Avoid detecting the container runtime in OIDC Dev Services

We check this condition last so that we can avoid detecting the
container if not needed.

It will avoid issues with integration-tests/oidc-wiremock on GitHub
Actions Windows runners.

Author: gsmet

extensions/devservices/oidc/src/main/java/io/quarkus/devservices/oidc/OidcDevServicesProcessor.java

@@ -145,10 +145,6 @@ private static boolean shouldNotStartServer(OidcDevServicesConfig devServicesCon
             LOG.debug("Not starting Dev Services for OIDC as it has been disabled in the config");
             return true;
         }
-        if (devServicesConfig.enabled().isEmpty() && dockerStatusBuildItem.isContainerRuntimeAvailable()) {
-            LOG.debug("Not starting Dev Services for OIDC as detected support the container functionality");
-            return true;
-        }
         if (!isOidcEnabled()) {
             LOG.debug("Not starting Dev Services for OIDC as OIDC extension has been disabled in the config");
             return true;
@@ -165,6 +161,11 @@ private static boolean shouldNotStartServer(OidcDevServicesConfig devServicesCon
             LOG.debug("Not starting Dev Services for OIDC as 'quarkus.oidc.provider' has been provided");
             return true;
         }
+        if (devServicesConfig.enabled().isEmpty() && dockerStatusBuildItem.isContainerRuntimeAvailable()) {
+            LOG.debug(
+                    "Not starting Dev Services for OIDC as a container runtime is available and a Keycloak Dev Services will be started");
+            return true;
+        }
         return false;
     }
 

integration-tests/oidc-wiremock/src/main/resources/application.properties

@@ -14,7 +14,7 @@ quarkus.oidc.no-discovery.client-id=quarkus-app
 quarkus.oidc.no-discovery.credentials.secret=secret
 quarkus.oidc.no-discovery.authentication.scopes=profile,email,phone
 
-quarkus.oidc.code-flow.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow.client-id=quarkus-web-app
 quarkus.oidc.code-flow.authentication.user-info-required=false
 quarkus.oidc.code-flow.authentication.verify-access-token=false
@@ -28,7 +28,7 @@ quarkus.oidc.code-flow.token.audience=https://id.server.example.com
 quarkus.oidc.code-flow.token.refresh-expired=true
 quarkus.oidc.code-flow.token.refresh-token-time-skew=5M
 
-quarkus.oidc.code-flow-verify-id-and-access-tokens.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-verify-id-and-access-tokens.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-verify-id-and-access-tokens.client-id=quarkus-web-app
 quarkus.oidc.code-flow-verify-id-and-access-tokens.authentication.user-info-required=false
 quarkus.oidc.code-flow-verify-id-and-access-tokens.authentication.verify-access-token=true
@@ -37,49 +37,49 @@ quarkus.oidc.code-flow-verify-id-and-access-tokens.application-type=web-app
 quarkus.oidc.code-flow-verify-id-and-access-tokens.token.audience=any
 
 quarkus.oidc.code-flow-opaque-access-token.provider=github
-quarkus.oidc.code-flow-opaque-access-token.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-opaque-access-token.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-opaque-access-token.authorization-path=/
-quarkus.oidc.code-flow-opaque-access-token.token-path=${keycloak.url}/realms/quarkus/opaque-access-token
+quarkus.oidc.code-flow-opaque-access-token.token-path=${keycloak.url:replaced-by-test-resource}/realms/quarkus/opaque-access-token
 quarkus.oidc.code-flow-opaque-access-token.user-info-path=protocol/openid-connect/userinfo
 quarkus.oidc.code-flow-opaque-access-token.client-id=quarkus-web-app
 quarkus.oidc.code-flow-opaque-access-token.credentials.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
 quarkus.oidc.code-flow-opaque-access-token.tenant-paths=/code-flow-opaque-access-token/*
 
