onecx-test-oidc

This test service simulates machine-to-machine communication and returns client tokens that are used.

Diagram

Usage

Local testing

Download the docker image

docker pull ghcr.io/onecx/onecx-test-oidc:main-native

Start docker container

docker run --rm -p 8080:8080 \
-e TKIT_LOG_JSON_ENABLED=false \
-e QUARKUS_OIDC_CLIENT_AUTH_SERVER_URL=https://keycloak:8080/realms/test \
-e QUARKUS_OIDC_CLIENT_CLIENT_ID=client-id \
-e QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET=client-secret \
-e QUARKUS_OIDC_AUTH_SERVER_URL=https://keycloak:8080/realms/test \
 ghcr.io/onecx/onecx-test-oidc:main-native

Environment variables:

  • TKIT_LOG_JSON_ENABLED - determine whether to enable the JSON console formatting extension, which disables "normal" console formatting. Link

  • QUARKUS_OIDC_CLIENT_AUTH_SERVER_URL - The client base URL of the OpenID Connect (OIDC) server for client. Link

  • QUARKUS_OIDC_CLIENT_CLIENT_ID - A unique OIDC client identifier. Link

  • QUARKUS_OIDC_CLIENT_CREDENTIALS_SECRET - The client secret. Link

  • QUARKUS_OIDC_AUTH_SERVER_URL - The base URL of the OpenID Connect (OIDC) server. Link

To get the client token, run the appropriate command

curl http://localhost:8080/test/oidc/client

Default properties

src/main/resources/application.properties 
quarkus.http.auth.permission.health.paths=/q/*
quarkus.http.auth.permission.health.policy=permit
quarkus.http.auth.permission.test.paths=/test/*
quarkus.http.auth.permission.test.policy=permit
quarkus.http.auth.permission.default.paths=/*
quarkus.http.auth.permission.default.policy=authenticated
quarkus.rest-client.openapi_internal.url=http://localhost:${quarkus.http.port}
%prod.quarkus.rest-client.openapi_internal.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
%prod.quarkus.oidc-client.client-id=${ONECX_OIDC_CLIENT_CLIENT_ID:${quarkus.application.name}}
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.config-key=openapi_internal
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.base-package=gen.org.tkit.onecx.test.oidc.client
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.return-response=true
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
quarkus.openapi-generator.codegen.spec.openapi_internal_yaml.enable-security-generation=false

Extensions

Extensions

Documentation

Configuration

Version

quarkus-rest

Link

Link

3.20.1

quarkus-smallrye-openapi

Link

Link

3.20.1

quarkus-rest-jackson

Link

3.20.1

quarkus-smallrye-health

Link

Link

3.20.1

quarkus-rest-client-jackson

Link

3.20.1

tkit-quarkus-log-cdi

Link

Link

3.3.0

tkit-quarkus-log-rs

Link

Link

3.3.0

tkit-quarkus-log-json

Link

Link

3.3.0

tkit-quarkus-rest

Link

Link

3.3.0

tkit-quarkus-security

Link

Link

3.3.0

quarkus-hibernate-validator

Link

Link

3.20.1

quarkus-oidc

Link

Link

3.20.1

quarkus-openapi-generator

Link

Link

2.10.0-lts

onecx-core

Link

1.3.0

quarkus-micrometer-registry-prometheus

Link

Link

3.20.1

quarkus-opentelemetry

Link

Link

3.20.1

quarkus-arc

Link

Link

3.20.1

quarkus-container-image-docker

Link

Link

3.20.1

quarkus-rest-client-oidc-filter

3.20.1

quarkus-openapi-generator-oidc

2.10.0-lts

Container

Docker registry

Helm

Helm registry

Default values

src/main/helm/values.yaml
app:
  name: oidc
  template:
    oidc_client_id: "ONECX_OIDC_CLIENT_CLIENT_ID"
  image:
    repository: "onecx/onecx-test-oidc"
  operator:
    keycloak:
      client:
        enabled: true

ests, where objects are saved or updated delete: permission on all DELETE requests product: read: permission on all GET requests and POST search keycloak: client: enabled: true spec: kcConfig: defaultClientScopes: [ ocx-pa:all, ocx-ps:read, ocx-pm:read ]