Quarkus: Cannot override OAuth URL at run time

Created on 27 Nov 2019 · 7Comments · Source: quarkusio/quarkus

Describe the bug
We decide to use Quarkus in cloud native application as a company but it seems there is a bug. I can not change the properties of quarkus.oauth2
Expected behavior
The oauth properties should be change in runtime without using profile.
Actual behavior
Github Link : https://github.com/berkyvz/quarkus-issues/tree/master/quarkus-oauth2
I have a project with quarkus 1.0.0.Final with gradle. There is .properties file that keeping OAuth properties. The properties shown below;

quarkus.oauth2.client-id=SampleClientId
quarkus.oauth2.client-secret=secret
quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect

I am trying to override these properties with using -D flags at run time. Actually, It seems like it is changing the properties. However, the truth is it can't change the quarkus.oauth2.introspection-url property. I am building project with command ./gradlew clean buildNative --docker-build=true and run with

./build/quarkus-oauth2-0.0.1-SNAPSHOT-runner -Dquarkus.oauth2.client-id=SampleClientId-native -Dquarkus.oauth2.client-secret=secret-native  -Dquarkus.oauth2.introspection-url=http://abc:8081/auth/oauth/introspect-native -Dquarkus.log.level=DEBUG

When I call the controller that simply returns the configuration properties as HashMap<String,String>, the reponse is shown below as JSON;

{
    "quarkus.oauth2.introspection-url": "http://abc:8081/auth/oauth/introspect-native",
    "quarkus.oauth2.client-secret": "secret-native",
    "quarkus.oauth2.client-id": "SampleClientId-native"
}

The controller;
__hello/props__

@ConfigProperty(name = "quarkus.oauth2.client-id")
private String clientId;

@ConfigProperty(name = "quarkus.oauth2.client-secret")
private String clientSecret;

@ConfigProperty(name = "quarkus.oauth2.introspection-url")
private String introspectionURL;


@GET
@Path("/props")
@Produces(MediaType.APPLICATION_JSON)
public HashMap<String, String> getProps(){
    HashMap<String, String> props = new HashMap<String, String>();
    props.put("quarkus.oauth2.client-id", clientId);
    props.put("quarkus.oauth2.client-secret", clientSecret);
    props.put("quarkus.oauth2.introspection-url", introspectionURL);
    return props;
}

But when I send the request to http://localhost:8080/hello/secure it is not using the new prop, it stil uses the localhost instead of http://abc:8081/auth/oauth/introspect-native

The secure controller __hello/secure__;

@GET
@Path("/secure")
@Produces(MediaType.TEXT_PLAIN)
public String helloRolesAllowed(@Context SecurityContext ctx) {
    Principal caller = ctx.getUserPrincipal();
    String name = caller == null ? "anonymous" : caller.getName();
    return "example";
}

The logs

2019-11-27 12:42:24,378 DEBUG [org.wil.security] (executor-thread-1) Opening connection to token introspection endpoint [http://localhost:8081/auth/oauth/introspect]

Why /props controller send the props as "quarkus.oauth2.introspection-url": "http://abc:8081/auth/oauth/introspect-native" but OAuth still send the request to the http://localhost:8081/auth/oauth/introspect. In addition to this, It works in .jar build package.

To Reproduce
Steps to reproduce the behavior:

git clone https://github.com/berkyvz/quarkus-oauth2.git
cd quarkus-oauth2
/gradlew clean buildNative --docker-build=true
./build/quarkus-oauth2-0.0.1-SNAPSHOT-runner -Dquarkus.oauth2.client-id=SampleClientId-native -Dquarkus.oauth2.client-secret=secret-native -Dquarkus.oauth2.introspection-url=http://abc:8081/auth/oauth/introspect-native -Dquarkus.log.level=DEBUG

Configuration

quarkus.oauth2.client-id=SampleClientId
quarkus.oauth2.client-secret=secret
quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect

Screenshots
(If applicable, add screenshots to help explain your problem.)

Environment (please complete the following information):

Output of uname -a or ver: Linux berk-yavuz 4.15.0-70-generic #79-Ubuntu SMP Tue Nov 12 10:36:11 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Output of java -version: openjdk version "1.8.0_232"
GraalVM version (if different from Java): OpenJDK 64-Bit GraalVM CE 19.2.1 (build 25.232-b07-jvmci-19.2-b03, mixed mode)
Quarkus version or git rev: 1.0.0.Final

kinbug

Source

berkyvz

Most helpful comment

Fixed via #5937

loicmathieu on 6 Dec 2019

👍2

All 7 comments

@berkyvz is the issue only occurs on JVM mode or is it a native only issue ?

loicmathieu on 27 Nov 2019

It is a native only issue. It works in JVM mode and dev mode

muratkarakas on 27 Nov 2019

👍1

@loicmathieu Hi Loic, looks like it is still needed to make the configuration runtime init.
I'm starting thinking now it can be faster to fix #4416

sberyozkin on 27 Nov 2019

@sberyozkin Hi, as I understood there are two options for oauth2 client (elytron & oidc). Which one is recommended. If oidc is recommended and it does not have this issue, we can go with it.

muratkarakas on 27 Nov 2019

@muratkarakas if you use a JWT OIDC token then quarkus-oidc will work OOB.
But if this token is coming from a non-certified OIDC provider then quarkus-oidc will likely not work just yet (well, we don't have a test - so I don't know if quarkus-oidc will use a custom introspection-path property instead of trying to use an OAuth2 discovery protocol, or how it will deal with the opaque tokens), I'll open an issue to track it

sberyozkin on 27 Nov 2019

@sberyozkin thanks for your response, we are using simple token with custom auth2server(springboot based). I have tested quarkus-oidc with it but it did not work because of compatibility issues(realm url etc..). Currently we are using quarkus profile feature as a work around solution

quarkus.oauth2.introspection-url= http://localhost:8081/auth/oauth/introspect
%prod.quarkus.oauth2.introspection-url= http://auth-server:8081/auth/oauth/introspect

muratkarakas on 28 Nov 2019

Fixed via #5937

loicmathieu on 6 Dec 2019

👍2

Was this page helpful?

0 / 5 - 0 ratings