Add smallrye-jwt and smallrye-jwt-build to existing services

[jletberg]

[Feature request] It is possible to make smallrye-jwt and smallrye-jwt-build extensions available out of the box for existing Kogito Services (such as data-index, jobs-service, etc.)?

[ricardozanini]

Hi! Can you give some context? What's the use case?

[jletberg]

Hi! The context is that I run Kogito in AWS cloud (using EKS) and looking for a way to get rid of the Keycloak completely. As a Keycloak alternative, I have an existing authentication solution with Azure AD, which enables getting a cookie with JWT in the web browser. But I need the Kogito to decode that JWT, so I can implement the authorization properly to ensure the user can see only what he is meant to see (according to the groups). It is easy with the custom Kogito service as the source code is in my hands. However, access to the Kogito platform services won't work unless they can read the same JWT and treat a user as authenticated (which is not the case, as JWT support is not there by default).

[ricardozanini]

Have you considered using the images as base for your custom one? But I believe we can add an ARG in these images to accept adding external dependencies with ease. So that you can build your own Containerfile using these services as bases. WDYT?

[jletberg]

Extending the Kogito images was one of the options I identified as a workaround - I'll continue investigating this approach. But adding an ARG will be a great improvement! Please do that.

BR, Juri

[ricardozanini]

@jletberg feel free to send a PR!