I'm trying to make an Quarkus API (OpenAPI - Resteasy) with authentication (bearer-only mode). Here's my Quarkus config :
# OIDC Configuration
quarkus.oidc.auth-server-url=https://my_idp/auth/realms/MY_REALM
quarkus.oidc.client-id=my_keycloak_client
quarkus.oidc.tls.verification=none
# Enable Policy Enforcement
quarkus.keycloak.policy-enforcer.enable=true
...
And my keycloak client :
client protocol : openid-connect
access_type : bearer-only
A secret is also defined for this client (but I think it doesn't need to beused in that case)
On startup (mvn compile quarkus:dev), I got the following error :
Failed to start application (with profile dev): org.keycloak.authorization.client.util.HttpResponseException: Unexpected response from server: 400 / Bad Re
quest / Response from server: {"error":"invalid_client","error_description":"Invalid client credentials"}
(I've check my clientID was fine)
I've read the official guide : https://quarkus.io/guides/security-openid-connect and other google articles but not found any resource that describes this usecase.
Did I miss something ? This API was previously done with Spring Boot and everything was allright.
Thanks,
Christophe
My solution : Finally (my bad), this was because I've used the keycloak policy enforcement mechanism. I drop the dependency "keycloak-authorization" (and the associated configuration).
Only the oidc dependency was mandatory with the following application.properties :
# OIDC Configuration
quarkus.oidc.auth-server-url=https://idp/auth/realms/REALM
quarkus.oidc.client-id=CLIENT_ID
quarkus.oidc.tls.verification=none
quarkus.http.auth.permission.permit1.paths=/*
quarkus.http.auth.permission.permit1.policy=authenticated
quarkus.http.auth.permission.dev.paths=/q/dev
quarkus.http.auth.permission.dev.policy=permit
I'd used https://quarkus.io/guides/security-keycloak-authorization guide instead of the https://quarkus.io/guides/security-openid-connect one.
Regards