search

quarkusio / quarkus

Quarkus: Supersonic Subatomic Java.
https://quarkus.io
Apache License 2.0
13.73k stars 2.67k forks source link

Handle revoked tokens - OIDC #44037

Open IvanPuntev opened 2 hours ago

IvanPuntev commented 2 hours ago

Description

Regarding https://github.com/quarkusio/quarkus/discussions/43904

The oidc client doesn't try to get a new token if the old one is revoked. Currently you need to implement a solution yourself to check if 401 response is received. It would be nice if this is handled by the framework out of the box.

Implementation ideas

If more than one oidc client is used in the code then this retry needs to be handled only for the specific client.

quarkus-bot[bot] commented 2 hours ago

/cc @pedroigor (oidc), @sberyozkin (oidc)

sberyozkin commented 2 hours ago

@IvanPuntev Thanks, just to clarify, we definitely can not do a retry at the OIDC client filter level, we can only try to help it understand that what it sees as a valid token must be refreshed. The actual retry will have to be initiated by the user with fault tolerance annotations like @Retry.

And please recall, users always have an option to take full control by using OidcClient directly