-quarkus.oidc.code-flow-encrypted-id-token-jwk.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-encrypted-id-token-jwk.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-encrypted-id-token-jwk.client-id=quarkus-web-app
 quarkus.oidc.code-flow-encrypted-id-token-jwk.credentials.secret=secret
 quarkus.oidc.code-flow-encrypted-id-token-jwk.application-type=web-app
-quarkus.oidc.code-flow-encrypted-id-token-jwk.token-path=${keycloak.url}/realms/quarkus/encrypted-id-token
+quarkus.oidc.code-flow-encrypted-id-token-jwk.token-path=${keycloak.url:replaced-by-test-resource}/realms/quarkus/encrypted-id-token
 quarkus.oidc.code-flow-encrypted-id-token-jwk.token.decryption-key-location=privateKeyEncryptedIdToken.jwk
 quarkus.oidc.code-flow-encrypted-id-token-jwk.token.audience=https://server.example.com
 quarkus.oidc.code-flow-encrypted-id-token-jwk.token-state-manager.encryption-algorithm=dir
 
-quarkus.oidc.code-flow-encrypted-id-token-pem.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-encrypted-id-token-pem.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-encrypted-id-token-pem.client-id=quarkus-web-app
 quarkus.oidc.code-flow-encrypted-id-token-pem.credentials.secret=secret
 quarkus.oidc.code-flow-encrypted-id-token-pem.application-type=web-app
 quarkus.oidc.code-flow-encrypted-id-token-pem.token-path=encrypted-id-token
 quarkus.oidc.code-flow-encrypted-id-token-pem.token.decryption-key-location=privateKey.pem
 quarkus.oidc.code-flow-encrypted-id-token-pem.token.audience=any
 
-quarkus.oidc.code-flow-form-post.auth-server-url=${keycloak.url}/realms/quarkus-form-post/
+quarkus.oidc.code-flow-form-post.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus-form-post/
 quarkus.oidc.code-flow-form-post.authentication.user-info-required=false
 quarkus.oidc.code-flow-form-post.client-id=quarkus-web-app
 quarkus.oidc.code-flow-form-post.credentials.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
 quarkus.oidc.code-flow-form-post.application-type=web-app
 quarkus.oidc.code-flow-form-post.authentication.response-mode=form_post
 quarkus.oidc.code-flow-form-post.discovery-enabled=false
-# redirect the user to ${keycloak.url}/realms/quarkus-form-post/ which will respond with form post data
+# redirect the user to ${keycloak.url:replaced-by-test-resource}/realms/quarkus-form-post/ which will respond with form post data
 quarkus.oidc.code-flow-form-post.authorization-path=/
 # reuse the wiremock access token stub for the `quarkus` realm - it is the same for the query and form post response mode
-quarkus.oidc.code-flow-form-post.token-path=${keycloak.url}/realms/quarkus/token
+quarkus.oidc.code-flow-form-post.token-path=${keycloak.url:replaced-by-test-resource}/realms/quarkus/token
 # reuse the wiremock JWK endpoint stub for the `quarkus` realm - it is the same for the query and form post response mode
-quarkus.oidc.code-flow-form-post.jwks-path=${keycloak.url}/realms/quarkus/protocol/openid-connect/certs
+quarkus.oidc.code-flow-form-post.jwks-path=${keycloak.url:replaced-by-test-resource}/realms/quarkus/protocol/openid-connect/certs
 quarkus.oidc.code-flow-form-post.logout.backchannel.path=/back-channel-logout
 quarkus.oidc.code-flow-form-post.logout.frontchannel.path=/code-flow-form-post/front-channel-logout
 quarkus.oidc.code-flow-form-post.token.audience=https://server.example.com,https://id.server.example.com
 
