quarkusio · sberyozkin · Oct 31, 2024 · Oct 30, 2024
diff --git a/...idc-common/runtime/src/main/java/io/quarkus/oidc/common/OidcRequestContextProperties.java b/...idc-common/runtime/src/main/java/io/quarkus/oidc/common/OidcRequestContextProperties.java
@@ -19,22 +19,57 @@ public OidcRequestContextProperties(Map<String, Object> properties) {
         this.properties = properties;
     }
 
+    /**
+     * Get property value
+     *
+     * @param name property name
+     * @return property value
+     */
     public <T> T get(String name) {
         @SuppressWarnings("unchecked")
         T value = (T) properties.get(name);
         return value;
     }
 
+    /**
+     * Get property value as String
+     *
+     * @param name property name
+     * @return property value as String
+     */
     public String getString(String name) {
         return (String) get(name);
     }
 
+    /**
+     * Get typed property value
+     *
+     * @param name property name
+     * @param type property type
+     * @return typed property value
+     */
     public <T> T get(String name, Class<T> type) {
         return type.cast(get(name));
     }
 
+    /**
+     * Get an unmodifiable view of the current context properties.
+     *
+     * @return all properties
+     */
     public Map<String, Object> getAll() {
         return Collections.unmodifiableMap(properties);
     }
 
+    /**
+     * Set the property
+     *
+     * @param name property name
+     * @param value property value
+     * @return this OidcRequestContextProperties instance
+     */
+    public OidcRequestContextProperties put(String name, Object value) {
+        properties.put(name, value);
+        return this;
+    }
 }
diff --git a/...-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/TokenRequestResponseFilter.java b/...-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/TokenRequestResponseFilter.java
@@ -0,0 +1,49 @@
+package io.quarkus.it.keycloak;
+
+import java.time.Instant;
+import java.util.concurrent.ConcurrentHashMap;
+
+import jakarta.enterprise.context.ApplicationScoped;
+
+import org.jboss.logging.Logger;
+
+import io.quarkus.arc.Unremovable;
+import io.quarkus.oidc.common.OidcEndpoint;
+import io.quarkus.oidc.common.OidcEndpoint.Type;
+import io.quarkus.oidc.common.OidcRequestFilter;
+import io.quarkus.oidc.common.OidcResponseFilter;
+import io.quarkus.oidc.common.runtime.OidcConstants;
+import io.quarkus.oidc.runtime.OidcUtils;
+
+@ApplicationScoped
+@Unremovable
+@OidcEndpoint(value = Type.TOKEN)
+public class TokenRequestResponseFilter implements OidcRequestFilter, OidcResponseFilter {
+    private static final Logger LOG = Logger.getLogger(TokenRequestResponseFilter.class);
+
+    private ConcurrentHashMap<String, Instant> instants = new ConcurrentHashMap<>();
+
+    @Override
+    public void filter(OidcRequestContext rc) {
+        final Instant now = Instant.now();
+        instants.put(rc.contextProperties().get(OidcUtils.TENANT_ID_ATTRIBUTE), now);
+        rc.contextProperties().put("instant", now);
+    }
+
+    @Override
+    public void filter(OidcResponseContext rc) {
+        Instant instant1 = instants.remove(rc.requestProperties().get(OidcUtils.TENANT_ID_ATTRIBUTE));
+        Instant instant2 = rc.requestProperties().get("instant");
+        boolean instantsAreTheSame = instant1 == instant2;
+        if (rc.statusCode() == 200
+                && instantsAreTheSame
+                && rc.responseHeaders().get("Content-Type").equals("application/json")
+                && OidcConstants.AUTHORIZATION_CODE.equals(rc.requestProperties().get(OidcConstants.GRANT_TYPE))
+                && "code-flow-user-info-github-cached-in-idtoken"
+                        .equals(rc.requestProperties().get(OidcUtils.TENANT_ID_ATTRIBUTE))) {
+            LOG.debug("Authorization code completed for tenant 'code-flow-user-info-github-cached-in-idtoken' in an instant: "
+                    + instantsAreTheSame);
+        }
+    }
+
+}
diff --git a/...gration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/TokenResponseFilter.java b/...gration-tests/oidc-wiremock/src/main/java/io/quarkus/it/keycloak/TokenResponseFilter.java
diff --git a/integration-tests/oidc-wiremock/src/main/resources/application.properties b/integration-tests/oidc-wiremock/src/main/resources/application.properties
@@ -244,8 +244,8 @@ quarkus.log.category."io.quarkus.oidc.runtime.OidcProviderClient".min-level=TRAC
 quarkus.log.category."io.quarkus.oidc.runtime.OidcProviderClient".level=TRACE
 quarkus.log.category."io.quarkus.it.keycloak.SignedUserInfoResponseFilter".min-level=TRACE
 quarkus.log.category."io.quarkus.it.keycloak.SignedUserInfoResponseFilter".level=TRACE
-quarkus.log.category."io.quarkus.it.keycloak.TokenResponseFilter".min-level=TRACE
-quarkus.log.category."io.quarkus.it.keycloak.TokenResponseFilter".level=TRACE
+quarkus.log.category."io.quarkus.it.keycloak.TokenRequestResponseFilter".min-level=TRACE
+quarkus.log.category."io.quarkus.it.keycloak.TokenRequestResponseFilter".level=TRACE
 quarkus.log.file.enable=true
 quarkus.log.file.format=%C - %s%n
 

diff --git a/...n-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java b/...n-tests/oidc-wiremock/src/test/java/io/quarkus/it/keycloak/CodeFlowAuthorizationTest.java
@@ -467,7 +467,7 @@ public void run() throws Throwable {
                                 } else if (line.contains("Response contains signed UserInfo")) {
                                     signedUserInfoResponseFilterMessageDetected = true;
                                 } else if (line.contains(
-                                        "Authorization code completed for tenant 'code-flow-user-info-github-cached-in-idtoken'")) {
+                                        "Authorization code completed for tenant 'code-flow-user-info-github-cached-in-idtoken' in an instant: true")) {
                                     codeFlowCompletedResponseFilterMessageDetected = true;
                                 }
                                 if (lineConfirmingVerificationDetected