Google Git
Sign in
gerrit/plugins/oauth/8d467e99457466c71eb0ca9e661dd433f03a0123^!/.
commit
8d467e99457466c71eb0ca9e661dd433f03a0123
[log]
author
David Ostrovsky <david@ostrovsky.org>
Sun Apr 30 11:04:29 2023 +0200
committer
David Ostrovsky <david.ostrovsky@gmail.com>
Sun May 07 07:56:22 2023 +0000
tree
5cc339dd797854a4cd86ba22173174338ec34f18
parent
4bae1d7acc87f7dc1deca3813638bbc07ed5747f [diff]
Keycloak OAuth2 provider: adapt endpoint URL to Quarkus runtime

Starting from Keycloak release v17, the runtime was migrated to Quarkus.
As the consequence, the "/auth" prefix was removed from the default
context path. Romove the "/auth" prefix from endpoint URLs and mention
in the documentation how to restore previous behaviour for backwards
compatibility with legacy Keycloak releases.

[1]: https://www.keycloak.org/migration/migrating-to-quarkus

Change-Id: I8eef636b8104b6112b44692061621968f9ce6b15

diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java
index 21e0749..c533f29 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java

@@ -22,7 +22,7 @@
 
 public class KeycloakApi extends DefaultApi20 {
 
-  private static final String AUTHORIZE_URL = "%s/auth/realms/%s/protocol/openid-connect/auth";
+  private static final String AUTHORIZE_URL = "%s/realms/%s/protocol/openid-connect/auth";
 
   private final String rootUrl;
   private final String realm;
@@ -39,7 +39,7 @@
 
   @Override
   public String getAccessTokenEndpoint() {
-    return String.format("%s/auth/realms/%s/protocol/openid-connect/token", rootUrl, realm);
+    return String.format("%s/realms/%s/protocol/openid-connect/token", rootUrl, realm);
   }
 
   @Override

diff --git a/src/main/resources/Documentation/config.md b/src/main/resources/Documentation/config.md
index 8283b1f..fa66ba6 100644
--- a/src/main/resources/Documentation/config.md
+++ b/src/main/resources/Documentation/config.md

@@ -63,7 +63,9 @@
     link-to-existing-office365-accounts = true #Optional, if set will try to link old account with the @PLUGIN@-office365-oauth naming
 
   [plugin "@PLUGIN@-keycloak-oauth"]
-    root-url = "<root url>" # for example, https://signon.example.com
+    # Prior to Keycloak V17 /auth path must be added to the root-url, see this migration instruction:
+    # https://www.keycloak.org/migration/migrating-to-quarkus
+    root-url = "<root url>" # for example, https://signon.example.com, or https://signon.example.com/auth
     realm = "<realm>"
     client-id = "<client-id>"
     client-secret = "<client-secret>"