Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support OIDC hybrid application type #12320

Merged
merged 1 commit into from
Sep 29, 2020
Merged

Support OIDC hybrid application type #12320

merged 1 commit into from
Sep 29, 2020

Conversation

sberyozkin
Copy link
Member

@sberyozkin sberyozkin commented Sep 24, 2020
edited
Loading

Fixes #12297

This PR introduces a hybrid application type. Effectively it allows the users to optimize the configuration, collapse 2 nearly identical tenant configuration into one, see the test, tenant-hybrid-webapp + tenant-hybrid-service vs a single tenant-hybrid-webapp-service in the situations where a user wants to drive the authentication based on the presence of the Authorization header. If it is set - it is Bearer auth, if not - code flow.

This is a visible optimization and to be honest I'd not be too keen on it because one can just avoid this static configuration duplication with TenantConfigResolver but the main saving comes from sharing a single Keycloak connection.

When we have 2 tenants then per every tenant there will be its own Vert.X OAuth connection - which is fine when one has different realms, but in this case, one would also have a duplicate local JWT set copy, which is sub-optimal.

So, hybrid does not introduce any new flow, it simply allows to optimize the way the 2 tenants which differ only by its type (service vs web-app) can be configured

@sberyozkin sberyozkin added this to the 1.9.0 - master milestone Sep 24, 2020
@sberyozkin
Copy link
Member Author

Sorry, a bit more work is needed here

@sberyozkin sberyozkin closed this Sep 24, 2020
@sberyozkin sberyozkin reopened this Sep 24, 2020
@sberyozkin sberyozkin mentioned this pull request Sep 24, 2020
Closed
pedroigor
pedroigor approved these changes Sep 28, 2020
View reviewed changes
Copy link
Contributor

@pedroigor pedroigor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sberyozkin Only one nitpick, feel free to accept it or just ignore it. Otherwise, looks like a good addition for those doing both types from within the same application (although not recommended, life easier for devs :)).

@sberyozkin sberyozkin merged commit 138acdb into quarkusio:master Sep 29, 2020
@sberyozkin sberyozkin deleted the oidc_hybrid_app branch September 29, 2020 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stuartwdouglas stuartwdouglas stuartwdouglas approved these changes

@pedroigor pedroigor pedroigor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.9.0.CR1
Development

Successfully merging this pull request may close these issues.

Support OIDC hybrid application type
3 participants
@sberyozkin @stuartwdouglas @pedroigor