diff --git a/_versions/main/guides/security-oidc-bearer-token-authentication.adoc b/_versions/main/guides/security-oidc-bearer-token-authentication.adoc index b2e24e4553..1e5bc86d05 100644 --- a/_versions/main/guides/security-oidc-bearer-token-authentication.adoc +++ b/_versions/main/guides/security-oidc-bearer-token-authentication.adoc @@ -1464,6 +1464,58 @@ public class DiscoveryEndpointResponseFilter implements OidcResponseFilter { <3> Use `OidcRequestContextProperties` request properties to get the tenant id. <4> Get the response data as String. +== Programmatic OIDC start-up + +OIDC tenants can be created programmatically like in the example below: + +[source,java] +---- +package io.quarkus.it.oidc; + +import io.quarkus.oidc.Oidc; +import jakarta.enterprise.event.Observes; + +public class OidcStartup { + + void observe(@Observes Oidc oidc) { + oidc.createServiceApp("http://localhost:8180/realms/quarkus"); + } + +} +---- + +The code above is a programmatic equivalent to the following configuration in the `application.properties` file: + +[source,properties] +---- +quarkus.oidc.auth-server-url=http://localhost:8180/realms/quarkus +---- + +Should you need to configure more OIDC tenant properties, use the `OidcTenantConfig` builder like in the example below: + +[source,java] +---- +package io.quarkus.it.oidc; + +import io.quarkus.oidc.Oidc; +import io.quarkus.oidc.OidcTenantConfig; +import jakarta.enterprise.event.Observes; + +public class OidcStartup { + + void createDefaultTenant(@Observes Oidc oidc) { + var defaultTenant = OidcTenantConfig + .authServerUrl("http://localhost:8180/realms/quarkus") + .token().requireJwtIntrospectionOnly().end() + .build(); + oidc.create(defaultTenant); + } +} +---- + +For more complex setup involving multiple tenants please see the xref:security-openid-connect-multitenancy.adoc#programmatic-startup[Programmatic OIDC start-up for multitenant application] +section of the OpenID Connect Multi-Tenancy guide. + == References * xref:security-oidc-configuration-properties-reference.adoc[OIDC configuration properties] diff --git a/_versions/main/guides/security-oidc-code-flow-authentication.adoc b/_versions/main/guides/security-oidc-code-flow-authentication.adoc index 967ac4335e..7f54951860 100644 --- a/_versions/main/guides/security-oidc-code-flow-authentication.adoc +++ b/_versions/main/guides/security-oidc-code-flow-authentication.adoc @@ -2049,6 +2049,63 @@ quarkus.log.category."io.quarkus.oidc.runtime.OidcRecorder".min-level=TRACE From the `quarkus dev` console, type `j` to change the application global log level. +== Programmatic OIDC start-up + +OIDC tenants can be created programmatically like in the example below: + +[source,java] +---- +package io.quarkus.it.oidc; + +import io.quarkus.oidc.Oidc; +import jakarta.enterprise.event.Observes; + +public class OidcStartup { + + void observe(@Observes Oidc oidc) { + oidc.createWebApp("http://localhost:8180/realms/quarkus", "quarkus-app", "mysecret"); + } + +} +---- + +The code above is a programmatic equivalent to the following configuration in the `application.properties` file: + +[source,properties] +---- +quarkus.oidc.auth-server-url=http://localhost:8180/realms/quarkus +quarkus.oidc.application-type=web-app +quarkus.oidc.client-id=quarkus-app +quarkus.oidc.credentials.secret=mysecret +---- + +Should you need to configure more OIDC tenant properties, use the `OidcTenantConfig` builder like in the example below: + +[source,java] +---- +package io.quarkus.it.oidc; + +import io.quarkus.oidc.Oidc; +import io.quarkus.oidc.OidcTenantConfig; +import io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig.Credentials.Secret.Method; +import jakarta.enterprise.event.Observes; + +public class OidcStartup { + + void createDefaultTenant(@Observes Oidc oidc) { + var defaultTenant = OidcTenantConfig + .authServerUrl("http://localhost:8180/realms/quarkus/") + .clientId("quarkus-app") + .credentials().clientSecret("mysecret", Method.POST).end() + .build(); + oidc.create(defaultTenant); + } +} +---- + +For more complex setup involving multiple tenants please see the xref:security-openid-connect-multitenancy.adoc#programmatic-startup[Programmatic OIDC start-up for multitenant application] +section of the OpenID Connect Multi-Tenancy guide. + == References * xref:security-oidc-configuration-properties-reference.adoc[OIDC configuration properties] diff --git a/_versions/main/guides/security-openid-connect-multitenancy.adoc b/_versions/main/guides/security-openid-connect-multitenancy.adoc index b30bfd2ebc..2130649c0a 100644 --- a/_versions/main/guides/security-openid-connect-multitenancy.adoc +++ b/_versions/main/guides/security-openid-connect-multitenancy.adoc @@ -1110,6 +1110,40 @@ The default tenant configuration is automatically disabled when `quarkus.oidc.au Be aware that tenant-specific configurations can also be disabled, for example: `quarkus.oidc.tenant-a.tenant-enabled=false`. +[[programmatic-startup]] +== Programmatic OIDC start-up for multiple tenants + +Static OIDC tenants can be created programmatically like in the example below: + +[source,java] +---- +package io.quarkus.it.oidc; + +import io.quarkus.oidc.Oidc; +import io.quarkus.oidc.OidcTenantConfig; +import jakarta.enterprise.event.Observes; + +public class OidcStartup { + + void observe(@Observes Oidc oidc) { <1> + oidc.create(OidcTenantConfig.authServerUrl("http://localhost:8180/realms/tenant-one").tenantId("tenant-one").build()); <2> + oidc.create(OidcTenantConfig.authServerUrl("http://localhost:8180/realms/tenant-two").tenantId("tenant-two").build()); <3> + } + +} +---- +<1> Observe OIDC event. +<2> Create OIDC tenant 'tenant-one'. +<3> Create OIDC tenant 'tenant-two'. + +The code above is a programmatic equivalent to the following configuration in the `application.properties` file: + +[source,properties] +---- +quarkus.oidc.tenant-one.auth-server-url=http://localhost:8180/realms/tenant-one +quarkus.oidc.tenant-two.auth-server-url=http://localhost:8180/realms/tenant-two +---- + == References * xref:security-oidc-configuration-properties-reference.adoc[OIDC configuration properties]