-quarkus.oidc.code-flow-user-info-only.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-user-info-only.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-user-info-only.discovery-enabled=false
 quarkus.oidc.code-flow-user-info-only.authorization-path=/
 quarkus.oidc.code-flow-user-info-only.token-path=access_token
@@ -95,7 +95,7 @@ quarkus.oidc.code-flow-user-info-only.application-type=web-app
 quarkus.oidc.code-flow-user-info-github.provider=github
 quarkus.oidc.code-flow-user-info-github.authentication.internal-id-token-lifespan=7H
 quarkus.oidc.code-flow-user-info-github.authentication.verify-access-token=false
-quarkus.oidc.code-flow-user-info-github.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-user-info-github.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-user-info-github.authorization-path=/
 quarkus.oidc.code-flow-user-info-github.user-info-path=protocol/openid-connect/userinfo
 quarkus.oidc.code-flow-user-info-github.code-grant.extra-params.extra-param=extra-param-value
@@ -107,7 +107,7 @@ quarkus.oidc.code-flow-user-info-github.cache-user-info-in-idtoken=false
 quarkus.oidc.code-flow-user-info-github-cache-disabled.provider=github
 quarkus.oidc.code-flow-user-info-github-cache-disabled.authentication.internal-id-token-lifespan=7H
 quarkus.oidc.code-flow-user-info-github-cache-disabled.authentication.verify-access-token=false
-quarkus.oidc.code-flow-user-info-github-cache-disabled.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-user-info-github-cache-disabled.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-user-info-github-cache-disabled.authorization-path=/
 quarkus.oidc.code-flow-user-info-github-cache-disabled.user-info-path=protocol/openid-connect/userinfo
 quarkus.oidc.code-flow-user-info-github-cache-disabled.code-grant.extra-params.extra-param=extra-param-value
@@ -122,18 +122,18 @@ quarkus.oidc.bearer-user-info-github-service.token.principal-claim=preferred_use
 quarkus.oidc.bearer-user-info-github-service.token.verify-access-token-with-user-info=true
 quarkus.oidc.bearer-user-info-github-service.token.allow-jwt-introspection=false
 quarkus.oidc.bearer-user-info-github-service.application-type=service
-quarkus.oidc.bearer-user-info-github-service.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-user-info-github-service.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-user-info-github-service.user-info-path=github/userinfo
 quarkus.oidc.bearer-user-info-github-service.client-id=quarkus-web-app
 quarkus.oidc.bearer-user-info-github-service.credentials.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
 
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.provider=github
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.application-type=hybrid
-quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.authorization-path=/
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.token-path=access_token_refreshed
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.user-info-path=protocol/openid-connect/signeduserinfo
-quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.jwks-path=${keycloak.url}/realms/quarkus/protocol/openid-connect/certs
+quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.jwks-path=${keycloak.url:replaced-by-test-resource}/realms/quarkus/protocol/openid-connect/certs
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.code-grant.extra-params.extra-param=extra-param-value
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.code-grant.headers.X-Custom=XCustomHeaderValue
 quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.cache-user-info-in-idtoken=true
@@ -149,7 +149,7 @@ quarkus.oidc.code-flow-user-info-github-cached-in-idtoken.certificate-chain.trus
 
 quarkus.oidc.code-flow-token-introspection.provider=github
 quarkus.oidc.code-flow-token-introspection.token.verify-access-token-with-user-info=false
-quarkus.oidc.code-flow-token-introspection.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-token-introspection.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-token-introspection.authorization-path=/
 quarkus.oidc.code-flow-token-introspection.user-info-path=protocol/openid-connect/userinfo
 quarkus.oidc.code-flow-token-introspection.introspection-path=protocol/openid-connect/token/introspect
@@ -159,7 +159,7 @@ quarkus.oidc.code-flow-token-introspection.client-id=quarkus-web-app
 quarkus.oidc.code-flow-token-introspection.credentials.secret=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
 quarkus.oidc.code-flow-token-introspection.code-grant.headers.X-Custom=XTokenIntrospection
 
-quarkus.oidc.code-flow-token-introspection-expires-in.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.code-flow-token-introspection-expires-in.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.code-flow-token-introspection-expires-in.application-type=web-app
 quarkus.oidc.code-flow-token-introspection-expires-in.authentication.user-info-required=false
 quarkus.oidc.code-flow-token-introspection-expires-in.authorization-path=/
@@ -172,32 +172,32 @@ quarkus.oidc.code-flow-token-introspection-expires-in.credentials.secret=AyM1Sys
 
 quarkus.oidc.token-cache.max-size=1
 
-quarkus.oidc.bearer.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer.client-id=quarkus-app
 quarkus.oidc.bearer.credentials.secret=secret
 quarkus.oidc.bearer.token.audience=https://service.example.com
 quarkus.oidc.bearer.allow-token-introspection-cache=false
 
-quarkus.oidc.bearer-kid-or-chain.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-kid-or-chain.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-kid-or-chain.client-id=quarkus-app
 quarkus.oidc.bearer-kid-or-chain.credentials.secret=secret
 quarkus.oidc.bearer-kid-or-chain.token.audience=https://service.example.com
 quarkus.oidc.bearer-kid-or-chain.allow-token-introspection-cache=false
 quarkus.oidc.bearer-kid-or-chain.certificate-chain.trust-store-file=target/chain/truststore.p12
 quarkus.oidc.bearer-kid-or-chain.certificate-chain.trust-store-password=storepassword
 
