-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keycloak/Quarkus Issues: Dev and Prod #35599
Comments
/cc @pedroigor (keycloak), @sberyozkin (keycloak) |
@tmulle
SwaggerUI has its own script logic and can't be used independently to login to Keycloak DevService, you have to use Swagger UI from inside https://quarkus.io/guides/security-openid-connect-dev-services#test-with-swagger-graphql The token acquired as part of the SPA login (or if you configure Keycloak devservices, the client credentials grant, https://quarkus.io/guides/security-openid-connect-dev-services#client-credentials-grant) will be wired in via a local storage hack, to Swagger UI. Click on Swagger UI link and start testing, just avoid
I think, as far as this issue is concerned, once you confirm you can use Swagger UI from the OIDC card as described above, we can close the issue, can you please confirm it ? |
Well it might work, but only the Direct use of Swagger UI is a Swagger UI specific and/or Keycloak issue if a given grant authentication does not work |
Ok thanks.. I see the new UI you mentioned. However, when I set it up for I know they are good because I can log in using Postman with the same URL and credentials the DEV service UI is trying to use. I can use Postman to get the access token and use it in my backend services just fine. So I know the creds are good. Debugging the code below, the call is returning a 401 Unauthorized. I tried different paths of '/' , '/*' and even an exact path I hit in Postman and nothing works. It fails with the error: 2023-08-28 18:16:27,048 ERROR [io.qua.dev.run.jso.JsonRpcCodec] (vert.x-eventloop-thread-2) Error in JsonRPC Call: java.lang.RuntimeException: {"error":"unauthorized_client","error_description":"Invalid client or Invalid client credentials"}
at io.quarkus.oidc.runtime.devui.OidcDevServicesUtils.getAccessTokenFromJson(OidcDevServicesUtils.java:219)
at io.quarkus.oidc.runtime.devui.OidcDevServicesUtils.lambda$getClientCredAccessToken$1(OidcDevServicesUtils.java:87)
at io.smallrye.context.impl.wrappers.SlowContextualFunction.apply(SlowContextualFunction.java:21)
at io.smallrye.mutiny.operators.uni.UniOnItemTransform$UniOnItemTransformProcessor.onItem(UniOnItemTransform.java:36)
at io.smallrye.mutiny.vertx.AsyncResultUni.lambda$subscribe$1(AsyncResultUni.java:35)
at io.smallrye.mutiny.vertx.DelegatingHandler.handle(DelegatingHandler.java:25)
at io.vertx.ext.web.client.impl.HttpContext.handleDispatchResponse(HttpContext.java:397)
at io.vertx.ext.web.client.impl.HttpContext.execute(HttpContext.java:384)
at io.vertx.ext.web.client.impl.HttpContext.next(HttpContext.java:362)
at io.vertx.ext.web.client.impl.HttpContext.fire(HttpContext.java:329)
at io.vertx.ext.web.client.impl.HttpContext.dispatchResponse(HttpContext.java:291)
at io.vertx.ext.web.client.impl.HttpContext.lambda$null$7(HttpContext.java:507)
at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:264)
at io.vertx.core.impl.ContextInternal.dispatch(ContextInternal.java:246)
at io.vertx.core.impl.EventLoopContext.lambda$runOnContext$0(EventLoopContext.java:43)
at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:174) Any ideas? |
@tmulle That is how partial export should work to avoid leaking sensitive data at runtime. You can use the export command to run a full export and achieve what you want. When running a full export it is safer to assume the user intention. As you noticed, the behavior has been there (correctly, IMO) for a long time. |
@tmulle I've tried both |
@tmulle I've fixed the typo related to the client credential or password token verification when Dev UI is used to acquire the tokens.
This client id and secret should already be setup by Dev UI - these are values which are configured in |
It actually works as expected, if one enters custom client/secret they are passed to Keycloak correctly.
