chore(oidc): dont use methods/fields marked for removal

michalvavrik · michalvavrik · commit d6e2301c689a · 2025-04-21T17:49:08.000+02:00
diff --git a/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevUIProcessor.java b/extensions/oidc/deployment/src/main/java/io/quarkus/oidc/deployment/devservices/OidcDevUIProcessor.java
@@ -18,8 +18,8 @@
 import io.quarkus.devui.spi.JsonRPCProvidersBuildItem;
 import io.quarkus.devui.spi.page.CardPageBuildItem;
 import io.quarkus.oidc.OidcTenantConfig;
-import io.quarkus.oidc.OidcTenantConfig.Provider;
 import io.quarkus.oidc.deployment.OidcBuildTimeConfig;
+import io.quarkus.oidc.runtime.OidcTenantConfig.Provider;
 import io.quarkus.oidc.runtime.devui.OidcDevJsonRpcService;
 import io.quarkus.oidc.runtime.devui.OidcDevUiRecorder;
 import io.quarkus.oidc.runtime.providers.KnownOidcProviders;
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/OidcTenantConfig.java
@@ -3003,6 +3003,13 @@ public Optional<io.quarkus.oidc.runtime.OidcTenantConfig.Provider> provider() {
         return provider.map(Enum::toString).map(io.quarkus.oidc.runtime.OidcTenantConfig.Provider::valueOf);
     }
 
+    /**
+     * @return new {@link OidcTenantConfig} with {@link OidcTenantConfig#tenantEnabled()} set to {@code false}
+     */
+    public OidcTenantConfig disableTenant() {
+        return builder(this).disableTenant().build();
+    }
+
     /**
      * Creates {@link OidcTenantConfigBuilder} builder populated with documented default values.
      *
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java
@@ -1040,10 +1040,10 @@ private String generateInternalIdToken(TenantConfigContext context, UserInfo use
         } else if (accessTokenExpiresInSecs != null) {
             builder.expiresIn(accessTokenExpiresInSecs);
         }
-        builder.audience(context.oidcConfig().getClientId().get());
+        builder.audience(context.oidcConfig().clientId().get());
 
         JwtSignatureBuilder sigBuilder = builder.jws().header(INTERNAL_IDTOKEN_HEADER, true);
-        String clientOrJwtSecret = OidcCommonUtils.getClientOrJwtSecret(context.oidcConfig().credentials);
+        String clientOrJwtSecret = OidcCommonUtils.getClientOrJwtSecret(context.oidcConfig().credentials());
         if (clientOrJwtSecret != null) {
             LOG.debug("Signing internal ID token with a configured client secret");
             return sigBuilder.sign(KeyUtils.createSecretKeyFromSecret(clientOrJwtSecret));
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/DefaultTenantConfigResolver.java
@@ -246,7 +246,7 @@ private Uni<OidcTenantConfig> getDynamicTenantConfig(RoutingContext context) {
                     //shouldn't happen, but guard against it anyway
                     oidcConfig = Uni.createFrom().nullItem();
                 } else {
-                    oidcConfig = oidcConfig.onItem().transform(cfg -> OidcUtils.resolveProviderConfig(cfg));
+                    oidcConfig = oidcConfig.map(OidcUtils::resolveProviderConfig);
                 }
                 context.put(CURRENT_DYNAMIC_TENANT_CONFIG, oidcConfig);
             }
@@ -261,7 +261,7 @@ private Uni<TenantConfigContext> getDynamicTenantContext(RoutingContext context)
             @Override
             public Uni<? extends TenantConfigContext> apply(OidcTenantConfig tenantConfig) {
                 if (tenantConfig != null) {
-                    var tenantId = tenantConfig.getTenantId()
+                    var tenantId = tenantConfig.tenantId()
                             .orElseThrow(() -> new OIDCException("Tenant configuration must have tenant id"));
                     var tenantContext = tenantConfigBean.getDynamicTenant(tenantId);
                     if (tenantContext == null) {
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcConfigPropertySupplier.java
@@ -10,9 +10,9 @@
 import org.eclipse.microprofile.config.ConfigProvider;
 
