Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-3158

Do not create session and PKCE encryption keys if only bearer tokens are expected

    XMLWordPrintable

Details

    Description

      Fixes #33475.

      Session cookie and PKCE verifier encryption keys are only relevant when Users are authenticating into `quarkus.oidc.application-type=web-app` or `quarkus.oidc.application-type=hybrid`, when Quarkus itself manages authorization code flow.

      This PR avoids creating such keys when only bearer tokens are expected - PKCE and session encryption will never be used in such cases.

      Attachments

        Activity

          People

            Unassigned Unassigned
            probinso_jira Quarkus JIRA Bot
            Michal Vavrik Michal Vavrik
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: