New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adjust 'challenge' selection so that custom auth mechanism is called #27921
Adjust 'challenge' selection so that custom auth mechanism is called #27921
Conversation
I'm not sure it will work - for example, we have both Basic and OIDC mechanisms enabled at the same time, with this PR the challenge caused by a failing basic auth can be picked by OIDC or the other way around, depending on the sorting order. |
...rtx-http/runtime/src/main/java/io/quarkus/vertx/http/runtime/security/HttpAuthenticator.java
Outdated
Show resolved
Hide resolved
And also say in the docs - that |
607e2a2
to
28f6f49
Compare
Please consider For that reason, I left out setting the context and adjusted docs so that examples will work. I also fixed some invalid method signatures. |
052ee77
to
b00b1ef
Compare
This comment has been minimized.
This comment has been minimized.
Sure, I think we have 2 variations here |
b00b1ef
to
91ab317
Compare
FYI Now just fixed indentation for docs as originally I had it wrong. |
I see, it makes sense. |
91ab317
to
48d0c87
Compare
Failing Jobs - Building 48d0c87
Full information is available in the Build summary check run. Failures⚙️ JVM Tests - JDK 11 #- Failing: extensions/smallrye-reactive-messaging-amqp/deployment
! Skipped: integration-tests/reactive-messaging-amqp 📦 extensions/smallrye-reactive-messaging-amqp/deployment✖
⚙️ JVM Tests - JDK 18 #- Failing: integration-tests/oidc-code-flow
📦 integration-tests/oidc-code-flow✖
|
|
Ah, I can see that's a known issue #27900 |
fixes: #27180
This PR makes sure
io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism#send/getChallenge
of a custom auth mechanism get called. There is an example of HttpAuthenticationMechanism Customization that don't work for me as built-in auth mechanisms put into routing context themselves and this information is used when selecting an auth mechanism for challenge, I've explained actual behavior in depth in linked issue. This solution needs check from an expert (@sberyozkin ) as I only inferred "expected behavior" from PRs submitted in this area.