Can you share your |
So, I've tried everything and I still can't get it to work. I tried adding the client-id and secret in my application properties and leaving them out. The weird thing is that when I try to hit a service endpoint in my application that isn't authenticated I still get a 401. Here is the debug log from the dev services when I try to log in using the
I'll attach my realm I'm testing.. it's a service user with client-id This is the OIDC portion of my I don't have a client-id or client-secret defined because my quarkus application just receives Bearer tokens.
|
@sberyozkin ok it looks like 3.3.2 partially fixes my issue. There is still the password issue with Upper/Lowercase.
|
Hi @tmulle #35888 fixes the SwaggerUI problem for client creds, this one in particular is not used often from DevUI, so a few typos introduced during the migration were not caught, so thanks for catching them. The capital case password problem can not be reproduced. I've tried both code flow and client creds, you can confirm it with empty application properties and
in DevUI, follow Keycloak Admin link, login as Note #35888 will resolve this issue once merged. If something still does not work after it is merged then please open more specific issues, it will be easier to handle them. Thanks |
…oud-jsonlogging!18) This MR contains the following updates: | Package | Type | Update | Change | |---------|------|--------|--------| | [io.quarkus:quarkus-extension-processor](https://github.com/quarkusio/quarkus) | | minor | `3.3.2` -\> `3.4.1` | | [io.quarkus:quarkus-extension-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.3.2` -\> `3.4.1` | | [io.quarkus:quarkus-bom](https://github.com/quarkusio/quarkus) | import | minor | `3.3.2` -\> `3.4.1` | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.3.2` -\> `3.4.1` | | [org.eclipse.parsson:parsson](https://github.com/eclipse-ee4j/parsson) | compile | patch | `1.1.2` -\> `1.1.4` | | [io.smallrye.common:smallrye-common-constraint](http://smallrye.io) ([source](https://github.com/smallrye/smallrye-common)) | compile | patch | `2.1.0` -\> `2.1.2` | --- ### Release Notes <details> <summary>quarkusio/quarkus</summary> ### [`v3.4.1`](https://github.com/quarkusio/quarkus/releases/tag/3.4.1) [Compare Source](quarkusio/quarkus@3.4.0...3.4.1) ##### Major changes - [\#35732](quarkusio/quarkus#35732) - Rework how to enable/activate Flyway ##### Complete changelog - [\#36000](quarkusio/quarkus#36000) - Bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r in /docs - [\#35999](quarkusio/quarkus#35999) - Bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r in /bom/application - [\#35990](quarkusio/quarkus#35990) - Don't ignore empty SSE events in client - [\#35987](quarkusio/quarkus#35987) - Improve the way HTTP authorizer logs exceptions - [\#35981](quarkusio/quarkus#35981) - Fix link to AWS Lambda SnapStart in documentation - [\#35979](quarkusio/quarkus#35979) - Add `@ConfigDocEnumValue` & `@ConfigDocDefault` to writing-extensions guide - [\#35977](quarkusio/quarkus#35977) - Recompute cached value when the Redis connection fails - [\#35975](quarkusio/quarkus#35975) - OIDC: AuthenticationRedirectionException after successful login - [\#35968](quarkusio/quarkus#35968) - Warn when wrong token proxy is accessed - [\#35966](quarkusio/quarkus#35966) - SSE: Reactive SseEventSource client doesn't consume empty events - [\#35964](quarkusio/quarkus#35964) - OIDC: NPE when accessing IdToken when Bearer access token is sent - [\#35959](quarkusio/quarkus#35959) - Log invalid CORS origin and method - [\#35958](quarkusio/quarkus#35958) - \[GraalVM 24.0\] Hibernate ORM elasticsearch native integration tests fail with return type mismatch - [\#35956](quarkusio/quarkus#35956) - Fix return type of hibernate-search substitution - [\#35949](quarkusio/quarkus#35949) - Properly initialize reactive Pool beans - [\#35938](quarkusio/quarkus#35938) - Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0 in /bom/application - [\#35937](quarkusio/quarkus#35937) - Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0 in /independent-projects/tools - [\#35926](quarkusio/quarkus#35926) - Fix use of multiple `@ClientXXX` annotations in REST Client Reactive - [\#35925](quarkusio/quarkus#35925) - Add a property to bypass cache mechanism in case of Redis failure - [\#35919](quarkusio/quarkus#35919) - Honor OIDC logout requests when ID token has expired - [\#35914](quarkusio/quarkus#35914) - Prevent recording configuration coming from Gradle - [\#35900](quarkusio/quarkus#35900) - Fix RESTEasy CDI dependency issue - [\#35899](quarkusio/quarkus#35899) - Add note about unsupported `@Lock` in Spring Data JPA - [\#35895](quarkusio/quarkus#35895) - Update liquibase to 4.23.2, liquibase-mongodb to 4.23.1 - [\#35889](quarkusio/quarkus#35889) - UriInfo can not be injected in presence of quarkus-rest-client dependency - [\#35886](quarkusio/quarkus#35886) - OTel Scope.close() warning improvement - [\#35885](quarkusio/quarkus#35885) - Applying the QE feedback for the Logging guide - [\#35884](quarkusio/quarkus#35884) - Application fails to start when eactive restclient uses both ClientExceptionMapper and ClientObjectMapper - [\#35883](quarkusio/quarkus#35883) - Bring back the HTTP console commands - [\#35879](quarkusio/quarkus#35879) - Quarkus 3.4.0.CR1 does not have HTTP commands in dev mode - [\#35858](quarkusio/quarkus#35858) - NullPointerException when entity primary key has the type `byte[]` - [\#35777](quarkusio/quarkus#35777) - Add a note about HR not being a replacement for ORM - [\#35732](quarkusio/quarkus#35732) - Rework how to enable/activate Flyway - [\#35728](quarkusio/quarkus#35728) - OIDC logout not working for virtual callback paths, if id_token is expired but session cookie is present - [\#35690](quarkusio/quarkus#35690) - Upgrade to Hibernate ORM 6.2.9.Final and HR 2.0.5.Final - [\#35655](quarkusio/quarkus#35655) - Flyway does not work without default datasource 3.3 - [\#35528](quarkusio/quarkus#35528) - flyway with one supported and one unsupported Db throws exception at startup ### [`v3.4.0`](https://github.com/quarkusio/quarkus/releases/tag/3.4.0) [Compare Source](quarkusio/quarkus@3.3.3...3.4.0) ##### Complete changelog - [\#35888](quarkusio/quarkus#35888) - Restore missing parameters in OIDC Dev UI client cred and password SwaggerUI/GraphQL handlers - [\#35870](quarkusio/quarkus#35870) - Use default Vert.x client settings in OTel exporters - [\#35866](quarkusio/quarkus#35866) - Automatic TLS support in new Vert.x based open telemetry implementation - [\#35862](quarkusio/quarkus#35862) - Only remove OTLP trace services when otlp is not configured - [\#35846](quarkusio/quarkus#35846) - Fixes aggregation of configurations with two different executions ids - [\#35844](quarkusio/quarkus#35844) - Improve description of the duration format in configuration documentation - [\#35840](quarkusio/quarkus#35840) - Updates Infinispan to 14.0.17.Final - [\#35831](quarkusio/quarkus#35831) - Quarkus aggregate configurations from different executions that share the same goal - [\#35822](quarkusio/quarkus#35822) - Check that embedded property types are marked as `@Embeddable` - [\#35817](quarkusio/quarkus#35817) - Improve Qute + Cache integration - [\#35804](quarkusio/quarkus#35804) - HTTP fix response compression support - [\#35792](quarkusio/quarkus#35792) - Do not include in the list of property names Kubernetes config fallbacks - [\#35789](quarkusio/quarkus#35789) - Improve OTel Sampler docs - [\#35786](quarkusio/quarkus#35786) - OpenTelemetry exporter (otlp) startup dependency