OIDC logout doesn't work with Gradle project variable

[RacmanT]

Describe the bug

Hi everyone! 👋🏻

I have a project with some oidc application.properties that partially depend on Gradle project environment variables passed through the cli (e.g. quarkus.oidc.logout.path=${CONTEXT_PATH:/}logout).

Running it with the Gradle project variables flag -P[propertyName] doesn't work. When running the project with the system variables flag -D[propertyName] everything works as expected.

The issue is caused by the fact that in first case some composed properties are correctly set while others aren't.

Expected behavior

The Dev Logout returns a 302 Found which redirects to the Keycloak login page.

Actual behavior

The Dev Logout returns a 404 Not Found

How to Reproduce?

Reproducer: quarkus-oidc-demo

Steps:

1. Clone the reproducer and cd into it
2. ./gradlew quarkusDev --console=plain -PCONTEXT_PATH="/dev/" (notice the -P)
3. open a browser on the http://localhost:8080 and login with alice alice
4. click on the Dev Logout link element

Output of uname -a or ver

No response

Output of java -version

21

Quarkus version or git rev

13.5.1

Build tool (ie. output of mvnw --version or gradlew --version)

Gradle 8.5

Additional information

Interestingly, some properties, such as quarkus.rest.path=${CONTEXT_PATH:/}rest, are set correctly even with the -P flag. This can be verified in the demo app by clicking on the Ping link which sends a request to http://localhost:8080/dev/rest/ping (notice the /dev/ part of the URL ) and which returns the content of quarkus.oidc.logout.path=${CONTEXT_PATH:/}logout (returns "/logout", notice the absence of /dev/) .

Meaning that in some cases the CONTEXT_PATH gets set even with the -P (-PCONTEXT_PATH="/dev") :

• quarkus.rest.path=${CONTEXT_PATH:/}rest
• quarkus.oidc.logout.path=${CONTEXT_PATH:/}logout

[quarkus-bot[bot]]

/cc @glefloch, @pedroigor (oidc), @quarkusio/devtools, @sberyozkin (oidc)

[sberyozkin]

@RacmanT Thanks for the reproducer.

Let me CC @radcortez, @aloubyansky and @phillip-kruger as well. I can try to fix it at the OIDC level, if you can explain a bit what to pay attention to in such cases :-), not sure right now OIDC sees /dev/, the logout path is a runtime property.

[RacmanT]

Thanks for the quick response @sberyozkin :)

I can try to fix it at the OIDC level, if you can explain a bit what to pay attention to in such cases

Do you mean by tuning Keycloak settings? I already tried that and didn't work :( . What kind of info do you need?

Also I forgot to mention that adding -Dquarkus.oidc.logout.path=/dev/logout along with the -P... variable doesn't solve.

[sberyozkin]

@RacmanT Sorry, I was asking my colleagues with more knowledge about Gradle and devmode :-)

[RacmanT]

@sberyozkin any news on this front? 🙂

[gsmet]

TBH I'm not sure it's something we support, maybe @cdsap could shed some light on what exactly is specific with these project properties and if they can be handled on our side?

[cdsap]

Hi @RacmanT,

I just cloned your reproducer from this repository and I’m experiencing the opposite behavior:

• When using -PCONTEXT_PATH="/dev/", clicking logout redirects me to the screen:

• However, using -DCONTEXT_PATH="/dev/" results in a 404 error.

After reviewing the implementation of the QuarkusDev task, I noticed that it processes project properties.

For reference, I haven’t overridden any OIDC properties in my gradle.properties file in the user home directory. Is there anything I might be missing to fully reproduce the steps you described?

[RacmanT]

Hi @cdsap ! Thanks for your reply!

You should have clicked on Dev Logout link :

• click on the Dev Logout link element

The Logout link (without Dev) is a leftover that I've used to test if quarkus ignores the passed gradle properties which is actually the case. The difference between the two links is:

• Dev Logout points to /dev/logout which should be the resolved logout endpoint when passing the gradle property (since we have ${CONTEXT_PATH:/}logout) and should perform the session logout when clicked
• Logout points to /logout and should return a 404 Not Found if the gradle property would be resolved correctly

The problem is that quarkus ignores the passed gradle property, which actually makes ${CONTEXT_PATH:/}logout resolve always to /logout

If you have any other issue let me know 🙂

[cdsap]

thanks for the clarification @RacmanT, now I can reproduce it by clicking on the dev logout link