JSF with SmallRye-JWT

[Denton Wood]

Is integrating SmallRye-JWT with JSF supported? We have a JSF 2.3 client running on WildFly 22.0.0.Final which we'd like to connect to Amazon Cognito using MP-JWT. However, I can't seem to get the integration working. darranl recommended I post here. Links with further details below:

Original GitHub issue: https://github.com/smallrye/smallrye-jwt/issues/440

WildFly JIRA issue: https://issues.redhat.com/browse/WFLY-14615

[Darran Lofthouse]

The MicroProfile JWT integration in WildFly should be usable with all web application deployments, it is just a different authentication mechanism being activated for the deployment.

[Denton Wood]

This may be outside the bounds of MP-JWT, but is there a way to specify an external URL for login? We currently have Keycloak integrated through the WildFly Keycloak integration. When someone tries to access the JSF client who isn't logged in, they are automatically redirected to the Keycloak login UI. I believe this is made possible by the keycloak.json file which is attached to the WAR. I'm looking for similar behavior from MP-JWT.

[Darran Lofthouse]

It sounds more like you are looking for OpenID connect support if you are looking for redirects, at the moment Keycloak is the main option here but we are also presently reviewing adding support ourselves which may make it easier for working with other identity providers.  MicroProfile JWT is really using tokens already available on the client.

[Denton Wood]

That's correct - sorry for the confusion. We want to move from OIDC attached to Keycloak to OIDC that is provider-agnostic (so we can work with Cognito). So this isn't natively supported right now but may be in the future?

[Darran Lofthouse]

Yes this may be supported in the future, we are currently evaluating the feasibility and what this would look like.

[Denton Wood]

Got it. Thanks so much for your help!