error when running as a Docker container image - [\#35784](quarkusio/quarkus#35784) - Document the ability to automatically compress rotated log files - [\#35778](quarkusio/quarkus#35778) - Fix generic handling of ParamConverter - [\#35774](quarkusio/quarkus#35774) - RESTEasy Reactive fails to handle collections of parameterized types as parameter - [\#35764](quarkusio/quarkus#35764) - Do not include revision and host-specific info in MANIFEST.MF - [\#35762](quarkusio/quarkus#35762) - Delete temporary openshift files - [\#35759](quarkusio/quarkus#35759) - Upgrade Smallrye OpenAPI to 3.5.2 - [\#35757](quarkusio/quarkus#35757) - Update liquibase from 4.20.0 to 4.23.1, liquibase-mongodb to 4.23.0 - [\#35747](quarkusio/quarkus#35747) - Large files remain in /tmp after OpenShift deployments - [\#35726](quarkusio/quarkus#35726) - Improve matching of config properties to a root - [\#35722](quarkusio/quarkus#35722) - Since quarkus 3.3.0 a WARN message unrecognized configuration key "quarkus.kubernetes.route.expose" is logged - [\#35718](quarkusio/quarkus#35718) - Packs libraries alongside executable in function.zip - [\#35713](quarkusio/quarkus#35713) - AWS Lambda extension does not pack necessary .so files when AWT is used - [\#35710](quarkusio/quarkus#35710) - Fix potential NPE in HTTP proxying - [\#35706](quarkusio/quarkus#35706) - Azure-Functions crash when X-Forwarded headers are enabled java.lang.NullPointerException - [\#35599](quarkusio/quarkus#35599) - Keycloak/Quarkus Issues: Dev and Prod - [\#35598](quarkusio/quarkus#35598) - Improve Error-Message for missing Embedabbles - [\#35558](quarkusio/quarkus#35558) - Widen conditions under RESTEasy Reactive Server and RESTEasy Classic Client can work together - [\#12260](quarkusio/quarkus#12260) - Quarkus logging with compress option ### [`v3.3.3`](https://github.com/quarkusio/quarkus/releases/tag/3.3.3) [Compare Source](quarkusio/quarkus@3.3.2...3.3.3) ##### Complete changelog - Fixes CVE-2023-4853 - [\#35490](quarkusio/quarkus#35490) - Build cache - Improve cachability of service binding tests </details> <details> <summary>eclipse-ee4j/parsson</summary> ### [`v1.1.4`](eclipse-ee4j/parsson@1.1.3...1.1.4) [Compare Source](eclipse-ee4j/parsson@1.1.3...1.1.4) ### [`v1.1.3`](https://github.com/eclipse-ee4j/parsson/releases/tag/1.1.3): Parsson 1.1.3 [Compare Source](eclipse-ee4j/parsson@1.1.2...1.1.3) #### What's Changed - 1\.1.2 release by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#89 - [\#91](eclipse-ee4j/parsson#91): Stack overflow error caused by jakarta.json parsing of untrusted JSON String by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#92 - update build plugins by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#93 - improve compatibility with OSGi mediator by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#96 - [\#77](eclipse-ee4j/parsson#77): JsonTokenizer.close() recycles its buffer for each call to close() by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#97 - [\#90](eclipse-ee4j/parsson#90): MapUtil.handle does not support Array objects by [@lukasj](https://github.com/lukasj) in eclipse-ee4j/parsson#98 **Full Changelog**: eclipse-ee4j/parsson@1.1.2...1.1.3 </details> <details> <summary>smallrye/smallrye-common</summary> ### [`v2.1.2`](https://github.com/smallrye/smallrye-common/releases/tag/2.1.2) [Compare Source](smallrye/smallrye-common@2.1.1...2.1.2) - [\#243](smallrye/smallrye-common#243) Release 2.1.2 - [\#242](smallrye/smallrye-common#242) Fix substitutions for Windows OS - [\#241](smallrye/smallrye-common#241) GraalVM substitution problem on Windows - [\#240](smallrye/smallrye-common#240) Bump version.vertx from 4.4.4 to 4.4.5 ### [`v2.1.1`](https://github.com/smallrye/smallrye-common/releases/tag/2.1.1) [Compare