Skip to content

Commit 11827a0

Browse files
committed
Sync documentation of main branch
1 parent df9e806 commit 11827a0

File tree

1 file changed

+25
-23
lines changed

1 file changed

+25
-23
lines changed

_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc

Lines changed: 25 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ Discover how to secure application HTTP endpoints by using the Quarkus OpenID Co
1515

1616
For more information, see xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications].
1717

18-
To learn how well-known social providers such as Apple, Facebook, GitHub, Google, Mastodon, Microsoft, Twitch, Twitter (X), and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring Well-Known OpenID Connect Providers].
18+
To learn about how well-known social providers such as Apple, Facebook, GitHub, Google, Mastodon, Microsoft, Twitch, Twitter (X), and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring well-known OpenID Connect providers].
1919
See also, xref:security-authentication-mechanisms.adoc#other-supported-authentication-mechanisms[Authentication mechanisms in Quarkus].
2020

2121
If you want to protect your service applications by using OIDC Bearer token authentication, see xref:security-oidc-bearer-token-authentication.adoc[OIDC Bearer token authentication].
@@ -27,18 +27,19 @@ include::{includes}/prerequisites.adoc[]
2727

2828
== Architecture
2929

30-
In this example, we build a very simple web application with a single page:
30+
In this example, we build a simple web application with a single page:
3131

3232
* `/index.html`
3333

34-
This page is protected and can only be accessed by authenticated users.
34+
This page is protected, and only authenticated users can access it.
3535

3636
== Solution
3737

38-
We recommend that you follow the instructions in the next sections and create the application step by step.
39-
However, you can go right to the completed example.
38+
Follow the instructions in the next sections and create the application step by step.
39+
Alternatively, you can go right to the completed example.
4040

41-
Clone the Git repository: `git clone {quickstarts-clone-url}`, or download an {quickstarts-archive-url}[archive].
41+
Clone the Git repository by running the `git clone {quickstarts-clone-url}` command.
42+
Alternatively, download an {quickstarts-archive-url}[archive].
4243

4344
The solution is located in the `security-openid-connect-web-authentication-quickstart` link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart[directory].
4445

@@ -48,7 +49,7 @@ The solution is located in the `security-openid-connect-web-authentication-quick
4849
== Create the Maven project
4950

5051
First, we need a new project.
51-
Create a new project with the following command:
52+
Create a new project by running the following command:
5253

5354
:create-app-artifact-id: security-openid-connect-web-authentication-quickstart
5455
:create-app-extensions: resteasy-reactive,oidc
@@ -99,30 +100,30 @@ import io.quarkus.oidc.RefreshToken;
99100
public class TokenResource {
100101
101102
/**
102-
* Injection point for the ID Token issued by the OpenID Connect Provider
103+
* Injection point for the ID token issued by the OpenID Connect provider
103104
*/
104105
@Inject
105106
@IdToken
106107
JsonWebToken idToken;
107108
108109
/**
109-
* Injection point for the Access Token issued by the OpenID Connect Provider
110+
* Injection point for the access token issued by the OpenID Connect provider
110111
*/
111112
@Inject
112113
JsonWebToken accessToken;
113114
114115
/**
115-
* Injection point for the Refresh Token issued by the OpenID Connect Provider
116+
* Injection point for the refresh token issued by the OpenID Connect provider
116117
*/
117118
@Inject
118119
RefreshToken refreshToken;
119120
120121
/**
121122
* Returns the tokens available to the application.
122123
* This endpoint exists only for demonstration purposes.
123-
* Do not not expose these tokens in a real application.
124+
* Do not expose these tokens in a real application.
124125
*
125-
* @return an HTML page containing the tokens available to the application
126+
* @return an HTML page containing the tokens available to the application.
126127
*/
127128
@GET
128129
@Produces("text/html")
@@ -176,7 +177,7 @@ This is the simplest configuration you can have when enabling authentication to
176177

177178
The `quarkus.oidc.client-id` property references the `client_id` issued by the OIDC provider, and the `quarkus.oidc.credentials.secret` property sets the client secret.
178179

