feat: compare princiapl and access token issuer disabled by default (#…

…221)

* feat: compare princiapl and  access token issuer disabled by default

* feat: compare princiapl and  access token issuer disabled by default

docs/modules/tkit-quarkus/pages/includes/attributes.adoc

@@ -1,4 +1,4 @@
-:project-version: 2.33.0
+:project-version: 2.34.0
 :quarkus-version: 3.15.1
 
 :examples-dir: ./../examples/

docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc

@@ -144,6 +144,57 @@ endif::add-copy-button-to-env-var[]
 |boolean
 |`true`
 
+a| [[tkit-quarkus-rest-context_tkit-rs-context-token-required-error-unauthorized]] [.property-path]##link:#tkit-quarkus-rest-context_tkit-rs-context-token-required-error-unauthorized[`tkit.rs.context.token.required-error-unauthorized`]##
+
+[.description]
+--
+Throw Unauthorized exception for required error. Return StatusCode 401.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++TKIT_RS_CONTEXT_TOKEN_REQUIRED_ERROR_UNAUTHORIZED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++TKIT_RS_CONTEXT_TOKEN_REQUIRED_ERROR_UNAUTHORIZED+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`false`
+
+a| [[tkit-quarkus-rest-context_tkit-rs-context-token-check-tokens-issuer-error-unauthorized]] [.property-path]##link:#tkit-quarkus-rest-context_tkit-rs-context-token-check-tokens-issuer-error-unauthorized[`tkit.rs.context.token.check-tokens-issuer-error-unauthorized`]##
+
+[.description]
+--
+Throw Unauthorized exception if access token issuer does not equal to principal token issuer. Return StatusCode 401.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++TKIT_RS_CONTEXT_TOKEN_CHECK_TOKENS_ISSUER_ERROR_UNAUTHORIZED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++TKIT_RS_CONTEXT_TOKEN_CHECK_TOKENS_ISSUER_ERROR_UNAUTHORIZED+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`true`
+
+a| [[tkit-quarkus-rest-context_tkit-rs-context-token-check-tokens-issuer]] [.property-path]##link:#tkit-quarkus-rest-context_tkit-rs-context-token-check-tokens-issuer[`tkit.rs.context.token.check-tokens-issuer`]##
+
+[.description]
+--
+Compare access token issuer with principal token issuer.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++TKIT_RS_CONTEXT_TOKEN_CHECK_TOKENS_ISSUER+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++TKIT_RS_CONTEXT_TOKEN_CHECK_TOKENS_ISSUER+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`false`
+
 a| [[tkit-quarkus-rest-context_tkit-rs-context-principal-name-enabled]] [.property-path]##link:#tkit-quarkus-rest-context_tkit-rs-context-principal-name-enabled[`tkit.rs.context.principal.name.enabled`]##
 
 [.description]

extensions/rest-context/runtime/src/main/java/org/tkit/quarkus/rs/context/token/TokenContextConfig.java

@@ -104,7 +104,7 @@ interface TokenConfig {
          * Compare access token issuer with principal token issuer.
          */
         @WithName("check-tokens-issuer")
-        @WithDefault("true")
+        @WithDefault("false")
         boolean checkTokensIssuer();
     }
 

it/rest-context-multi-kc/src/main/resources/application.properties

@@ -11,6 +11,7 @@ tkit.rs.context.token.verify=true
 tkit.rs.context.token.public-key-location.enabled=true
 tkit.rs.context.token.parser-error-unauthorized=false
 tkit.rs.context.token.check-tokens-issuer-error-unauthorized=false
+tkit.rs.context.token.check-tokens-issuer=true
 
 quarkus.keycloak.devservices.enabled=false