Source](smallrye/smallrye-common@2.1.0...2.1.1) - [\#239](smallrye/smallrye-common#239) Release 2.1.1 - [\#238](smallrye/smallrye-common#238) Allow reaper threads to be started at run time - [\#237](smallrye/smallrye-common#237) Bump io.sundr:sundr-maven-plugin from 0.100.1 to 0.100.3 - [\#236](smallrye/smallrye-common#236) Bump org.apache.maven:maven-artifact from 3.9.3 to 3.9.4 - [\#234](smallrye/smallrye-common#234) Bump version.graalvm from 22.3.2 to 23.0.1 - [\#233](smallrye/smallrye-common#233) Bump module-info from 2.0 to 2.1 - [\#232](smallrye/smallrye-common#232) Bump sundr-maven-plugin from 0.95.0 to 0.100.1 - [\#231](smallrye/smallrye-common#231) Bump maven-artifact from 3.9.2 to 3.9.3 - [\#230](smallrye/smallrye-common#230) Bump version.vertx from 4.4.3 to 4.4.4 - [\#227](smallrye/smallrye-common#227) Bump smallrye-parent from 39 to 40 - [\#226](smallrye/smallrye-common#226) Bump version.vertx from 4.4.1 to 4.4.3 - [\#225](smallrye/smallrye-common#225) Bump sundr-maven-plugin from 0.94.0 to 0.95.0 - [\#222](smallrye/smallrye-common#222) Bump maven-artifact from 3.9.0 to 3.9.2 - [\#221](smallrye/smallrye-common#221) Port quiet(...) and cast(...) methods from wildfly-common - [\#220](smallrye/smallrye-common#220) Bump version.graalvm from 22.3.1 to 22.3.2 - [\#218](smallrye/smallrye-common#218) Bump version.vertx from 4.4.0 to 4.4.1 - [\#217](smallrye/smallrye-common#217) Bump asm from 9.4 to 9.5 - [\#216](smallrye/smallrye-common#216) Support unsigned parameter range checks - [\#214](smallrye/smallrye-common#214) Bump version.vertx from 4.3.8 to 4.4.0 </details> --- ### Configuration :date: **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). :vertical_traffic_light: **Automerge**: Enabled. :recycle: **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. :ghost: **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- * [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [io.hypersistence:hypersistence-utils-hibernate-62](https://github.com/vladmihalcea/hypersistence-utils) | compile | patch | `3.5.2` -> `3.5.3` | | [org.hibernate.orm:hibernate-envers](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | patch | `6.3.0.Final` -> `6.3.1.Final` | | [org.hibernate.orm:hibernate-core](https://hibernate.org/orm) ([source](https://github.com/hibernate/hibernate-orm)) | build | patch | `6.3.0.Final` -> `6.3.1.Final` | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.3.3` -> `3.4.1` | | [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | minor | `3.3.3` -> `3.4.1` | --- ### Release Notes <details> <summary>vladmihalcea/hypersistence-utils</summary> ### [`v3.5.3`](https://github.com/vladmihalcea/hypersistence-utils/blob/HEAD/changelog.txt#Version-353---September-19-2023) \================================================================================ Add QueryStackTraceLogger that allows you to locate the source of an SQL query executed by Hibernate [#​653](vladmihalcea/hypersistence-utils#653) </details> <details> <summary>hibernate/hibernate-orm</summary> ### [`v6.3.1.Final`](https://github.com/hibernate/hibernate-orm/blob/HEAD/changelog.txt#Changes-in-631Final-September-19-2023) [Compare Source](hibernate/hibernate-orm@6.3.0...6.3.1) https://hibernate.atlassian.net/projects/HHH/versions/32188 \*\* Bug \* \[HHH-17221] - AssertionError initializing a collection with FetchMode.SUBSELECT and IdClass having only one field \* \[HHH-17203] - ElementCollection doesn't consider [@​Where](https://github.com/Where) annotation on delete of elements \* \[HHH-17202] - ArrayStoreException for single field id class entity collection batch loading \* \[HHH-17201] - Unexpected value type exception for unordered multi id Load with ordered return disable \* \[HHH-17189] - Audited annotations are ignored on embeddable super types \* \[HHH-17177] - JDBC type code