Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce a version of @OidcClientFilter for the reactive client #28451

Merged
merged 4 commits into from Oct 10, 2022
Merged

Introduce a version of @OidcClientFilter for the reactive client #28451

merged 4 commits into from Oct 10, 2022

Conversation

geoand
Copy link
Contributor

@geoand geoand commented Oct 7, 2022

Closes: #16522

@geoand geoand mentioned this pull request Oct 7, 2022
Closed
@geoand geoand requested a review from sberyozkin October 7, 2022 14:46
@sberyozkin
Copy link
Member

sberyozkin commented Oct 7, 2022
edited

Oh wow, just stepped outside for a late lunch and the issue is already resolved :-), thanks @geoand, that should be useful for Resteasy Reactive users for sure.

I'd only like to wait for @rsvoboda for us to discuss how to handle this @OidcClientFilter, I think just having a package name changed is OK, very minor migration effort, I was considering pushing it down to quarkus-oidc-client where it would be misplaced or creating oidc-client-filter-common which seems unnecessary, and it would not solve a similar problem for oidc-token-propagation-reactive, so it look fine to me, @rsvoboda are you OK with only a package name having to be changed for @OidcClientFilter ? As discussed separately, it is likely one can expect some minor migration effort anyway for some moderate complexity REST applications, so the annotation package name change for this annotation is not a problem I believe.

@sberyozkin
Copy link
Member

I'll follow up next week with another PR to support a similar mechanism for oidc-token-propagation-reactive

@quarkus-bot

This comment has been minimized.

Sign in to view
@geoand
Copy link
Contributor Author

geoand commented Oct 7, 2022

@sberyozkin I agree with your concern, so let's wait for the discussion before merging

@sberyozkin
Copy link
Member

sberyozkin commented Oct 7, 2022
edited

@geoand Can you please update https://quarkus.io/guides/security-openid-connect-client-reference#oidc-client-reactive-filter a bit, when you'll have a few mins, it currently says , and it currently can only be registered with org.eclipse.microprofile.rest.client.annotation.RegisterProvider annotation: followed by one example, but you can just copy the block from the section below which has You can selectively register OidcClientRequestFilter by using either io.quarkus.oidc.client.filter.OidcClientFilter or org.eclipse.microprofile.rest.client.annotation.RegisterProvider annotations: followed by two examples and change the package and then we can tweak it a bit as needed.

@geoand
Copy link
Contributor Author

geoand commented Oct 7, 2022

@sberyozkin good point. Done

@quarkus-bot quarkus-bot bot added this to To do in Quarkus Documentation Oct 7, 2022
@sberyozkin
Copy link
Member

@geoand Good stuff, thanks

@quarkus-bot
Copy link

quarkus-bot bot commented Oct 7, 2022

Failing Jobs - Building 6a9327a

Status Name Step Failures Logs Raw logs
✔️ JVM Tests - JDK 11
✔️ JVM Tests - JDK 17
JVM Tests - JDK 17 MacOS M1 Set up runner ⚠️ Check → Logs Raw logs
✔️ JVM Tests - JDK 18

@rsvoboda
Copy link
Member

rsvoboda commented Oct 7, 2022

Personally I would prefer creating oidc-client-filter-common to have the same FQCN for OidcClientFilter.
This way migration would be transparent for the end users, they would just update the dependencies (or cli update command one day). The is also oidc-token-propagation extension with AccessToken annotation.

Maybe there could be oidc-common or oidc-annotations which would include both io.quarkus.oidc.token.propagation.AccessToken and io.quarkus.oidc.client.filter.OidcClientFilter.

@sberyozkin
Copy link
Member

@rsvoboda We already have oidc-common but I'm not sure yet we need to move these annotations down to it, I mean, if a user is switching to the reactive client filter, they may as well change their REST service methods to return Uni<String> instead of String, see what I mean, the migration is very likely to happen anyway...
Moving them to oidc-common is an option but I'm hesitating a bit...

@sberyozkin
Copy link
Member

sberyozkin commented Oct 7, 2022
edited

oidc-token-propagation does not depend on any of oidc dependencies as it just propagates the tokens - they may come from smallrye-jwt, so if only @OidcClientFilter were to be moved then I guess it would be better if it landed in oidc-client, that would still leave the option of introducing some other common module at some later stage but for now it is not obvious it is necessary.
Lets see early next week :-)

@geoand
Copy link
Contributor Author

geoand commented Oct 10, 2022
edited

I think what @rsvoboda is proposing is to move the annotation to a new module, that will then be shared by both old and new (reactive) implementations.

I personally think that makes sense.

@sberyozkin
Copy link
Member

Hi @geoand Sure, I think for now I can move it to quarkus-oidc-client as both quarkus-oidc-client-filter and quarkus-oidc-client-reactive-filter depend on it. We also have quarkus-oidc-common which quarkus-oidc-client and quarkus-oidc depend upon, but I'm not sure about moving it to quarkus-oidc-common as another pair of extensions where such a transition will currently require the package name update is quarkus-oidc-token-propagation and quarkus-oidc-token-propagation-reactive - but these extensions don't depend on quarkus-oidc-common.

So moving @OidcClientFilter to quarkus-oidc-client will address the specific concerns from Rostislav, while will keep the option open for quarkus-oidc-client-common if we decide to do something similar for quarkus-oidc-token-propagation - or may be for the quarkus-oidc-token-propagation to quarkus-oidc-token-propagation-reactve transition we can push the related annotations to the already existing quarkus-security.

@geoand
Copy link
Contributor Author

geoand commented Oct 10, 2022

@sberyozkin +1.

I propose merging this for now and then you can handle the modules as you see fit. Does that sound good?

@sberyozkin
Copy link
Member

@geoand Sure, sounds good, I was just about to check out your branch but yeah, would be simpler to follow up, I'll open a new issue/PR straight afterwards, thanks

@sberyozkin sberyozkin merged commit eca22f0 into quarkusio:main Oct 10, 2022
Quarkus Documentation automation moved this from To do to Done Oct 10, 2022
@quarkus-bot quarkus-bot bot added this to the 2.14 - main milestone Oct 10, 2022
@quarkus-bot quarkus-bot bot added the kind/enhancement New feature or request label Oct 10, 2022
@geoand
Copy link
Contributor Author

geoand commented Oct 10, 2022

🎉

@geoand geoand deleted the #16522 branch October 10, 2022 11:37
@gsmet gsmet modified the milestones: 2.14 - main, 2.13.2.Final Oct 10, 2022
@sberyozkin sberyozkin mentioned this pull request Nov 9, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sberyozkin sberyozkin sberyozkin approved these changes

Assignees
No one assigned
Labels
area/documentation area/resteasy-reactive kind/enhancement New feature or request
Projects
Quarkus Documentation
Done
Milestone
2.13.2.Final
Development

Successfully merging this pull request may close these issues.

Enhance RestClient Reactive to support registering providers via custom annotations
4 participants
@geoand @sberyozkin @rsvoboda @gsmet