From d6ea48207139f6052138bb570072e52fb3d10f8f Mon Sep 17 00:00:00 2001
From: Sergey Beryozkin <sberyozkin@gmail.com>
Date: Tue, 23 Aug 2022 16:05:27 +0100
Subject: [PATCH] Make sending OIDC client id with introspection credentials
 optional

---
 .../java/io/quarkus/oidc/OidcTenantConfig.java     | 14 ++++++++++++++
 .../quarkus/oidc/runtime/OidcProviderClient.java   |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
index 2e0022e7210ae..9c6385e9acfba 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
@@ -112,6 +112,12 @@ public static class IntrospectionCredentials {
         @ConfigItem
         public Optional<String> secret = Optional.empty();
 
+        /**
+         * Include OpenId Connect Client ID configured with 'quarkus.oidc.client-id'
+         */
+        @ConfigItem(defaultValue = "true")
+        public boolean includeClientId = true;
+
         public Optional<String> getName() {
             return name;
         }
@@ -128,6 +134,14 @@ public void setSecret(String secret) {
             this.secret = Optional.of(secret);
         }
 
+        public boolean isIncludeClientId() {
+            return includeClientId;
+        }
+
+        public void setIncludeClientId(boolean includeClientId) {
+            this.includeClientId = includeClientId;
+        }
+
     }
 
     /**
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java
index 6ac9e9baccefc..a611c49466130 100644
--- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java
+++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClient.java
@@ -126,7 +126,7 @@ private UniOnItem<HttpResponse<Buffer>> getHttpResponse(String uri, MultiMap for
         request.putHeader(ACCEPT_HEADER, APPLICATION_JSON);
         if (introspect && introspectionBasicAuthScheme != null) {
             request.putHeader(AUTHORIZATION_HEADER, introspectionBasicAuthScheme);
-            if (oidcConfig.clientId.isPresent()) {
+            if (oidcConfig.clientId.isPresent() && oidcConfig.introspectionCredentials.includeClientId) {
                 formBody.set(OidcConstants.CLIENT_ID, oidcConfig.clientId.get());
             }
         } else if (clientSecretBasicAuthScheme != null) {