179-
The `quarkus.oidc.application-type` property is set to `web-app` to tell Quarkus that you want to enable the OIDC authorization code flow so your users are redirected to the OIDC provider to authenticate.
180+
The `quarkus.oidc.application-type` property is set to `web-app` to tell Quarkus that you want to enable the OIDC authorization code flow so that your users are redirected to the OIDC provider to authenticate.
180181

181182
Finally, the `quarkus.http.auth.permission.authenticated` permission is set to tell Quarkus about the paths you want to protect.
182183
In this case, all paths are protected by a policy that ensures only `authenticated` users can access them.
@@ -198,12 +199,12 @@ You can access your Keycloak Server at http://localhost:8180[localhost:8180].
198199
To access the Keycloak Administration Console, log in as the `admin` user.
199200
The username and password are both `admin`.
200201

201-
Import the link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json[realm configuration file] to create a new realm.
202+
To create a new realm, import the link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json[realm configuration file].
202203
For more information, see the Keycloak documentation about how to https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-realms[create and configure a new realm].
203204

204205
== Run the application in dev and JVM modes
205206

206-
To run the application in a dev mode, use:
207+
To run the application in dev mode, use:
207208

208209
include::{includes}/devtools/dev.adoc[]
209210

@@ -243,26 +244,27 @@ After a while, you can run this binary directly:
243244

244245
To test the application, open your browser and access the following URL:
245246

246-
247247
* http://localhost:8080/tokens[http://localhost:8080/tokens]
248248

249249
If everything works as expected, you are redirected to the Keycloak server to authenticate.
250250

251-
To authenticate to the application, enter the following credentials when at the Keycloak login page:
251+
To authenticate to the application, enter the following credentials at the Keycloak login page:
252252

253253
* Username: *alice*
254254
* Password: *alice*
255255

256-
After clicking the `Login` button, you are redirected back to the application, and a session cookie is created.
256+
After clicking the `Login` button, you are redirected back to the application, and a session cookie will be created.
257257

258-
The session for this demo is short-lived, so you are asked to re-authenticate on every page refresh.
259-
For more information about increasing the session timeouts, see the link:https://www.keycloak.org/docs/latest/server_admin/#_timeouts[session timeout] section in the Keycloak documentation.
260-
For example, you can access the Keycloak Admin console directly from Dev UI by selecting a `Keycloak Admin` link if you use xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] in dev mode:
258+
The session for this demo is valid for a short period of time and, on every page refresh, you will be asked to re-authenticate.
259+
For information about how to increase the session timeouts, see the Keycloak https://www.keycloak.org/docs/latest/server_admin/#_timeouts[session timeout] documentation.
260+
For example, you can access the Keycloak Admin console directly from the dev UI by clicking the `Keycloak Admin` link if you use xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] in dev mode:
261261

262262
image::dev-ui-oidc-keycloak-card.png[alt=Dev UI OpenID Connect Card,role="center"]
263263

264264
For more information about writing the integration tests that depend on `Dev Services for Keycloak`, see the xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] section.
265265

266+
:sectnums!:
267+
266268
== Summary
267269

268270
You have learned how to set up and use the OIDC authorization code flow mechanism to protect and test application HTTP endpoints.
@@ -271,8 +273,8 @@ After you have completed this tutorial, explore xref:security-oidc-bearer-token-
271273
== References
272274
* xref:security-overview.adoc[Quarkus Security overview]
273275
* xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications]
274-
* xref:security-openid-connect-providers.adoc[Configuring well-known OpenID Connect Providers]
275-
* xref:security-openid-connect-client-reference.adoc[OpenID Connect and OAuth2 Client and Filters Reference Guide]
276+
* xref:security-openid-connect-providers.adoc[Configuring well-known OpenID Connect providers]
277+
* xref:security-openid-connect-client-reference.adoc[OpenID Connect and OAuth2 Client and Filters reference guide]
276278
* xref:security-openid-connect-dev-services.adoc[Dev Services for Keycloak]
277279
* xref:security-jwt-build.adoc[Sign and encrypt JWT tokens with SmallRye JWT Build]
278280
* xref:security-authentication-mechanisms.adoc#oidc-jwt-oauth2-comparison[Choosing between OpenID Connect, SmallRye JWT, and OAuth2 authentication mechanisms]

0 commit comments

Comments
 (0)