Support OIDC cookie-path-header and storing id and refresh tokens #14227

sberyozkin · 2021-01-11T14:49:37Z

Fixes #14189
Fixes #13485

This PR:

Makes it possible to use the headers such as X-Forwarded-Prefix to set a cookie path. This is important in the cases where unique SSO sessions/applications are managed with the same domain, such as example.org/app1 and example.org/app2
Added a missing ID + Refresh default token strategy - this should be recommended for all the cases where the access token is not required - which is likely to be 70-80% cases
tests and docs have been updated

gastaldi

Added some comments and found some minor typos. Looks good overall

docs/src/main/asciidoc/security-openid-connect-web-authentication.adoc

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcRecorder.java

sberyozkin · 2021-01-12T08:52:18Z

@pedroigor thanks Pedro, @gastaldi are you OK now with the applied changes ?

gastaldi

Sure, LGTM. Good job 😉

sberyozkin · 2021-01-12T11:47:04Z

@gastaldi without you the security docs would not be a joy to read :-).

gastaldi · 2021-01-12T12:48:21Z

@sberyozkin thank you but you are the one writing the text, I am just watching for typos ;)

sberyozkin added this to the 1.12 - master milestone Jan 11, 2021

sberyozkin requested review from gastaldi and pedroigor January 11, 2021 14:49

ghost added area/documentation area/oidc labels Jan 11, 2021

gastaldi requested changes Jan 11, 2021

View reviewed changes

Support OIDC cookie-path-header and storing id and refresh tokens

73a5024

sberyozkin force-pushed the oidc_cookie_improvements branch from 48ba32b to 73a5024 Compare January 11, 2021 17:26

pedroigor approved these changes Jan 11, 2021

View reviewed changes

gastaldi approved these changes Jan 12, 2021

View reviewed changes

sberyozkin merged commit d0ed9c6 into quarkusio:master Jan 12, 2021

sberyozkin deleted the oidc_cookie_improvements branch January 12, 2021 11:47

Provide feedback