diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java index 101e88aab1ae8..de8e6bb04f743 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/OidcClientRecorder.java @@ -244,17 +244,17 @@ private static class DisabledOidcClient implements OidcClient { @Override public Uni getTokens(Map additionalGrantParameters) { - throw new DisabledOidcClientException(message); + return Uni.createFrom().failure(new DisabledOidcClientException(message)); } @Override public Uni refreshTokens(String refreshToken, Map additionalGrantParameters) { - throw new DisabledOidcClientException(message); + return Uni.createFrom().failure(new DisabledOidcClientException(message)); } @Override public Uni revokeAccessToken(String accessToken, Map additionalParameters) { - throw new DisabledOidcClientException(message); + return Uni.createFrom().failure(new DisabledOidcClientException(message)); } @Override diff --git a/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java b/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java index 9e3b2a559fc0c..7ef96822ce78f 100644 --- a/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java +++ b/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/FrontendResource.java @@ -6,6 +6,7 @@ import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; import jakarta.ws.rs.Produces; +import jakarta.ws.rs.WebApplicationException; import org.eclipse.microprofile.rest.client.inject.RestClient; @@ -25,6 +26,10 @@ public class FrontendResource { @RestClient ProtectedResourceServiceNamedFilter protectedResourceServiceNamedFilter; + @Inject + @RestClient + ProtectedResourceServiceDisabledClient protectedResourceServiceDisabledClient; + @Inject @RestClient MisconfiguredClientFilter misconfiguredClientFilter; @@ -50,6 +55,14 @@ public Uni userNameNamedFilter() { return protectedResourceServiceNamedFilter.getUserName(); } + @GET + @Path("userNameDisabledClient") + @Produces("text/plain") + public Uni userNameDisabledClient() { + return protectedResourceServiceDisabledClient.getUserName() + .onFailure(WebApplicationException.class).recoverWithItem(t -> t.getMessage()); + } + @GET @Path("userNameMisconfiguredClientFilter") @Produces("text/plain") diff --git a/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResourceServiceDisabledClient.java b/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResourceServiceDisabledClient.java new file mode 100644 index 0000000000000..6d7ca4fb228b4 --- /dev/null +++ b/integration-tests/oidc-client-reactive/src/main/java/io/quarkus/it/keycloak/ProtectedResourceServiceDisabledClient.java @@ -0,0 +1,21 @@ +package io.quarkus.it.keycloak; + +import jakarta.ws.rs.GET; +import jakarta.ws.rs.Path; +import jakarta.ws.rs.Produces; + +import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; + +import io.quarkus.oidc.client.filter.OidcClientFilter; +import io.smallrye.mutiny.Uni; + +@RegisterRestClient +@OidcClientFilter("disabled-client") +@Path("/") +public interface ProtectedResourceServiceDisabledClient { + + @GET + @Produces("text/plain") + @Path("userNameReactive") + Uni getUserName(); +} diff --git a/integration-tests/oidc-client-reactive/src/main/resources/application.properties b/integration-tests/oidc-client-reactive/src/main/resources/application.properties index 3b9c72d07700c..f1280b96a5b3b 100644 --- a/integration-tests/oidc-client-reactive/src/main/resources/application.properties +++ b/integration-tests/oidc-client-reactive/src/main/resources/application.properties @@ -10,6 +10,14 @@ quarkus.oidc-client.grant.type=password quarkus.oidc-client.grant-options.password.username=alice quarkus.oidc-client.grant-options.password.password=alice +quarkus.oidc-client.disabled-client.auth-server-url=${quarkus.oidc.auth-server-url} +quarkus.oidc-client.disabled-client.client-id=${quarkus.oidc.client-id} +quarkus.oidc-client.disabled-client.client-enabled=false +quarkus.oidc-client.disabled-client.credentials.secret=${quarkus.oidc.credentials.secret} +quarkus.oidc-client.disabled-client.grant.type=password +quarkus.oidc-client.disabled-client.grant-options.password.username=alice +quarkus.oidc-client.disabled-client.grant-options.password.password=alice + quarkus.oidc-client.named-client.auth-server-url=${quarkus.oidc.auth-server-url} quarkus.oidc-client.named-client.client-id=${quarkus.oidc.client-id} quarkus.oidc-client.named-client.credentials.secret=${quarkus.oidc.credentials.secret} @@ -27,6 +35,7 @@ quarkus.oidc-client.misconfigured-client.grant-options.password.password=bob io.quarkus.it.keycloak.ProtectedResourceServiceCustomFilter/mp-rest/url=http://localhost:8081/protected io.quarkus.it.keycloak.ProtectedResourceServiceReactiveFilter/mp-rest/url=http://localhost:8081/protected io.quarkus.it.keycloak.ProtectedResourceServiceNamedFilter/mp-rest/url=http://localhost:8081/protected +io.quarkus.it.keycloak.ProtectedResourceServiceDisabledClient/mp-rest/url=http://localhost:8081/protected io.quarkus.it.keycloak.MisconfiguredClientFilter/mp-rest/url=http://localhost:8081/protected quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientImpl".min-level=TRACE diff --git a/integration-tests/oidc-client-reactive/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java b/integration-tests/oidc-client-reactive/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java index 70d3dea446bbb..2ad90902891a0 100644 --- a/integration-tests/oidc-client-reactive/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java +++ b/integration-tests/oidc-client-reactive/src/test/java/io/quarkus/it/keycloak/OidcClientTest.java @@ -45,6 +45,15 @@ public void testGetUserNameNamedFilter() { .body(equalTo("jdoe")); } + @Test + public void testGetUserNameDisabledClient() { + RestAssured.given().header("Accept", "text/plain") + .when().get("/frontend/userNameDisabledClient") + .then() + .statusCode(200) + .body(containsString("Unauthorized, status code 401")); + } + @Test public void testGetUserNameMisconfiguredClientFilter() { RestAssured.given().header("Accept", "text/plain")