You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc
+25-23Lines changed: 25 additions & 23 deletions
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ Discover how to secure application HTTP endpoints by using the Quarkus OpenID Co
15
15
16
16
For more information, see xref:security-oidc-code-flow-authentication.adoc[OIDC code flow mechanism for protecting web applications].
17
17
18
-
To learn how well-known social providers such as Apple, Facebook, GitHub, Google, Mastodon, Microsoft, Twitch, Twitter (X), and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring Well-Known OpenID Connect Providers].
18
+
To learn about how well-known social providers such as Apple, Facebook, GitHub, Google, Mastodon, Microsoft, Twitch, Twitter (X), and Spotify can be used with Quarkus OIDC, see xref:security-openid-connect-providers.adoc[Configuring well-known OpenID Connect providers].
19
19
See also, xref:security-authentication-mechanisms.adoc#other-supported-authentication-mechanisms[Authentication mechanisms in Quarkus].
20
20
21
21
If you want to protect your service applications by using OIDC Bearer token authentication, see xref:security-oidc-bearer-token-authentication.adoc[OIDC Bearer token authentication].
In this example, we build a very simple web application with a single page:
30
+
In this example, we build a simple web application with a single page:
31
31
32
32
* `/index.html`
33
33
34
-
This page is protected and can only be accessed by authenticated users.
34
+
This page is protected, and only authenticated users can access it.
35
35
36
36
== Solution
37
37
38
-
We recommend that you follow the instructions in the next sections and create the application step by step.
39
-
However, you can go right to the completed example.
38
+
Follow the instructions in the next sections and create the application step by step.
39
+
Alternatively, you can go right to the completed example.
40
40
41
-
Clone the Git repository: `git clone {quickstarts-clone-url}`, or download an {quickstarts-archive-url}[archive].
41
+
Clone the Git repository by running the `git clone {quickstarts-clone-url}` command.
42
+
Alternatively, download an {quickstarts-archive-url}[archive].
42
43
43
44
The solution is located in the `security-openid-connect-web-authentication-quickstart` link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart[directory].
44
45
@@ -48,7 +49,7 @@ The solution is located in the `security-openid-connect-web-authentication-quick
48
49
== Create the Maven project
49
50
50
51
First, we need a new project.
51
-
Create a new project with the following command:
52
+
Create a new project by running the following command:
* Injection point for the ID Token issued by the OpenID Connect Provider
103
+
* Injection point for the ID token issued by the OpenID Connect provider
103
104
*/
104
105
@Inject
105
106
@IdToken
106
107
JsonWebToken idToken;
107
108
108
109
/**
109
-
* Injection point for the Access Token issued by the OpenID Connect Provider
110
+
* Injection point for the access token issued by the OpenID Connect provider
110
111
*/
111
112
@Inject
112
113
JsonWebToken accessToken;
113
114
114
115
/**
115
-
* Injection point for the Refresh Token issued by the OpenID Connect Provider
116
+
* Injection point for the refresh token issued by the OpenID Connect provider
116
117
*/
117
118
@Inject
118
119
RefreshToken refreshToken;
119
120
120
121
/**
121
122
* Returns the tokens available to the application.
122
123
* This endpoint exists only for demonstration purposes.
123
-
* Do not not expose these tokens in a real application.
124
+
* Do not expose these tokens in a real application.
124
125
*
125
-
* @return an HTML page containing the tokens available to the application
126
+
* @return an HTML page containing the tokens available to the application.
126
127
*/
127
128
@GET
128
129
@Produces("text/html")
@@ -176,7 +177,7 @@ This is the simplest configuration you can have when enabling authentication to
176
177
177
178
The `quarkus.oidc.client-id` property references the `client_id` issued by the OIDC provider, and the `quarkus.oidc.credentials.secret` property sets the client secret.
178
179
179
-
The `quarkus.oidc.application-type` property is set to `web-app` to tell Quarkus that you want to enable the OIDC authorization code flow so your users are redirected to the OIDC provider to authenticate.
180
+
The `quarkus.oidc.application-type` property is set to `web-app` to tell Quarkus that you want to enable the OIDC authorization code flow so that your users are redirected to the OIDC provider to authenticate.
180
181
181
182
Finally, the `quarkus.http.auth.permission.authenticated` permission is set to tell Quarkus about the paths you want to protect.
182
183
In this case, all paths are protected by a policy that ensures only `authenticated` users can access them.
@@ -198,12 +199,12 @@ You can access your Keycloak Server at http://localhost:8180[localhost:8180].
198
199
To access the Keycloak Administration Console, log in as the `admin` user.
199
200
The username and password are both `admin`.
200
201
201
-
Import the link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json[realm configuration file] to create a new realm.
202
+
To create a new realm, import the link:{quickstarts-tree-url}/security-openid-connect-web-authentication-quickstart/config/quarkus-realm.json[realm configuration file].
202
203
For more information, see the Keycloak documentation about how to https://www.keycloak.org/docs/latest/server_admin/index.html#configuring-realms[create and configure a new realm].
203
204
204
205
== Run the application in dev and JVM modes
205
206
206
-
To run the application in a dev mode, use:
207
+
To run the application in dev mode, use:
207
208
208
209
include::{includes}/devtools/dev.adoc[]
209
210
@@ -243,26 +244,27 @@ After a while, you can run this binary directly:
243
244
244
245
To test the application, open your browser and access the following URL:
If everything works as expected, you are redirected to the Keycloak server to authenticate.
250
250
251
-
To authenticate to the application, enter the following credentials when at the Keycloak login page:
251
+
To authenticate to the application, enter the following credentials at the Keycloak login page:
252
252
253
253
* Username: *alice*
254
254
* Password: *alice*
255
255
256
-
After clicking the `Login` button, you are redirected back to the application, and a session cookie is created.
256
+
After clicking the `Login` button, you are redirected back to the application, and a session cookie will be created.
257
257
258
-
The session for this demo is short-lived, so you are asked to re-authenticate on every page refresh.
259
-
For more information about increasing the session timeouts, see the link:https://www.keycloak.org/docs/latest/server_admin/#_timeouts[session timeout] section in the Keycloak documentation.
260
-
For example, you can access the Keycloak Admin console directly from Dev UI by selecting a `Keycloak Admin` link if you use xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] in dev mode:
258
+
The session for this demo is valid for a short period of time and, on every page refresh, you will be asked to re-authenticate.
259
+
For information about how to increase the session timeouts, see the Keycloak https://www.keycloak.org/docs/latest/server_admin/#_timeouts[session timeout] documentation.
260
+
For example, you can access the Keycloak Admin console directly from the dev UI by clicking the `Keycloak Admin` link if you use xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] in dev mode:
For more information about writing the integration tests that depend on `Dev Services for Keycloak`, see the xref:security-oidc-code-flow-authentication.adoc#integration-testing-keycloak-devservices[Dev Services for Keycloak] section.
265
265
266
+
:sectnums!:
267
+
266
268
== Summary
267
269
268
270
You have learned how to set up and use the OIDC authorization code flow mechanism to protect and test application HTTP endpoints.
@@ -271,8 +273,8 @@ After you have completed this tutorial, explore xref:security-oidc-bearer-token-
0 commit comments