[SOLVED] Quarkus Rest Service to be accessed by users from two different keycloaks

Quarkus Rest Service to be accessed by users from two different keycloaks

How to implement a quarkus rest service, that is accessed by two different frontend applications, that use two different oidc providers?

So the user of Application A, calls the quarkus rest service with a JWT Token from Keycloak A.
The user of Application B, calls the same quarkus rest service with a JWT Token from Keycloak B.

I first thought this would be multi-tenancy. But from what I understand in multi-tenancy, the Tenantresolver, requires different routing contexts. But here the rest service has to allow both Application A and B users access to access the same resource. Could someone please help with this?

Solution

I think this requires a multi-tenant configuration.

You can configure your Rest resource as follows:

@Path(/{uniqueKeyCloakPath}/fruits)
public class FruitResource { 
…

From here on, follow the guide on the Quarkus website:

https://quarkus.io/guides/security-openid-connect-multitenancy

Basically, with the TenantResolver you need to check the incoming request whether the request is coming from Keycloak-A or B and then set the url & clientId accordingly.