SecurityIdentityAugmentor JsonWebToken injection does not work

[sberyozkin]

Describe the bug
@wjglerum has reported that having

@Inject
JsonWebToken jwt;

@IdToken
@Inject
JsonWebToken idToken;

in a custom SecurityIdentityAugmentor does not work.

Expected behavior
both jwt and idToken are injected correctly

Actual behavior
ContextNotActiveException is reported

CC @mkouba @stuartwdouglas

[sberyozkin]

I wonder if Arc.container.instance(JsonWebToken.class) and Arc.container.instance(JsonWebToken.class, IdToken.class) should do ?

Though the direct injection should probably work. May be

@Inject
Instance<JsonWebToken> jwt;

?

[wjglerum]

That gives the same ContextNotActiveException as soon as I call get() on one of those instances.

[sberyozkin]

quarkus-oidc JsonWebToken producer is Request scoped but since a custom SecurityIdentityAugmentor is ApplicationScoped it should still work.
It works with ApplicationScoped JAX-RS endpoints...

Securityidentiy itself carries these tokens in a raw form as AccessTokenCredential and IdTokenCredential. We can add getToken(Class<?> cls) methods if the injection is not possible for some reasons

[wjglerum]

Yeah that's what surprises me, in JAX-RS resources/endpoints I can simply use injection when they are @ApplicationScoped. Having a getToken method on the identity could be useful indeed, I tried to get it from there too but it was not there.

I do see we can get the raw token from the identity using the getCredential(IdTokenCredential.class) method indeed, but we would have to parse it again manually as far as I understand.

Anything I could help with regarding that?

[stuartwdouglas]

This is expected behavior, the augmentors are used to build the identity, you can't inject it as it has not been built yet.

You should be able to just case the Principal on the identity you are augmenting to JsonWebToken.

[sberyozkin]

Hi @stuartwdouglas, @wjglerum Principal cast would only work for IdToken in case of the code flow, I think we may need to have some conversion support for AccessToken