UnauthorizedException when running Hibernate Search Elasticsearch with OIDC

[cdonate]

Describe the bug

I'm following this guide: https://quarkus.io/guides/hibernate-search-orm-elasticsearch and everything works as expected.

As soon as I try to add OIDC validation (quarkus-oidc) I get io.quarkus.security.UnauthorizedException while starting the dev profile.

Expected behavior

Running Quarkus OIDC does not affect quarkus-hibernate-search-orm-elasticsearch

Actual behavior

I'm unable to start the application in dev mode.

2023-08-04 11:43:37,135 ERROR [io.qua.run.Application] (Quarkus Main Thread) Failed to start application (with profile [dev]): java.lang.RuntimeException: Failed to start quarkus at io.quarkus.runner.ApplicationImpl.doStart(Unknown Source) at io.quarkus.runtime.Application.start(Application.java:101) at io.quarkus.runtime.ApplicationLifecycleManager.run(ApplicationLifecycleManager.java:111) at io.quarkus.runtime.Quarkus.run(Quarkus.java:71) at io.quarkus.runtime.Quarkus.run(Quarkus.java:44) at io.quarkus.runtime.Quarkus.run(Quarkus.java:124) at io.quarkus.runner.GeneratedMain.main(Unknown Source) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at io.quarkus.runner.bootstrap.StartupActionImpl$1.run(StartupActionImpl.java:104) at java.base/java.lang.Thread.run(Thread.java:833) Caused by: io.quarkus.security.UnauthorizedException

How to Reproduce?

Follow steps on https://quarkus.io/guides/hibernate-search-orm-elasticsearch.

After validating that it is working without authentication, add to pom.xml

`

io.quarkus quarkus-oidc

`

Add to application.properties

%dev.quarkus.oidc.enabled=true %dev.quarkus.oidc.roles.source=userinfo %dev.quarkus.oidc.authentication.user-info-required=true %dev.quarkus.oidc.auth-server-url=XXX %dev.quarkus.oidc.client-id=XXX quarkus.oidc.roles.role-claim-path=XXX

And the @ Authenticated annotation to a class

I'm also running OpenSerach as a container on my machine, so I've added these configurations:

quarkus.hibernate-search-orm.elasticsearch.version=opensearch:2.7.0 quarkus.hibernate-search-orm.automatic-indexing.synchronization.strategy=sync hibernate-search-orm.elasticsearch.hosts=localhost:9200 quarkus.elasticsearch.hosts=localhost:9200 quarkus.elasticsearch.devservices.enabled=false

Output of uname -a or ver

MINGW64_NT-10.0-19045 WDX2VHZVL3 3.3.6-bec3d608-341.x86_64 2023-02-22 08:29 UTC x86_64 Msys

Output of java -version

openjdk version "17.0.5" 2022-10-18 LTS OpenJDK Runtime Environment Microsoft-6841604 (build 17.0.5+8-LTS) OpenJDK 64-Bit Server VM Microsoft-6841604 (build 17.0.5+8-LTS, mixed mode, sharing)

GraalVM version (if different from Java)

No response

Quarkus version or git rev

3.2.3.Final

Build tool (ie. output of mvnw --version or gradlew --version)

Apache Maven 3.8.8 (4c87b05d9aedce574290d1acc98575ed5eb6cd39)

Additional information

No response

[quarkus-bot[bot]]

/cc @gsmet (elasticsearch,hibernate-search), @loicmathieu (elasticsearch), @pedroigor (oidc), @sberyozkin (oidc), @yrodiere (elasticsearch,hibernate-search)

[yrodiere]

Hi! Alright, as you're closing this yourself I'll assume you found out it wasn't a bug after all.

[cdonate]

There was no error, just lack of Quarkus knowledge on my side.

The @ Authenticated annotation was on the main class that had a onStart method. At the point onStart runs we are not authenticated, then the issue was happening.

I just moved the @ Authenticated to the endpoint itself and I was able to start the application. In the future I'll move the startup code to a different class.

Thank you Stephane Epardaud for the help on https://quarkusio.zulipchat.com/ dev channel.