Strip the scheme value from the OIDC proxy host

extensions/keycloak-authorization/runtime/src/main/java/io/quarkus/keycloak/pep/runtime/KeycloakPolicyEnforcerRecorder.java

@@ -1,5 +1,6 @@
 package io.quarkus.keycloak.pep.runtime;
 
+import java.net.URI;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Optional;
@@ -90,8 +91,11 @@ private static PolicyEnforcer createPolicyEnforcer(OidcTenantConfig oidcConfig,
         adapterConfig.setConnectionPoolSize(keycloakPolicyEnforcerConfig.connectionPoolSize);
 
         if (oidcConfig.proxy.host.isPresent()) {
-            adapterConfig.setProxyUrl(oidcConfig.proxy.host.get() + ":"
-                    + oidcConfig.proxy.port);
+            String host = oidcConfig.proxy.host.get();
+            if (!host.startsWith("http")) {
+                host = URI.create(authServerUrl).getScheme() + "://" + host;
+            }
+            adapterConfig.setProxyUrl(host + ":" + oidcConfig.proxy.port);
         }
 
         PolicyEnforcerConfig enforcerConfig = getPolicyEnforcerConfig(keycloakPolicyEnforcerConfig,

extensions/oidc-common/runtime/pom.xml

@@ -42,6 +42,11 @@
             <groupId>io.quarkus</groupId>
             <artifactId>quarkus-smallrye-jwt-build</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.quarkus</groupId>
+            <artifactId>quarkus-junit5-internal</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

extensions/oidc-common/runtime/src/main/java/io/quarkus/oidc/common/runtime/OidcCommonUtils.java

@@ -228,7 +228,14 @@ public static Optional<ProxyOptions> toProxyOptions(OidcCommonConfig.Proxy proxy
             return Optional.empty();
         }
         JsonObject jsonOptions = new JsonObject();
-        jsonOptions.put("host", proxyConfig.host.get());
+        // Vert.x Client currently does not expect a host having a scheme but keycloak-authorization expects scheme and host.
+        // Having a dedicated scheme property is probably better, but since it is property is not taken into account in Vertx Client
+        // it does not really make sense as it can send a misleading message that users can choose between `http` and `https`.
+        String host = URI.create(proxyConfig.host.get()).getHost();
+        if (host == null) {
+            host = proxyConfig.host.get();
+        }
+        jsonOptions.put("host", host);
         jsonOptions.put("port", proxyConfig.port);
         if (proxyConfig.username.isPresent()) {
             jsonOptions.put("username", proxyConfig.username.get());

extensions/oidc-common/runtime/src/test/java/io/quarkus/oidc/common/runtime/OidcCommonUtilsTest.java

@@ -0,0 +1,45 @@
+package io.quarkus.oidc.common.runtime;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.net.URI;
+import java.util.Optional;
+
+import org.junit.jupiter.api.Test;
+
+import io.vertx.core.net.ProxyOptions;
+
+public class OidcCommonUtilsTest {
+
+    @Test
+    public void testProxyOptionsWithHostWithoutScheme() throws Exception {
+        OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy();
+        config.host = Optional.of("localhost");
+        config.port = 8080;
+        config.username = Optional.of("user");
+        config.password = Optional.of("password");
+
+        ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get();
+        assertEquals("localhost", options.getHost());
+        assertEquals(8080, options.getPort());
+        assertEquals("user", options.getUsername());
+        assertEquals("password", options.getPassword());
+    }
+
+    @Test
+    public void testProxyOptionsWithHostWithScheme() throws Exception {
+        OidcCommonConfig.Proxy config = new OidcCommonConfig.Proxy();
+        config.host = Optional.of("http://localhost");
+        config.port = 8080;
+        config.username = Optional.of("user");
+        config.password = Optional.of("password");
+
+        assertEquals("http", URI.create(config.host.get()).getScheme());
+
+        ProxyOptions options = OidcCommonUtils.toProxyOptions(config).get();
+        assertEquals("localhost", options.getHost());
+        assertEquals(8080, options.getPort());
+        assertEquals("user", options.getUsername());
+        assertEquals("password", options.getPassword());
+    }
+}