-quarkus.oidc.bearer-id.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-id.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-id.client-id=quarkus-app
 quarkus.oidc.bearer-id.credentials.secret=secret
 quarkus.oidc.bearer-id.allow-token-introspection-cache=false
 quarkus.oidc.bearer-id.token.authorization-scheme=ID
 
-quarkus.oidc.bearer-required-algorithm.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-required-algorithm.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-required-algorithm.client-id=quarkus-app
 quarkus.oidc.bearer-required-algorithm.credentials.secret=secret
 quarkus.oidc.bearer-required-algorithm.token.signature-algorithm=PS256
 
-quarkus.oidc.bearer-permission-checker.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-permission-checker.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-permission-checker.client-id=quarkus-app
 quarkus.oidc.bearer-permission-checker.credentials.secret=secret
 quarkus.oidc.bearer-permission-checker.token.signature-algorithm=PS256
@@ -206,21 +206,21 @@ quarkus.oidc.bearer-azure.provider=microsoft
 quarkus.oidc.bearer-azure.authentication.user-info-required=false
 quarkus.oidc.bearer-azure.application-type=service
 quarkus.oidc.bearer-azure.discovery-enabled=false
-quarkus.oidc.bearer-azure.jwks-path=${keycloak.url}/azure/jwk
+quarkus.oidc.bearer-azure.jwks-path=${keycloak.url:replaced-by-test-resource}/azure/jwk
 quarkus.oidc.bearer-azure.jwks.resolve-early=false
 quarkus.oidc.bearer-azure.token.lifespan-grace=2147483647
 quarkus.oidc.bearer-azure.token.customizer-name=azure-access-token-customizer
 quarkus.oidc.bearer-azure.certificate-chain.trust-store-file=target/chain/truststore.p12
 quarkus.oidc.bearer-azure.certificate-chain.trust-store-password=storepassword
 
-quarkus.oidc.bearer-role-claim-path.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-role-claim-path.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-role-claim-path.client-id=quarkus-app
 quarkus.oidc.bearer-role-claim-path.credentials.secret=secret
 quarkus.oidc.bearer-role-claim-path.token.audience=https://service.example.com
 quarkus.oidc.bearer-role-claim-path.roles.role-claim-path="https://roles.example.com"
 quarkus.oidc.bearer-role-claim-path.allow-token-introspection-cache=false
 
-quarkus.oidc.bearer-no-introspection.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-no-introspection.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-no-introspection.client-id=quarkus-app
 quarkus.oidc.bearer-no-introspection.credentials.secret=secret
 quarkus.oidc.bearer-no-introspection.token.audience=https://service.example.com
@@ -237,7 +237,7 @@ quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chai
 quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.trust-store-password=storepassword
 quarkus.oidc.bearer-certificate-full-chain-root-only-wrongcname.certificate-chain.leaf-certificate-name=www.quarkusio.com
 
-quarkus.oidc.bearer-key-without-kid-thumbprint.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-key-without-kid-thumbprint.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-key-without-kid-thumbprint.authentication.user-info-required=false
 quarkus.oidc.bearer-key-without-kid-thumbprint.discovery-enabled=false
 quarkus.oidc.bearer-key-without-kid-thumbprint.jwks-path=single-key-without-kid-thumbprint
@@ -246,7 +246,7 @@ quarkus.oidc.bearer-key-without-kid-thumbprint.credentials.secret=secret
 quarkus.oidc.bearer-key-without-kid-thumbprint.token.audience=https://service.example.com
 quarkus.oidc.bearer-key-without-kid-thumbprint.token.allow-jwt-introspection=false
 
-quarkus.oidc.bearer-wrong-role-path.auth-server-url=${keycloak.url}/realms/quarkus/
+quarkus.oidc.bearer-wrong-role-path.auth-server-url=${keycloak.url:replaced-by-test-resource}/realms/quarkus/
 quarkus.oidc.bearer-wrong-role-path.client-id=quarkus-app
 quarkus.oidc.bearer-wrong-role-path.credentials.secret=secret
 quarkus.oidc.bearer-wrong-role-path.token.audience=https://service.example.com