Keycloak OAuth2 provider: adapt endpoint URL to Quarkus runtime
Starting from Keycloak release v17, the runtime was migrated to Quarkus.
As the consequence, the "/auth" prefix was removed from the default
context path. Romove the "/auth" prefix from endpoint URLs and mention
in the documentation how to restore previous behaviour for backwards
compatibility with legacy Keycloak releases.
[1]: https://www.keycloak.org/migration/migrating-to-quarkus
Change-Id: I8eef636b8104b6112b44692061621968f9ce6b15
diff --git a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java
index 21e0749..c533f29 100644
--- a/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java
+++ b/src/main/java/com/googlesource/gerrit/plugins/oauth/KeycloakApi.java
@@ -22,7 +22,7 @@
public class KeycloakApi extends DefaultApi20 {
- private static final String AUTHORIZE_URL = "%s/auth/realms/%s/protocol/openid-connect/auth";
+ private static final String AUTHORIZE_URL = "%s/realms/%s/protocol/openid-connect/auth";
private final String rootUrl;
private final String realm;
@@ -39,7 +39,7 @@
@Override
public String getAccessTokenEndpoint() {
- return String.format("%s/auth/realms/%s/protocol/openid-connect/token", rootUrl, realm);
+ return String.format("%s/realms/%s/protocol/openid-connect/token", rootUrl, realm);
}
@Override
diff --git a/src/main/resources/Documentation/config.md b/src/main/resources/Documentation/config.md
index 8283b1f..fa66ba6 100644
--- a/src/main/resources/Documentation/config.md
+++ b/src/main/resources/Documentation/config.md
@@ -63,7 +63,9 @@
link-to-existing-office365-accounts = true #Optional, if set will try to link old account with the @PLUGIN@-office365-oauth naming
[plugin "@PLUGIN@-keycloak-oauth"]
- root-url = "<root url>" # for example, https://signon.example.com
+ # Prior to Keycloak V17 /auth path must be added to the root-url, see this migration instruction:
+ # https://www.keycloak.org/migration/migrating-to-quarkus
+ root-url = "<root url>" # for example, https://signon.example.com, or https://signon.example.com/auth
realm = "<realm>"
client-id = "<client-id>"
client-secret = "<client-secret>"