This should not happen. But it is very important that oidc config in production differs from the one used on other instances (e.g. dev). If this was the first cloning operation maybe the new config will stay the same from now on. Please check again after next clone.

Keycloak Data is in CO_EXT_KEYCLOAK.

Saving Keycloak json config does not make much sense since installing clients only will not work. Only full realm export/import is working (would override all client configs, <-- don't do...

Hi Anand! There are a lot of ways to test quarkus applications (including/mocking auth).

You can always get a "real" token for a real user with restassured, but i highly recommend not to do that, at least not against external auth server resources.

This might look something like this (simple oauth2):

  public static String getToken() {
    return RestAssured
        .given()
        .param("grant_type", "password")
        .param("username", "admin")
        .param("password...

I have good news regarding this problem. Next release of supersonic app template seperates conx version and quarkus version, so they can be independently be upgraded.

There are a few thins to consider:

• swagger is not deployed in production build by default (can be set in application.yml, https://quarkus.io/guides/openapi-swaggerui#quarkus-swaggerui_quarkus.swagger-ui.always-include)
• health/live endpoints are not routed via traefik proxy by default, you need to change your deployment stack file and add custom rules for that (checkout deployment/docker/<stack>.yml) and look for traefik rules in labels.
  • alsow swagger-ui and openapi endpoints nee...

It seems there is no framework component in version 1.2.0 yet for handling generic responses from backend. Hope there will be soon.

There is no AuthGaurd because everything auth related is handlend as interceptor. Should be less than a few lines to write one.

Hi, there will be examples for your use-case in the next update of our supersonic app. In the meantime you can have a look at the API documentation at https://public.api.campusonline.community/q/swagger-ui/?urls.primaryName=Auth-API%20(auth)#/Roles%20of%20identity. There should also be interfaces ready in java libraries, see pub-auth-api-*.

Example Code:

 @GET
  @Authenticated
  @Path("/read-access-for-app-for-someone-else")
  public PermissionResource getReadPermissionForAppFor...

I am afraid there is no right or easy answer to this question. Quarkus has an easy caching option https://quarkus.io/guides/cache, but it does not scale. There are a million solutions out there for caching. Depending on your needs there will be a ready to use framework. Some examples would be hibernate caching, infinispan, elastic search (index) and so many more. There is also a solution provided in conx-framework using browser cookies to cache roles and permissions. This might work only for ...

There would be a little disadvantage in not using the co-quarkus base image: the secret loader. This feature is only available in this image. If not using this image secrets must be saved in plain text in guid yaml. So it is not recommended to do so.

If you are interessted a pre release of version 2.0.0 is out which comes with a whole lot of improvements. Check the examples repository.

cheers luke

Hi Lukas!

We are so very sorry for that inconvenience. This is a temporary problem with some of our transitive dependencies. We are working on fixing this problem! In the meantime please exclude this dependency in your pom.xml:

<!--
        <dependency>
            <groupId>at.campusonline.conx.quarkus</groupId>
            <artifactId>campusonline-extension</artifactId>
            <version>${conx.quarkus.extension.version}</version>
        </dependency>
-->

as ...

From your log i can see that maven tries to download version: "unknown", please check your pom if you set the property correctly.

https://gitlab.campusonline.community/campusonline/conx-examples/-/blob/1.4.2/co-supersonic/pom.xml?ref_type=tags#L23

https://gitlab.campusonline.community/campusonline/conx-examples/-/blob/1.4.2/co-supersonic/pom.xml?ref_type=tags#L46

This is a common and widespread "problem" in scaled applications. There are thousand of solution, so there is no "right" answer for this. As a hint there is a feature when using quartz which is common and documented with quarkus: https://quarkus.io/guides/quartz

So it is up to you to read up on other solutions and find a fit for your case :)

Hi, we are implementing multiple rest clients with different auth server using multi-tenancy and ClientRequestFilter for getting tokens.

https://quarkus.io/guides/security-openid-connect-multitenancy#quarkus-oidc_quarkus.oidc.named-tenants-additional-named-tenants

Create a filter implementing ClientRequestFilter as can be found here:
https://quarkus.io/guides/security-openid-connect-client-reference#named-oidc-clients

Configure multiple tenants in application.json/application.yaml.
...

Which conx version are you using?

What is annotated on your Rest-APIs? @Authenticated (quarkus is expecting jwt as cookie in dot seperated format), @RolesAllowed (quarkus is expecting jwt as bearer in auth head).

Is your JWT a user session or back-channel auth?

Last check your setting in application.yml "conx->auth->session-type".

Take a look at https://quarkus.io/guides/container-image#quarkus-container-image_quarkus.container-image.group this should answer your question(s).

for native image build

stages:
  - build
  - notify

variables:
  MAVEN_OPTS: "-Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true"
  MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --no-transfer-progress --show-version -DdeployAtEnd=true"
  QUARKUS_JIB_BASE_REGISTRY_USERNAME: $DOCKER_USER
  QUARKUS_JIB_BASE_REGISTRY_PASSWORD: $DOCKER_PASSWORD
  QUARKUS_CONTAINER_IMAGE_USERNAME: $DOCKER_USER
  QUARKUS_CON...

Here is an "advanced" example of using an auth guard.

canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean | UrlTree> | Promise<boolean | UrlTree> | boolean | UrlTree {
    let newState: State = INITSTATE;

    return this.authService.session()
      .pipe(
        switchMap(resp => {
          if (resp.ok) {
            return this.userService.getUser();
          }
          return throwError("Forbidden");
        }),
        catchErr...

Language change (inside your application) is not affected by desktop APIs. It is a local feature. Perhaps some previous js errors lead to loading issues (check developer console).

Regarding angular 14 upgrade: Yes it is recommended to upgrade and rebuild is done by your dev environment (if set up in your angular.json and package.json) or you CI if you have. There should be guide for merging upstream changes. Coming soon in COnX Info

Hi Nils! I am very sorry but I am afraid this question is way too domain specific to be answered here. My advise is to contact CAMPUSonline Support directly with this question or ask CAMPUSonline responsible person at your university to delegate the question. Sorry for that bad news. cheers Luke