is ignored in XML mapping for an id attribute \* \[HHH-17173] - Getting one-to-one association through a referenece to a bytecode enhanced entity fails \* \[HHH-17168] - Investigate failures on db10\_5 and Cockrachdb of FunctionTests.testCastBinaryWithLength \* \[HHH-17167] - Unable to locate parameter for RESTRICT - DELETE error when removing entity with RowId \* \[HHH-17166] - query methods returning primitive types incorrectly inferred to be mutation query methods \* \[HHH-17165] - short method names in metamodel generator cause SIOBE \* \[HHH-17163] - persist() should throw JPA's EntityExistsException if passed detached instance \* \[HHH-17159] - java.lang.StackOverflowError during Update on Entity with Embeddable and JSON \* \[HHH-17156] - NPE when an Embeddable column is reused in another class related by inheritance \* \[HHH-17154] - NullPointerException is thrown when constructing EntityManagerFactoryBuilderImpl \* \[HHH-17135] - CriteriaQuery error passing nullLiteral with entity type class \* \[HHH-17131] - Regression in entity streams with associated collections resulting in result duplication \* \[HHH-17105] - SQL clause from [@​WhereJoinTable](https://github.com/WhereJoinTable) is no longer used for DELETE queries (6.2 regression) \* \[HHH-17104] - Bug with max() request inside projection \* \[HHH-17100] - CustomType wrongly calls UserType#disassemble \* \[HHH-17080] - \[Envers] AuditReader.getRevisionNumberForDate(LocalDateTime) uses Epoch Seconds instead of Epoch Millis \* \[HHH-17079] - NPE when using CompositeUserType with generic fields in Hibernate 6 \* \[HHH-17049] - Bytecode Enhancement, extra records created for associations created in constructor \* \[HHH-16945] - CTE query cycle attribute evaluated incorrectly on MSSQL using collation "Latin1\_General_CI_AS" \* \[HHH-15968] - Sporadic ClassCastException when querying for Set<Enum>. \*\* Improvement \* \[HHH-17220] - Avoid runtime lookups of JdbcService from TableGenerator and TableStructure \* \[HHH-17171] - JPA and multiple query roots \* \[HHH-16768] - HQL parsed predicates don't validate type comparability \*\* Task \* \[HHH-17204] - Relax visibility of some methods for reactive upsert() support \* \[HHH-17187] - Avoid 0 byte trailing UUID's in tests \* \[HHH-17160] - Gradle 8.3 upgrade \* \[HHH-17087] - Update container images to the latest version </details> <details> <summary>quarkusio/quarkus</summary> ### [`v3.4.1`](https://github.com/quarkusio/quarkus/releases/tag/3.4.1) [Compare Source](quarkusio/quarkus@3.4.0...3.4.1) ##### Major changes - [#​35732](quarkusio/quarkus#35732) - Rework how to enable/activate Flyway ##### Complete changelog - [#​36000](quarkusio/quarkus#36000) - Bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r in /docs - [#​35999](quarkusio/quarkus#35999) - Bump org.eclipse.jgit:org.eclipse.jgit from 6.6.0.202305301015-r to 6.6.1.202309021850-r in /bom/application - [#​35990](quarkusio/quarkus#35990) - Don't ignore empty SSE events in client - [#​35987](quarkusio/quarkus#35987) - Improve the way HTTP authorizer logs exceptions - [#​35981](quarkusio/quarkus#35981) - Fix link to AWS Lambda SnapStart in documentation - [#​35979](quarkusio/quarkus#35979) - Add `@ConfigDocEnumValue` & `@ConfigDocDefault` to writing-extensions guide - [#​35977](quarkusio/quarkus#35977) - Recompute cached value when the Redis connection fails - [#​35975](quarkusio/quarkus#35975) - OIDC: AuthenticationRedirectionException after successful login - [#​35968](quarkusio/quarkus#35968) - Warn when wrong token proxy is accessed - [#​35966](quarkusio/quarkus#35966) - SSE: Reactive SseEventSource client doesn't consume empty events - [#​35964](quarkusio/quarkus#35964) - OIDC: NPE when accessing IdToken when Bearer access token is sent - [#​35959](quarkusio/quarkus#35959) - Log