File tree Expand file tree Collapse file tree 3 files changed +27
-4
lines changed
extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime
integration-tests/oidc-wiremock/src/main
java/io/quarkus/it/keycloak Expand file tree Collapse file tree 3 files changed +27
-4
lines changed Original file line number Diff line number Diff line change @@ -992,8 +992,8 @@ private CodeAuthenticationStateBean getCodeAuthenticationBean(String[] parsedSta
992992 try {
993993 json = OidcUtils .decryptJson (parsedStateCookieValue [1 ], configContext .getStateCookieEncryptionKey ());
994994 } catch (Exception ex ) {
995- LOG .errorf ("State cookie value can not be decrypted for the %s tenant " ,
996- configContext .oidcConfig ().tenantId ().get ());
995+ LOG .errorf ("State cookie value for the %s tenant can not be decrypted: %s " ,
996+ configContext .oidcConfig ().tenantId ().get (), ex . getMessage () );
997997 throw new AuthenticationCompletionException (ex );
998998 }
999999 bean .setRestorePath (json .getString (OidcUtils .STATE_COOKIE_RESTORE_PATH ));
@@ -1234,7 +1234,8 @@ private String encodeExtraStateValue(CodeAuthenticationStateBean extraStateValue
12341234 try {
12351235 return OidcUtils .encryptJson (json , configContext .getStateCookieEncryptionKey ());
12361236 } catch (Exception ex ) {
1237- LOG .errorf ("State containing the code verifier can not be encrypted: %s" , ex .getMessage ());
1237+ LOG .errorf ("State cookie value for the %s tenant can not be encrypted: %s" ,
1238+ configContext .oidcConfig ().tenantId ().get (), ex .getMessage ());
12381239 throw new AuthenticationCompletionException (ex );
12391240 }
12401241 } else {
Original file line number Diff line number Diff line change 1+ package io .quarkus .it .keycloak ;
2+
3+ import java .util .Collections ;
4+ import java .util .Map ;
5+
6+ import jakarta .enterprise .context .ApplicationScoped ;
7+ import jakarta .inject .Named ;
8+
9+ import io .quarkus .credentials .CredentialsProvider ;
10+
11+ @ ApplicationScoped
12+ @ Named ("vault-secret-provider" )
13+ public class SecretProvider implements CredentialsProvider {
14+
15+ @ Override
16+ public Map <String , String > getCredentials (String credentialsProviderName ) {
17+ return Collections .singletonMap ("secret-from-vault" ,
18+ "AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow" );
19+ }
20+
21+ }
Original file line number Diff line number Diff line change @@ -126,7 +126,8 @@ quarkus.oidc.code-flow-user-info-github-cache-disabled.user-info-path=protocol/o
126126quarkus.oidc.code-flow-user-info-github-cache-disabled.code-grant.extra-params.extra-param =extra-param-value
127127quarkus.oidc.code-flow-user-info-github-cache-disabled.code-grant.headers.X-Custom =XCustomHeaderValue
128128quarkus.oidc.code-flow-user-info-github-cache-disabled.client-id =quarkus-web-app
129- quarkus.oidc.code-flow-user-info-github-cache-disabled.credentials.secret =AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
129+ quarkus.oidc.code-flow-user-info-github-cache-disabled.credentials.client-secret.provider.name =vault-secret-provider
130+ quarkus.oidc.code-flow-user-info-github-cache-disabled.credentials.client-secret.provider.key =secret-from-vault
130131quarkus.oidc.code-flow-user-info-github-cache-disabled.cache-user-info-in-idtoken =false
131132quarkus.oidc.code-flow-user-info-github-cache-disabled.allow-user-info-cache =false
132133
You can’t perform that action at this time.
0 commit comments