 import io.quarkus.oidc.OidcTenantConfig;
-import io.quarkus.oidc.OidcTenantConfig.Provider;
 import io.quarkus.oidc.common.runtime.OidcCommonUtils;
 import io.quarkus.oidc.common.runtime.OidcConstants;
+import io.quarkus.oidc.runtime.OidcTenantConfig.Provider;
 import io.quarkus.oidc.runtime.providers.KnownOidcProviders;
 import io.smallrye.config.SmallRyeConfig;
 
@@ -90,16 +90,15 @@ public void setUrlProperty(boolean urlProperty) {
     }
 
     public String get(Config config) {
-        Optional<Provider> provider = config.getOptionalValue(OIDC_PROVIDER_CONFIG_KEY,
-                Provider.class);
+        Optional<Provider> provider = config.getOptionalValue(OIDC_PROVIDER_CONFIG_KEY, Provider.class);
         OidcTenantConfig providerConfig = provider.isPresent() ? KnownOidcProviders.provider(provider.get()) : null;
         if (defaultValue != null || RELATIVE_PATH_CONFIG_PROPS.contains(oidcConfigProperty)) {
             Optional<String> value = config.getOptionalValue(oidcConfigProperty, String.class);
             if (value.isEmpty() && providerConfig != null) {
                 if (END_SESSION_PATH_CONFIG_KEY.equals(oidcConfigProperty)) {
                     value = providerConfig.endSessionPath();
                 } else if (TOKEN_PATH_CONFIG_KEY.equals(oidcConfigProperty)) {
-                    value = providerConfig.tokenPath;
+                    value = providerConfig.tokenPath();
                 } else if (AUTH_PATH_CONFIG_KEY.equals(oidcConfigProperty)) {
                     value = providerConfig.authorizationPath();
                 }
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcImpl.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcImpl.java
@@ -13,7 +13,7 @@
 
 final class OidcImpl implements Oidc {
 
-    private Map<String, OidcTenantConfig> staticTenantConfigs;
+    private final Map<String, OidcTenantConfig> staticTenantConfigs;
     private OidcTenantConfig defaultTenantConfig;
 
     OidcImpl(OidcConfig config) {
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProvider.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProvider.java
@@ -624,7 +624,7 @@ public Key resolveKey(JsonWebSignature jws, List<JsonWebStructure> nestingContex
         }
 
         private Key initKey(Key generatedInternalSignatureKey) {
-            String clientSecret = OidcCommonUtils.getClientOrJwtSecret(oidcConfig.credentials);
+            String clientSecret = OidcCommonUtils.getClientOrJwtSecret(oidcConfig.credentials());
             if (clientSecret != null) {
                 LOG.debug("Verifying internal ID token with a configured client secret");
                 return KeyUtils.createSecretKeyFromSecret(clientSecret);
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClientImpl.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcProviderClientImpl.java
@@ -86,6 +86,10 @@ public OidcProviderClientImpl(WebClient client,
         this.clientSecretQueryAuthentication = oidcConfig.credentials().clientSecret().method().orElse(null) == Method.QUERY;
     }
 