invalid CORS origin and method - [#​35958](quarkusio/quarkus#35958) - \[GraalVM 24.0] Hibernate ORM elasticsearch native integration tests fail with return type mismatch - [#​35956](quarkusio/quarkus#35956) - Fix return type of hibernate-search substitution - [#​35949](quarkusio/quarkus#35949) - Properly initialize reactive Pool beans - [#​35938](quarkusio/quarkus#35938) - Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0 in /bom/application - [#​35937](quarkusio/quarkus#35937) - Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0 in /independent-projects/tools - [#​35926](quarkusio/quarkus#35926) - Fix use of multiple `@ClientXXX` annotations in REST Client Reactive - [#​35925](quarkusio/quarkus#35925) - Add a property to bypass cache mechanism in case of Redis failure - [#​35919](quarkusio/quarkus#35919) - Honor OIDC logout requests when ID token has expired - [#​35914](quarkusio/quarkus#35914) - Prevent recording configuration coming from Gradle - [#​35900](quarkusio/quarkus#35900) - Fix RESTEasy CDI dependency issue - [#​35899](quarkusio/quarkus#35899) - Add note about unsupported `@Lock` in Spring Data JPA - [#​35895](quarkusio/quarkus#35895) - Update liquibase to 4.23.2, liquibase-mongodb to 4.23.1 - [#​35889](quarkusio/quarkus#35889) - UriInfo can not be injected in presence of quarkus-rest-client dependency - [#​35886](quarkusio/quarkus#35886) - OTel Scope.close() warning improvement - [#​35885](quarkusio/quarkus#35885) - Applying the QE feedback for the Logging guide - [#​35884](quarkusio/quarkus#35884) - Application fails to start when eactive restclient uses both ClientExceptionMapper and ClientObjectMapper - [#​35883](quarkusio/quarkus#35883) - Bring back the HTTP console commands - [#​35879](quarkusio/quarkus#35879) - Quarkus 3.4.0.CR1 does not have HTTP commands in dev mode - [#​35858](quarkusio/quarkus#35858) - NullPointerException when entity primary key has the type `byte[]` - [#​35777](quarkusio/quarkus#35777) - Add a note about HR not being a replacement for ORM - [#​35732](quarkusio/quarkus#35732) - Rework how to enable/activate Flyway - [#​35728](quarkusio/quarkus#35728) - OIDC logout not working for virtual callback paths, if id_token is expired but session cookie is present - [#​35690](quarkusio/quarkus#35690) - Upgrade to Hibernate ORM 6.2.9.Final and HR 2.0.5.Final - [#​35655](quarkusio/quarkus#35655) - Flyway does not work without default datasource 3.3 - [#​35528](quarkusio/quarkus#35528) - flyway with one supported and one unsupported Db throws exception at startup ### [`v3.4.0`](https://github.com/quarkusio/quarkus/releases/tag/3.4.0) [Compare Source](quarkusio/quarkus@3.3.3...3.4.0) ##### Complete changelog - [#​35888](quarkusio/quarkus#35888) - Restore missing parameters in OIDC Dev UI client cred and password SwaggerUI/GraphQL handlers - [#​35870](quarkusio/quarkus#35870) - Use default Vert.x client settings in OTel exporters - [#​35866](quarkusio/quarkus#35866) - Automatic TLS support in new Vert.x based open telemetry implementation - [#​35862](quarkusio/quarkus#35862) - Only remove OTLP trace services when otlp is not configured - [#​35846](quarkusio/quarkus#35846) - Fixes aggregation of configurations with two different executions ids - [#​35844](quarkusio/quarkus#35844) - Improve description of the duration format in configuration documentation - [#​35840](quarkusio/quarkus#35840) - Updates Infinispan to 14.0.17.Final - [#​35831](quarkusio/quarkus#35831) - Quarkus aggregate configurations from different executions that share the same goal - [#​35822](quarkusio/quarkus#35822) - Check that embedded property types are marked as `@Embeddable` - [#​35817](quarkusio/quarkus#35817) - Improve Qute + Cache integration - [#​35804](quarkusio/quarkus#35804) - HTTP fix response compression