Add "basic" to client scopes for auto generated client in keycloak devservice #46339
Conversation
…vservice to support sub in jwt
|
Thanks for your pull request! Your pull request does not follow our editorial rules. Could you have a look?
This message is automatically generated by a bot. |
|
Thanks @stephan-strate, I recall I was trying to get one of the existing test failing, asserting the sub claim is not null, and it was there but it might be related to the actual token grant which is used. Would it be possible for you to create a reproducer, simple HelloWorld returning a sub claim value and empty application.properties, and test asserting this subject is not null. Maybe the simplest is to copy and paste https://github.com/quarkusio/quarkus-quickstarts/blob/main/security-openid-connect-quickstart, remove everything from application.properties and have a basic test (the existing one already uses KeycloakTestClient) ? I'd just like to have a clearer understanding under which conditions a sub claim is not included |
|
Sure, there you go: |
There was a problem hiding this comment.
Thanks @stephan-strate for the reproducer, confirmed, sub is a pretty important claim for the tracing of the unique access token activity, ideally it would've been kept by default.
|
There a few tests which involve the client generated by default in the main branch but they are already rather complex. When the default is being generated, some properties likely to be missing that make Keycloak include this claim even without a directly enabled basic scope; adding it won't harm in any case |
Status for workflow
|
Following up on the discussion #44053, I have added the basic scope to the auto generated client.
I am unsure about testing, any suggestions?