Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-3158

Do not create session and PKCE encryption keys if only bearer tokens are expected

XMLWordPrintable

      Fixes #33475.

      Session cookie and PKCE verifier encryption keys are only relevant when Users are authenticating into `quarkus.oidc.application-type=web-app` or `quarkus.oidc.application-type=hybrid`, when Quarkus itself manages authorization code flow.

      This PR avoids creating such keys when only bearer tokens are expected - PKCE and session encryption will never be used in such cases.

              Unassigned Unassigned
              probinso_jira Quarkus JIRA Bot
              Michal Vavrik Michal Vavrik
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: