Support custom claim types in quarkus-test-security-jwt and quarkus-test-security-oidc
#34170
Conversation
| * Claim value type, the value will be converted to String if this type is set to Object.class. | ||
| * Supported types: String, Integer, int, Long, long, Boolean, boolean, jakarta.json.JsonArray, jakarta.json.JsonObject. | ||
| */ | ||
| Class<?> type() default Object.class; |
There was a problem hiding this comment.
How about using an enum for the valid types?
There was a problem hiding this comment.
Asking because UX-wise that would be easier to configure, but not sure if it makes sense to be that restricted
There was a problem hiding this comment.
Also because any other class than the existing list used here will not work
There was a problem hiding this comment.
@gastaldi Hi,
Also because any other class than the existing list used here will not work
This is expected though, right now, the test type converters can not be provided by users for random types. This list supports typical types. most claims would be strings, sometimes long, int, complex claims can be arrays or objects, rarely enough boolean and that is pretty much it. We've been thinking with Roberto for a while how to get an arbitrary number of converters supported - but if we will eventually support it then they'd be supported at the smallrye-jwt level and then these test extensions will pick them up somehow, which is also why Converter interface is private.
This test extensions should be aligned with how smallrye-jwt can let users get the claim values, otherwise it will not be same with the test extensions as with the prod :-)
I'm going to change to using an enum in any case
There was a problem hiding this comment.
Hi @gastaldi @geoand I've introduced a enum instead, note I still need to use a default value such as Type.UNKNOWN, because the idea is that for the well known claim such as exp (expiry), which, in JsonWebToken API is returned as long, users should not be required to add a Type.LONG hint. And if I set the default value to Type.String then it would be a bit strange to still convert exp to long...
Does the way I did it look reasonable enough now ?
There was a problem hiding this comment.
It looks like the PR needs to be rebased. It has 301 commits?
There was a problem hiding this comment.
@gastaldi Sorry, I have no idea how it happened, I'll create a new one
| * Claim value type, the value will be converted to String if this type is set to Object.class. | ||
| * Supported types: String, Integer, int, Long, long, Boolean, boolean, jakarta.json.JsonArray, jakarta.json.JsonObject. | ||
| */ | ||
| Class<?> type() default Object.class; |
| @@ -28,6 +28,10 @@ | |||
| <artifactId>junit-jupiter</artifactId> | |||
| <scope>compile</scope> | |||
| </dependency> | |||
| <dependency> | |||
| <groupId>io.quarkus</groupId> | |||
| <artifactId>quarkus-jsonp</artifactId> | |||
There was a problem hiding this comment.
Not a big deal because it's for testing, but I wonder if this dependency can be made optional
|
✔️ The latest workflow run for the pull request has completed successfully. It should be safe to merge provided you have a look at the other checks in the summary. |
The remaining scripts have been moved to the quarkus-updates repository. See https://github.com/quarkusio/quarkus-updates/tree/main/tools/3.0
integration testing finish quarkus:run and integration tests quarkus:run gradle cli run command implement deploy afk rebase' azf deploy azf deploy working azf more fixes azf service-principal azf fix codestarts and path config azf fix codestarts and path config azf gradle and codestart azf new docs fix pom azf docs and imports fix gradle quarkusRun
Signed-off-by: Phillip Kruger <[email protected]>
Signed-off-by: Phillip Kruger <[email protected]>
Signed-off-by: Phillip Kruger <[email protected]>
Signed-off-by: Phillip Kruger <[email protected]>
Bumps [proto-google-common-protos](https://github.com/googleapis/sdk-platform-java) from 2.16.0 to 2.19.1. - [Release notes](https://github.com/googleapis/sdk-platform-java/releases) - [Changelog](https://github.com/googleapis/sdk-platform-java/blob/main/CHANGELOG.md) - [Commits](https://github.com/googleapis/sdk-platform-java/commits) --- updated-dependencies: - dependency-name: com.google.api.grpc:proto-google-common-protos dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
This method can be called by filters to override the entity being sent by the JAX-RS client and before this commit we were not properly handling the case where either the entity was set to null or only the body of the entity was being set (and not the media type). Fixes: quarkusio#33738
fixed a missing configuration key in example
quarkus-bot
bot
added
area/kubernetes
area/liquibase
area/logging
area/maven
area/metrics
area/mongodb
area/narayana
|
Ouch, what happened, strange |
|
🙈 The PR is closed and the preview is expired. |
|
Removed the noteworthy label as the PR is closed and replaced by another one. |
Fixes #34133.
Fixes #30442.
quarkus-test-security-jwtsupports testing endpoints expectingJsonWebToken, andquarkus-test-security-oidcsupports testing endpoints expectingJsonWebToken, both as access and ID tokens.This PR goes ahead and adds support for custom claim types. Note it is only required to support the unit testing, when no
quarkus-smallrye-jwtorquarkus-oidcis configured.Long,Integer,Boolean,String,jakarta.json.JsonArrayandjakarta.json.JsonObjectsclaim type hints are supported. Some well known claims likeexp(expiry, see #34133) does not need a token hint.Note
JsonWebTokenAPI is not typed, example, it hasObject getClaim(String name), sosmallrye-jwtfor some non-standard claims will convert their value toJsonNumber/JsonValue, which is why in tests, you'd see for example some Long claim values cast to Long, and forcustomlongto JsonNumber.