OIDC keycloak dev service just for oidc client

[lebesis]

Hello,

I am developing a microservice, which authenticates/authorizes requests using a proprietary JWT mechanism and then forwards the call to a different microservice, authenticating via OIDC. I wish therefore to use the oidc-client and oidc-client-filter extensions, without the oidc extension itself.
This seems to be working, however the keycloak dev service is only enabled when oidc extension is included and enabled.
Is there any way to override this? If not, could this be in the future plans for the project?

Thanks in advance,
Christos

[quarkus-bot[bot]]

/cc @geoand (devservices), @pedroigor (keycloak,oidc), @sberyozkin (keycloak,oidc), @stuartwdouglas (devservices)

[sberyozkin]

Hi @lebesis, Adding quarkus-oidc in the test scope only should be enough to support tests. Can that work for you ?

[lebesis]

Hello @sberyozkin

while this is a good enough solution for testing (which I have already read about and forgot to mention, sorry), it unfortunately doesn't work in dev mode, which forces me to run an image of keycloak manually. Making the dev service available for oidc-client without the base package, or making it available while quarkus.oidc.enabled=false, would lead to a better development experience.

My current solution is to run quarkus in dev mode with oidc enabled, then switching it off and reloading the service, which doesn't unload keycloak.

[lebesis]

I 've also tried adding

quarkus.http.auth.permission.permit1.paths=/*
quarkus.http.auth.permission.permit1.policy=permit

but I am still getting a 401 by OIDC

[sberyozkin]

Sure, it is worth thinking about, would you like to open an enhancement request to support Keycloak devservice in devmode for OIDC client ?

[sberyozkin]

As far as 401 is concerned, this is likely due to the proactive authentication being enforced by default, please disable it: https://quarkus.io/guides/security-proactive-authentication

[lebesis]

Sure, it is worth thinking about, would you like to open an enhancement request to support Keycloak devservice in devmode for OIDC client ?

sure, any particular instructions on opening the request?

[sberyozkin]

@lebesis Please choose an Enhancement option when creating an issue, and add some explanation how would it improve the current dev experience, as you did above... Thanks

[lebesis]

Great, thanks a lot

[sberyozkin]

Thanks @lebesis