Provide limited redirect support for OIDC Web client when auto-redirect is disabled #43937

sberyozkin · 2024-10-17T16:23:49Z

Description

Sometimes, when quarkus-oidc (or other OIDC extension) calls OIDC provider endpoints like the discovery one, the OIDC provider will send a redirect request to the same discovery endpoint but with some cookies.

Quarkus OIDC uses Vert.x WebClient. As far as managing redirects is concerned, WebClient follows redirects by default, with some addition work required at the Vert.x level to deal with such redirects.

If the auto-redirect is disabled, then Quarkus OIDC should allow a single, same URI redirect, only if the cookies are available. Essentially it is a single safe retry case in case of the redirect since the request does not follow a new URI.

Implementation ideas

No response

The text was updated successfully, but these errors were encountered:

quarkus-bot · 2024-10-17T16:23:53Z

/cc @pedroigor (oidc)

sberyozkin added the kind/enhancement New feature or request label Oct 17, 2024

quarkus-bot bot added the area/oidc label Oct 17, 2024

sberyozkin mentioned this issue Oct 17, 2024

Support for single same uri redirects for OIDC WebClient #43938

Merged

sberyozkin closed this as completed in #43938 Oct 18, 2024

quarkus-bot bot added this to the 3.17 - main milestone Oct 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide limited redirect support for OIDC Web client when auto-redirect is disabled #43937

Provide limited redirect support for OIDC Web client when auto-redirect is disabled #43937

sberyozkin commented Oct 17, 2024

quarkus-bot bot commented Oct 17, 2024

Provide limited redirect support for OIDC Web client when auto-redirect is disabled #43937

Provide limited redirect support for OIDC Web client when auto-redirect is disabled #43937

Comments

sberyozkin commented Oct 17, 2024

Description

Implementation ideas

quarkus-bot bot commented Oct 17, 2024