OpenID authentication broken after Spring Security Upgrade

[cbellone]

Discussed in https://github.com/alfio-event/alf.io/discussions/1379

^{Originally posted by **@TheKrystek** July 16, 2024} Hi, I've been struggling to setup authentication for public users. I'm using **keycloak** and alfio is started in dev mode (backend running on 8080 and frontend on 4200). I can create an account, then login, then BaseOpenIdAuthenticationManager.createOrRetrieveUser returns valid authentication. However when request is sent from angular app **/api/v2/public/user/me** to obtain user's identity object Authentication principal is always null. Since as far I can tell everything on keycloak side looks alight I suspect there might be something wrong/missing with alfio itself. I'd gladly get some pointers:)

[cbellone]

This should be fixed now. Please note that with the new implementation:

• it is not possible to call an OpenID endpoint using HTTP scheme
• we now validate tokens signature. There is an additional parameter openid.jwksPath which defaults to /.well-known/jwks.json

[TheKrystek]

Thanks a lot, I hope, that I'll have time later this week to take a look. Really appreciate your prompt fix :)