-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Testing Identity Crisis - Unable to inject OIDC UserInfo into @TestSecurity
#44824
Comments
/cc @pedroigor (oidc), @sberyozkin (oidc,security) |
Quarkus has an annotation for that which you can use in conjunction with @TestSecurity(user = "testUser", roles = ["role1", "role2"])
@OidcSecurity(
userinfo = [
UserInfo(key = "sub", value = "subject"),
UserInfo(key = "email", value = "[email protected]"),
UserInfo(key = "name", value = "Test User"),
]
)
@Test
fun test() {...} Unfortunately this information is hidden in the documentation in an unintuitive place - in a section called "OpenID Connect (OIDC) Bearer token authentication". Security Testing doesn't mention it at all. I would suggest to the Quarkus team members who read this message that |
@okarmazin I suspect
That is not what is being addressed in this discussion. As mentioned in the OP,
Will return |
No, the Injecting |
I cannot reproduce what you describe
|
How different is your setup from the following? @Path("/api")
@Blocking
@Authenticated
class IdentityTestController(private val identity: SecurityIdentity) {
@GET
@Path("/identityTest")
fun testIdentity() {
val attrs = identity.attributes
println(attrs)
}
}
// ===========================
@QuarkusTest
class IdentityTest {
@Test
@TestSecurity(
user = "testUser",
roles = ["user", "admin"],
attributes = [SecurityAttribute(key = "email", value = "[email protected]")]
)
@OidcSecurity(userinfo = [UserInfo(key = "key", value = "value")])
fun testIdentity() {
When {
get("/api/identityTest")
}
}
}
//> {configuration-metadata=io.quarkus.oidc.OidcConfigurationMetadata@6aed7f73, [email protected], userinfo=io.quarkus.oidc.UserInfo@8a28302} |
Quite similar
|
@trixpan |
@trixpan Can you please clarify again what exactly you are trying to reproduce in the test, and what is not working when you try to use |
|
@trixpan I've added a simple unit test to confirm the We also have Can you review your test setup again and if you can't get the test working, please create a simple reproducer for me to have a look |
@trixpan Hi, I'm closing it as |
Describe the bug
While coding a small demo in Quarkus I observed that while code like:
will hit an instance of
UserInfo
when running against Keycloak in production, however, this behavior cannot be easily reproduced via@TestSecurity
.The issue seems to be that
accepts KV of strings, and optionally a KV where type can be set via
type =
however,AttributeType
only accept a range of types, none of which isUserInfo
.Ideally, given
securityIdentity.getAttributes()
may returnuserinfo
with an instance ofUserInfo
, one should be able to do something like:Expected behavior
Being able to inject userinfo attribute of UserInfo type as observed at run time.
Actual behavior
Unable to inject userinfo attribute
How to Reproduce?
Code is found above
Output of
uname -a
orver
No response
Output of
java -version
No response
Quarkus version or git rev
No response
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
No response
The text was updated successfully, but these errors were encountered: