Add OIDC login to Helidon

pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>io.helidon.applications</groupId>
         <artifactId>helidon-mp</artifactId>
-        <version>2.5.0</version>
+        <version>3.0.0-M1</version>
         <relativePath/>
     </parent>
     <groupId>com.example</groupId>
@@ -27,6 +27,10 @@
             <groupId>io.helidon.microprofile.health</groupId>
             <artifactId>helidon-microprofile-health</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.helidon.microprofile</groupId>
+            <artifactId>helidon-microprofile-oidc</artifactId>
+        </dependency>
         <dependency>
             <groupId>io.helidon.microprofile.jwt</groupId>
             <artifactId>helidon-microprofile-jwt-auth</artifactId>

src/main/java/com/example/HelloApplication.java

@@ -1,10 +1,12 @@
 package com.example;
 
 import com.example.controller.HelloResource;
+import com.example.controller.HomeResource;
 import org.eclipse.microprofile.auth.LoginConfig;
 
-import javax.enterprise.context.ApplicationScoped;
-import javax.ws.rs.core.Application;
+import jakarta.enterprise.context.ApplicationScoped;
+import jakarta.ws.rs.core.Application;
+
 import java.util.Set;
 
 @LoginConfig(authMethod = "MP-JWT")
@@ -13,6 +15,6 @@ public class HelloApplication extends Application {
 
     @Override
     public Set<Class<?>> getClasses() {
-        return Set.of(HelloResource.class);
+        return Set.of(HelloResource.class, HomeResource.class);
     }
 }

src/main/java/com/example/controller/HelloResource.java

@@ -3,13 +3,13 @@
 import io.helidon.security.Principal;
 import io.helidon.security.SecurityContext;
 
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.Context;
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.Produces;
+import jakarta.ws.rs.core.Context;
 import java.util.Optional;
 
-import static javax.ws.rs.core.MediaType.TEXT_PLAIN;
+import static jakarta.ws.rs.core.MediaType.TEXT_PLAIN;
 
 @Path("/hello")
 public class HelloResource {

src/main/java/com/example/controller/HomeResource.java

@@ -0,0 +1,24 @@
+package com.example.controller;
+
+import io.helidon.security.SecurityContext;
+import io.helidon.security.annotations.Authenticated;
+
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.Context;
+
+@Path("/")
+public class HomeResource {
+
+    /**
+     * Hello world using security context.
+     * @param securityContext context as established during login
+     * @return a string with current username
+     */
+    @Authenticated
+    @GET
+    public String home(@Context SecurityContext securityContext) {
+        return "Hello: " + securityContext.userName();
+    }
+
+}

src/main/resources/META-INF/microprofile-config.properties

@@ -7,3 +7,15 @@ metrics.rest-request.enabled=true
 
 mp.jwt.verify.issuer=${CLI_OKTA_ISSUER}
 mp.jwt.verify.publickey.location=${mp.jwt.verify.issuer}/v1/keys
+
+security.properties.oidc-issuer=${mp.jwt.verify.issuer}
+security.properties.oidc-client-id=${CLI_OKTA_CLIENT_ID}
+security.properties.oidc-client-secret=${CLI_OKTA_CLIENT_SECRET}
+
+security.providers.0.abac=true
+security.providers.1.oidc.header-atn=true
+security.providers.1.oidc.oidc-metadata-well-known=false
+security.providers.1.oidc.client-id=${CLI_OKTA_CLIENT_ID}
+security.providers.1.oidc.client-secret=${CLI_OKTA_CLIENT_SECRET}
+security.providers.1.oidc.identity-uri=/oidc/identity
+security.providers.1.oidc.redirect-uri=/oidc/redirect