+    OidcTenantConfig getOidcConfig() {
+        return oidcConfig;
+    }
+
     private static ClientAssertionProvider createClientAssertionProvider(Vertx vertx, OidcTenantConfig oidcConfig) {
         var clientAssertionProvider = new ClientAssertionProvider(vertx,
                 oidcConfig.credentials().jwt().tokenPath().get());
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/OidcUtils.java
@@ -494,87 +494,99 @@ static OidcTenantConfig mergeTenantConfig(OidcTenantConfig tenant, OidcTenantCon
             // OidcRecorder sets it before the merge operation
             throw new IllegalStateException();
         }
+        var tenantBuilder = OidcTenantConfig.builder(tenant);
         // root properties
-        if (tenant.authServerUrl().isEmpty()) {
-            tenant.authServerUrl = provider.authServerUrl();
+        if (tenant.authServerUrl().isEmpty() && provider.authServerUrl().isPresent()) {
+            tenantBuilder.authServerUrl(provider.authServerUrl().get());
         }
-        if (tenant.applicationType().isEmpty()) {
-            tenant.applicationType = provider.applicationType;
+        if (tenant.applicationType().isEmpty() && provider.applicationType().isPresent()) {
+            tenantBuilder.applicationType(provider.applicationType().get());
         }
-        if (tenant.discoveryEnabled().isEmpty()) {
-            tenant.discoveryEnabled = provider.discoveryEnabled();
+        if (tenant.discoveryEnabled().isEmpty() && provider.discoveryEnabled().isPresent()) {
+            tenantBuilder.discoveryEnabled(provider.discoveryEnabled().get());
         }
-        if (tenant.authorizationPath().isEmpty()) {
-            tenant.authorizationPath = provider.authorizationPath();
+        if (tenant.authorizationPath().isEmpty() && provider.authorizationPath().isPresent()) {
+            tenantBuilder.authorizationPath(provider.authorizationPath().get());
         }
-        if (tenant.jwksPath().isEmpty()) {
-            tenant.jwksPath = provider.jwksPath();
+        if (tenant.jwksPath().isEmpty() && provider.jwksPath().isPresent()) {
+            tenantBuilder.jwksPath(provider.jwksPath().get());
         }
-        if (tenant.tokenPath().isEmpty()) {
-            tenant.tokenPath = provider.tokenPath();
+        if (tenant.tokenPath().isEmpty() && provider.tokenPath().isPresent()) {
+            tenantBuilder.tokenPath(provider.tokenPath().get());
         }
-        if (tenant.userInfoPath().isEmpty()) {
-            tenant.userInfoPath = provider.userInfoPath();
+        if (tenant.userInfoPath().isEmpty() && provider.userInfoPath().isPresent()) {
+            tenantBuilder.userInfoPath(provider.userInfoPath().get());
         }
 
         // authentication
-        if (tenant.authentication().idTokenRequired().isEmpty()) {
-            tenant.authentication.idTokenRequired = provider.authentication().idTokenRequired();
+        var tenantAuth = tenant.authentication();
+        var providerAuth = provider.authentication();
+        var authBuilder = tenantBuilder.authentication();
+        if (tenantAuth.idTokenRequired().isEmpty() && providerAuth.idTokenRequired().isPresent()) {
+            authBuilder.idTokenRequired(providerAuth.idTokenRequired().get());
         }
-        if (tenant.authentication().userInfoRequired().isEmpty()) {
-            tenant.authentication.userInfoRequired = provider.authentication().userInfoRequired();
+        if (tenantAuth.userInfoRequired().isEmpty() && providerAuth.userInfoRequired().isPresent()) {
+            authBuilder.userInfoRequired(providerAuth.userInfoRequired().get());
         }
-        if (tenant.authentication().pkceRequired().isEmpty()) {
-            tenant.authentication.pkceRequired = provider.authentication().pkceRequired();
+        if (tenantAuth.pkceRequired().isEmpty() && providerAuth.pkceRequired().isPresent()) {
+            authBuilder.pkceRequired(providerAuth.pkceRequired().get());
         }
-        if (tenant.authentication().scopes().isEmpty()) {
-            tenant.authentication.scopes = provider.authentication().scopes();
+        if (tenantAuth.scopes().isEmpty() && providerAuth.scopes().isPresent()) {
+            authBuilder.scopes(providerAuth.scopes().get());
         }
-        if (tenant.authentication().scopeSeparator().isEmpty()) {
-            tenant.authentication.scopeSeparator = provider.authentication().scopeSeparator();
+        if (tenantAuth.scopeSeparator().isEmpty() && providerAuth.scopeSeparator().isPresent()) {
+            authBuilder.scopeSeparator(providerAuth.scopeSeparator().get());
         }
-        if (tenant.authentication().addOpenidScope().isEmpty()) {
-            tenant.authentication.addOpenidScope = provider.authentication().addOpenidScope();
+        if (tenantAuth.addOpenidScope().isEmpty() && providerAuth.addOpenidScope().isPresent()) {
+            authBuilder.addOpenidScope(providerAuth.addOpenidScope().get());
         }
-        if (tenant.authentication().forceRedirectHttpsScheme().isEmpty()) {
-            tenant.authentication.forceRedirectHttpsScheme = provider.authentication().forceRedirectHttpsScheme();
+        if (tenantAuth.forceRedirectHttpsScheme().isEmpty() && providerAuth.forceRedirectHttpsScheme().isPresent()) {
+            authBuilder.forceRedirectHttpsScheme(providerAuth.forceRedirectHttpsScheme().get());
         }
-        if (tenant.authentication().responseMode().isEmpty()) {
-            tenant.authentication.responseMode = provider.authentication.responseMode;
+        if (tenantAuth.responseMode().isEmpty() && providerAuth.responseMode().isPresent()) {
+            authBuilder.responseMode(providerAuth.responseMode().get());
         }
-        if (tenant.authentication().redirectPath().isEmpty()) {
-            tenant.authentication.redirectPath = provider.authentication().redirectPath();
+        if (tenantAuth.redirectPath().isEmpty() && providerAuth.redirectPath().isPresent()) {
+            authBuilder.redirectPath(providerAuth.redirectPath().get());
         }
+        authBuilder.end();
 
