Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for single same uri redirects for OIDC WebClient #43938

Merged
merged 1 commit into from
Oct 18, 2024

Conversation

sberyozkin
Copy link
Member

Fixes #43937.

This PR enables a single time redirect support when one of GET OidcProvider endpoints (discovery, JWK, or UserInfo) request a redirect exactly to the same URI, as long as one or more cookies are available during such redirect.

it is impossible to avoid adding a property in this case. Some users may already depending on the auto-redirect feature without cookies.

@sberyozkin sberyozkin requested a review from cescoffier October 17, 2024 16:41
@sberyozkin sberyozkin force-pushed the limited_oidc_client_redirect branch from e83a4e4 to 65f1fb7 Compare October 17, 2024 16:42
Copy link
Member

@cescoffier cescoffier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Do you think we should document this feature?

Copy link

github-actions bot commented Oct 17, 2024

🙈 The PR is closed and the preview is expired.

This comment has been minimized.

This comment has been minimized.

@sberyozkin
Copy link
Member Author

@cescoffier Thanks, sure, will have a look

@sberyozkin
Copy link
Member Author

Hi @cescoffier, I've started documenting it, and thought, may be we should do it when, at some point, the same is supported at the WebClient level, otherwise I'm not sure how to say in the docs: if you'd like to have a same URI redirect supported you must disable auto-following redirects, which does not read very logical :-). I can still do it though if you prefer.
JavaDocs for the OidcCommonConfig#follow-redirects does describe what happens if it is set to false, so may be we can keep this option quite low profile for the moment until Vert.x 5 might start supporting it ?

@sberyozkin
Copy link
Member Author

@cescoffier Let me actually add a few lines

@sberyozkin sberyozkin force-pushed the limited_oidc_client_redirect branch from 65f1fb7 to 5bbcc83 Compare October 18, 2024 13:11
@quarkus-bot quarkus-bot bot added area/docstyle issues related for manual docstyle review area/documentation labels Oct 18, 2024
@sberyozkin
Copy link
Member Author

@cescoffier Docs updated, that should be better now

Copy link

quarkus-bot bot commented Oct 18, 2024

Status for workflow Quarkus Documentation CI

This is the status report for running Quarkus Documentation CI on commit 5bbcc83.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

Warning

There are other workflow runs running, you probably need to wait for their status before merging.

Copy link

quarkus-bot bot commented Oct 18, 2024

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit 5bbcc83.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@sberyozkin sberyozkin merged commit 5f24ee0 into quarkusio:main Oct 18, 2024
26 checks passed
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Oct 18, 2024
@quarkus-bot quarkus-bot bot added this to the 3.17 - main milestone Oct 18, 2024
@sberyozkin sberyozkin deleted the limited_oidc_client_redirect branch October 18, 2024 14:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/docstyle issues related for manual docstyle review area/documentation area/oidc kind/enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Provide limited redirect support for OIDC Web client when auto-redirect is disabled
2 participants