Is there a way to exclude some paths from the Quarkus OIDC verification

Question

I'm using the quarkus-oidc component to enforce the JWT token validation in calls to a microservice.

The point is there are some paths (/api/public/*) that can be invoked publicly (without needing an Authorization: Bearer JWT).

Is there a way to exclude paths from the token verification?

knutwannheden · Answer 1 · 2020-12-22T04:26:26.650

0

Based on the documentation you can disable authorization for select paths like this:

quarkus.http.auth.permission.permit1.paths=/api/public/*
quarkus.http.auth.permission.permit1.methods=GET,HEAD
quarkus.http.auth.permission.permit1.policy=permit

edited Dec 22 '20 at 04:26

answered Dec 21 '20 at 05:37

knutwannheden

680
4
7

Unfortunately I've added that configuration but public paths still return a 401: `HTTP/1.1 401 Unauthorized ` – codependent Dec 21 '20 at 09:32
Did you try adding the `methods` config as well? I've updated the answer accordingly. – knutwannheden Dec 22 '20 at 04:27
I just tried with the same result :( This may be a bug, I've opend an issue in github: https://github.com/quarkusio/quarkus/issues/14001 – codependent Dec 22 '20 at 09:34

Is there a way to exclude some paths from the Quarkus OIDC verification

1 Answers1