         // credentials
-        if (tenant.credentials().clientSecret().method().isEmpty()) {
-            tenant.credentials.clientSecret.method = provider.credentials.clientSecret.method;
+        var credentialsBuilder = tenantBuilder.credentials();
+        if (tenant.credentials().clientSecret().method().isEmpty()
+                && provider.credentials().clientSecret().method().isPresent()) {
+            credentialsBuilder.clientSecret().method(provider.credentials().clientSecret().method().get()).end();
         }
-        if (tenant.credentials().jwt().audience().isEmpty()) {
-            tenant.credentials.jwt.audience = provider.credentials().jwt().audience();
+        if (tenant.credentials().jwt().audience().isEmpty() && provider.credentials().jwt().audience().isPresent()) {
+            credentialsBuilder.jwt().audience(provider.credentials().jwt().audience().get()).end();
         }
-        if (tenant.credentials().jwt().signatureAlgorithm().isEmpty()) {
-            tenant.credentials.jwt.signatureAlgorithm = provider.credentials().jwt().signatureAlgorithm();
+        if (tenant.credentials().jwt().signatureAlgorithm().isEmpty()
+                && provider.credentials().jwt().signatureAlgorithm().isPresent()) {
+            credentialsBuilder.jwt().signatureAlgorithm(provider.credentials().jwt().signatureAlgorithm().get()).end();
         }
+        credentialsBuilder.end();
 
         // token
-        if (tenant.token().issuer().isEmpty()) {
-            tenant.token.issuer = provider.token().issuer();
+        var tokenBuilder = tenantBuilder.token();
+        if (tenant.token().issuer().isEmpty() && provider.token().issuer().isPresent()) {
+            tokenBuilder.issuer(provider.token().issuer().get());
         }
-        if (tenant.token().principalClaim().isEmpty()) {
-            tenant.token.principalClaim = provider.token().principalClaim();
+        if (tenant.token().principalClaim().isEmpty() && provider.token().principalClaim().isPresent()) {
+            tokenBuilder.principalClaim(provider.token().principalClaim().get());
         }
-        if (tenant.token().verifyAccessTokenWithUserInfo().isEmpty()) {
-            tenant.token.verifyAccessTokenWithUserInfo = provider.token().verifyAccessTokenWithUserInfo();
+        if (tenant.token().verifyAccessTokenWithUserInfo().isEmpty()
+                && provider.token().verifyAccessTokenWithUserInfo().isPresent()) {
+            tokenBuilder.verifyAccessTokenWithUserInfo(provider.token().verifyAccessTokenWithUserInfo().get());
         }
+        tokenBuilder.end();
 
