JWT/Claim Injection in an Endpoint with Basic and JWT Mechanisms

[Akaame]

I have the following endpoint for which both Basic and JWT auth is enabled:

@RequestScoped
public class FooResource {

  @Inject JsonWebToken jwt;
  
  @Inject
  @Claim(standard = Claims.sub)
  String tokenSubject;
  
  // ...
}

This currently would not work because RawClaimTypeProducer expects the current Principal to be a JWT and if you auth with Basic Auth, the request would fail because:

Current principal foo-principal is not a JSON web token

Is this the expected behavior? I was expecting to see a null String instead of this Exception in the case of SecurityIdentity not being a JsonWebToken.

[quarkus-bot[bot]]

/cc @manovotn, @mkouba, @sberyozkin

[sberyozkin]

@Akaame I think this error is correct, null for an individual claim can also mean a token is available but the claim is not.

You should probably inject only SecurityIdentity and then cast the principal to JsonWebToken if securityIdentity.getPrincipal() is an instance of JsonWebToken and then get claims directly from JsonWebToken; this should work better when more than authentication mechanism is used