Closed HknLof closed 1 year ago
quarkus.oidc.enabled
:
datacater.authorization.oidc
quarkus.http.auth.basic
:
Authorization: Basic <credentials>
) We only have header auth activated for one endpoint, AuthorizationEndpoint
. So if this endpoint is deactivated, basic auth is also deactivated. So we will always have basic auth activated, and control it through our endpointdatacater.authorization.basic
quarkus.security.users.embedded.enabled
:
authorization
-endpoint is useddatacater.authorization.basic
If multiple auth methods are activated, quarkus chooses the method based on priority, basic being the highest.
This is addressed by adding a custom HttpAuthenticationMechanism
, which chooses between oidc and basic based on what is set in datacater.authorization.oidc
Allow authentication mechanisms to be provided at runtime.
As if now, we have three build time variables that are used for setting up the different authentication methods, which means, we would need different images for different auth methods. It is possible to set the auth method at runtime, so we should create mapper variables to set the auth method at runtime inside the AuthMthodController
The build time variables are:
quarkus.http.auth.basic
quarkus.oidc.enabled
quarkus.security.users.embedded.enabled