support - [#​35792](quarkusio/quarkus#35792) - Do not include in the list of property names Kubernetes config fallbacks - [#​35789](quarkusio/quarkus#35789) - Improve OTel Sampler docs - [#​35786](quarkusio/quarkus#35786) - OpenTelemetry exporter (otlp) startup dependency error when running as a Docker container image - [#​35784](quarkusio/quarkus#35784) - Document the ability to automatically compress rotated log files - [#​35778](quarkusio/quarkus#35778) - Fix generic handling of ParamConverter - [#​35774](quarkusio/quarkus#35774) - RESTEasy Reactive fails to handle collections of parameterized types as parameter - [#​35764](quarkusio/quarkus#35764) - Do not include revision and host-specific info in MANIFEST.MF - [#​35762](quarkusio/quarkus#35762) - Delete temporary openshift files - [#​35759](quarkusio/quarkus#35759) - Upgrade Smallrye OpenAPI to 3.5.2 - [#​35757](quarkusio/quarkus#35757) - Update liquibase from 4.20.0 to 4.23.1, liquibase-mongodb to 4.23.0 - [#​35747](quarkusio/quarkus#35747) - Large files remain in /tmp after OpenShift deployments - [#​35726](quarkusio/quarkus#35726) - Improve matching of config properties to a root - [#​35722](quarkusio/quarkus#35722) - Since quarkus 3.3.0 a WARN message unrecognized configuration key "quarkus.kubernetes.route.expose" is logged - [#​35718](quarkusio/quarkus#35718) - Packs libraries alongside executable in function.zip - [#​35713](quarkusio/quarkus#35713) - AWS Lambda extension does not pack necessary .so files when AWT is used - [#​35710](quarkusio/quarkus#35710) - Fix potential NPE in HTTP proxying - [#​35706](quarkusio/quarkus#35706) - Azure-Functions crash when X-Forwarded headers are enabled java.lang.NullPointerException - [#​35599](quarkusio/quarkus#35599) - Keycloak/Quarkus Issues: Dev and Prod - [#​35598](quarkusio/quarkus#35598) - Improve Error-Message for missing Embedabbles - [#​35558](quarkusio/quarkus#35558) - Widen conditions under RESTEasy Reactive Server and RESTEasy Classic Client can work together - [#​12260](quarkusio/quarkus#12260) - Quarkus logging with compress option </details> <details> <summary>quarkusio/quarkus-platform</summary> ### [`v3.4.1`](quarkusio/quarkus-platform@3.3.3...3.4.1) [Compare Source](quarkusio/quarkus-platform@3.3.3...3.4.1) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
Describe the bug
So I notice a few things with the Keycloak application itself, both in dev mode and prod.
Dev Mode:
Authorize
button.Import existing Realm:
The client secret is not imported when importing an existing realm. This causes me to have to regenerate the secret and update all running applications in production. This is not good when we deploy a new server using our realm configuration.
The realms are created from the same version of Quarkus Keycloak. I've tried both 21.x and 22.x and the same thing.
The Dev Services in Quarkus 3.3.0 shows the same behavior.
I saw this post on Keycloak Github and wondering if this is by design or a bug? It effects the Dev Service as well as it doesn't import my client secrets It just makes the secret '******'
keycloak/keycloak#9201
Expected behavior
I should be able to log into Keycloak and also have all my information imported from an existing realm.
Actual behavior
No response
How to Reproduce?
Import issue:
Clients -> <Your client> -> Credentials
tab and notice the secret field contains "*******" and not your secret.Dev UI/ Swagger:
client_credentials
by clicking theAuthorize
button.Output of
uname -a
orver
No response
Output of
java -version
No response
GraalVM version (if different from Java)
No response
Quarkus version or git rev
3.3.0
Build tool (ie. output of
mvnw --version
orgradlew --version
)No response
Additional information
No response
The text was updated successfully, but these errors were encountered: