVM version (if different from Java): OpenJDK 64-Bit GraalVM CE 19.2.1 (build 25.232-b07-jvmci-19.2-b03, mixed mode)
• Quarkus version or git rev: 1.0.0.Final

[loicmathieu]

@berkyvz is the issue only occurs on JVM mode or is it a native only issue ?

[muratkarakas]

It is a native only issue. It works in JVM mode and dev mode

[sberyozkin]

@loicmathieu Hi Loic, looks like it is still needed to make the configuration runtime init.
I'm starting thinking now it can be faster to fix #4416

[muratkarakas]

@sberyozkin Hi, as I understood there are two options for oauth2 client (elytron & oidc). Which one is recommended. If oidc is recommended and it does not have this issue, we can go with it.

[sberyozkin]

@muratkarakas if you use a JWT OIDC token then quarkus-oidc will work OOB.
But if this token is coming from a non-certified OIDC provider then quarkus-oidc will likely not work just yet (well, we don't have a test - so I don't know if quarkus-oidc will use a custom introspection-path property instead of trying to use an OAuth2 discovery protocol, or how it will deal with the opaque tokens), I'll open an issue to track it

[muratkarakas]

@sberyozkin thanks for your response, we are using simple token with custom auth2server(springboot based). I have tested quarkus-oidc with it but it did not work because of compatibility issues(realm url etc..). Currently we are using quarkus profile feature as a work around solution

quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect
%prod.quarkus.oauth2.introspection-url= http://auth-server:8081/auth/oauth/introspect

[loicmathieu]

Fixed via #5937