Removing redundant code, adding jwks_path property

docs/src/main/asciidoc/oidc-guide.adoc

@@ -144,7 +144,6 @@ The OpenID Connect extension allows you to define the adapter configuration usin
 ----
 quarkus.oidc.auth-server-url=http://localhost:8180/auth/realms/quarkus
 quarkus.oidc.client-id=backend-service
-quarkus.oidc.credentials.secret=secret
 ----
 
 === Configuring CORS

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcConfig.java

@@ -20,11 +20,16 @@ public class OidcConfig {
     String authServerUrl;
 
     /**
-     * Relative path of the RFC7662 introspection service address.
-     * Default value is currently set to the path supported by Keycloak.
+     * Relative path of the RFC7662 introspection service.
      */
-    @ConfigItem(defaultValue = "/protocol/openid-connect/token/introspect")
-    String introspectionPath;
+    @ConfigItem
+    Optional<String> introspectionPath;
+
+    /**
+     * Relative path of the OIDC service returning a JWK set.
+     */
+    @ConfigItem
+    Optional<String> jwksPath;
 
     /**
      * Public key for the local JWT token verification.

extensions/oidc/runtime/src/main/java/io/quarkus/oidc/VertxKeycloakRecorder.java

@@ -1,7 +1,5 @@
 package io.quarkus.oidc;
 
-import java.security.SecureRandom;
-import java.util.Base64;
 import java.util.concurrent.CompletableFuture;
 
 import io.quarkus.arc.runtime.BeanContainer;
@@ -13,7 +11,6 @@
 import io.vertx.ext.auth.PubSecKeyOptions;
 import io.vertx.ext.auth.oauth2.OAuth2Auth;
 import io.vertx.ext.auth.oauth2.OAuth2ClientOptions;
-import io.vertx.ext.auth.oauth2.OAuth2FlowType;
 import io.vertx.ext.auth.oauth2.providers.KeycloakAuth;
 
 @Recorder
@@ -25,7 +22,14 @@ public void setup(OidcConfig config, RuntimeValue<Vertx> vertx, BeanContainer be
         // Base IDP server URL
         options.setSite(config.authServerUrl);
         // RFC7662 introspection service address
-        options.setIntrospectionPath(config.introspectionPath);
+        if (config.introspectionPath.isPresent()) {
+            options.setIntrospectionPath(config.introspectionPath.get());
+        }
+
+        // RFC7662 JWKS service address
+        if (config.jwksPath.isPresent()) {
+            options.setJwkPath(config.jwksPath.get());
+        }
 
         if (config.clientId.isPresent()) {
             options.setClientID(config.clientId.get());
@@ -40,16 +44,6 @@ public void setup(OidcConfig config, RuntimeValue<Vertx> vertx, BeanContainer be
                     .setPublicKey(config.publicKey.get()));
         }
 
-        //TODO: remove this temporary code block
-        byte[] bogus = new byte[512];
-        new SecureRandom().nextBytes(bogus);
-
-        options.addPubSecKey(
-                new PubSecKeyOptions().setSymmetric(true).setPublicKey(Base64.getEncoder().encodeToString(bogus))
-                        .setAlgorithm("HS512"));
-        options.setFlow(OAuth2FlowType.AUTH_JWT);
-        // End of the temporary code block
-
         CompletableFuture<OAuth2Auth> cf = new CompletableFuture<>();
         KeycloakAuth.discover(vertx.getValue(), options, new Handler<AsyncResult<OAuth2Auth>>() {
             @Override

integration-tests/oidc/src/main/resources/application.properties

@@ -1,5 +1,4 @@
 # Configuration file
 quarkus.oidc.auth-server-url=${keycloak.url}/realms/quarkus
 quarkus.oidc.client-id=quarkus-app
-quarkus.oidc.credentials.secret=secret
 quarkus.http.cors=true