-        return tenant;
+        return tenantBuilder.build();
     }
 
     static OidcTenantConfig resolveProviderConfig(OidcTenantConfig oidcTenantConfig) {
         if (oidcTenantConfig != null && oidcTenantConfig.provider().isPresent()) {
             return OidcUtils.mergeTenantConfig(oidcTenantConfig,
-                    KnownOidcProviders.provider(oidcTenantConfig.provider.get()));
+                    KnownOidcProviders.provider(oidcTenantConfig.provider().get()));
         } else {
             return oidcTenantConfig;
         }
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantConfigContext.java
@@ -48,6 +48,10 @@ default Uni<TenantConfigContext> initialize() {
         return Uni.createFrom().item(this);
     }
 
+    static TenantConfigContext createReady(OidcProvider provider) {
+        return createReady(provider, provider.oidcConfig);
+    }
+
     static TenantConfigContext createReady(OidcProvider provider, OidcTenantConfig config) {
         return new TenantConfigContextImpl(provider, config);
     }
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantContextFactory.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/TenantContextFactory.java
diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/providers/KnownOidcProviders.java
diff --git a/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/KnownOidcProvidersTest.java b/extensions/oidc/runtime/src/test/java/io/quarkus/oidc/runtime/KnownOidcProvidersTest.java

Original file line number	Diff line number	Diff line change
`@@ -3003,6 +3003,13 @@ public Optional<io.quarkus.oidc.runtime.OidcTenantConfig.Provider> provider() {`
`3003`	`3003`	`return provider.map(Enum::toString).map(io.quarkus.oidc.runtime.OidcTenantConfig.Provider::valueOf);`
`3004`	`3004`	`}`
`3005`	`3005`
	`3006`	`+ /**`
	`3007`	`+ * @return new {@link OidcTenantConfig} with {@link OidcTenantConfig#tenantEnabled()} set to {@code false}`
	`3008`	`+ */`
	`3009`	`+ public OidcTenantConfig disableTenant() {`
	`3010`	`+ return builder(this).disableTenant().build();`
	`3011`	`+ }`
	`3012`	`+`
`3006`	`3013`	`/**`
`3007`	`3014`	`* Creates {@link OidcTenantConfigBuilder} builder populated with documented default values.`
`3008`	`3015`	`*`
Original file line number	Diff line number	Diff line change
`@@ -624,7 +624,7 @@ public Key resolveKey(JsonWebSignature jws, List<JsonWebStructure> nestingContex`
`624`	`624`	`}`
`625`	`625`
`626`	`626`	`private Key initKey(Key generatedInternalSignatureKey) {`
`627`		`- String clientSecret = OidcCommonUtils.getClientOrJwtSecret(oidcConfig.credentials);`
	`627`	`+ String clientSecret = OidcCommonUtils.getClientOrJwtSecret(oidcConfig.credentials());`
`628`	`628`	`if (clientSecret != null) {`
`629`	`629`	`LOG.debug("Verifying internal ID token with a configured client secret");`
`630`	`630`	`return KeyUtils.createSecretKeyFromSecret(clientSecret);`
Original file line number	Diff line number	Diff line change
`@@ -48,6 +48,10 @@ default Uni<TenantConfigContext> initialize() {`
`48`	`48`	`return Uni.createFrom().item(this);`
`49`	`49`	`}`
`50`	`50`
	`51`	`+ static TenantConfigContext createReady(OidcProvider provider) {`
	`52`	`+ return createReady(provider, provider.oidcConfig);`
	`53`	`+ }`
	`54`	`+`
`51`	`55`	`static TenantConfigContext createReady(OidcProvider provider, OidcTenantConfig config) {`
`52`	`56`	`return new TenantConfigContextImpl(provider, config);`
`53`	`57`	`}`