Skip to content

Commit

Permalink
Merge pull request #35593 from sberyozkin/minor_oidc_devui_updates
Browse files Browse the repository at this point in the history
Minor OIDC devui updates
  • Loading branch information
sberyozkin authored Aug 28, 2023
2 parents 660bdd2 + 52fe14f commit 193e629
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ You may need to register a redirect URI for the authorization code flow initiate
If Keycloak does enforce it then you will see an authentication error informing you that the `redirect_uri` value is wrong.
In this case select the `Keycloak Admin` option in the right top corner, login as `admin:admin`, select the test realm and the client which Dev UI for Keycloak is configured with and add `http://localhost:8080/q/dev/io.quarkus.quarkus-oidc/provider` to `Valid Redirect URIs`. If you used `-Dquarkus.http.port` when starting Quarkus then change `8080` to the value of `quarkus.http.port`
In this case select the `Keycloak Admin` option in the right top corner, login as `admin:admin`, select the test realm and the client which Dev UI for Keycloak is configured with and add `http://localhost:8080/q/dev-ui/io.quarkus.quarkus-oidc/keycloak-provider` to `Valid Redirect URIs`. If you used `-Dquarkus.http.port` when starting Quarkus then change `8080` to the value of `quarkus.http.port`
If the container is shared between multiple applications running on different ports then you will need to register `redirect_uri` values for each of these applications.
Expand Down Expand Up @@ -318,7 +318,7 @@ image::dev-ui-oidc-devconsole-card.png[alt=Generic Dev UI OpenID Connect Card,ro

Follow the link, and you will be able to log in to your provider, get the tokens and test the application. The experience will be the same as described in the <<keycloak-authorization-code-grant,Authorization Code Grant for Keycloak>> section, where `Dev Services for Keycloak` container has been started, especially if you work with Keycloak.

You will most likely need to configure your OpenId Connect provider to support redirecting back to the `Dev Console`. Add `http://localhost:8080/q/dev-v1/io.quarkus.quarkus-oidc/provider` as one of the supported redirect and logout URLs. one of the supported redirect and logout URLs.
You will most likely need to configure your OpenId Connect provider to support redirecting back to the `Dev Console`. Add `http://localhost:8080/q/dev-ui/io.quarkus.quarkus-oidc/`providerName`-provider` as one of the supported redirect and logout URLs, where `providerName` will need to be replaced by the name of the provider shown in DevUI, for example, `auth0`.

If you work with other providers then a Dev UI experience described in the <<keycloak-authorization-code-grant,Authorization Code Grant for Keycloak>> section might differ slightly. For example, an access token may not be in a JWT format, so it won't be possible to show its internal content, though all providers should return an ID Token as JWT.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,11 @@ public String get(Config config) {
scopes = providerConfig.authentication.scopes;
}
if (scopes.isPresent()) {
return OidcCommonUtils.urlEncode(String.join(" ", scopes.get()));
String scopesString = String.join(" ", scopes.get());
if (!scopes.get().contains(OidcConstants.OPENID_SCOPE)) {
scopesString += (" " + OidcConstants.OPENID_SCOPE);
}
return OidcCommonUtils.urlEncode(scopesString);
} else {
return OidcConstants.OPENID_SCOPE;
}
Expand Down

0 comments on commit 193e629

Please sign in to comment.