Introduction to Quarkus Security by Sergey Beryozkin

In this session, we will introduce Quarkus and Quarkus Security Architecture and explain how it can help solve real world security requirements with Developer Joy remaining a Priority for the Quarkus Security team. We will show how you can develop and test services secured with OpenId Connect in Dev mode. You will learn how to customize a verified security identity, how to use both role and permission based access control, and combine multiple authentication mechanisms with annotations. You will be introduced to one of the most compact ways of generating signed, encrypted or both inner-signed and encrypted JSON Web Tokens, currently available to Quarkus but also SmallRye JWT users. We will finish the session with a demo showing how you can authenticate users with multiple OpenId Connect (OIDC) and OAuth2 providers with a simple configuration only, with many tricky provider specific requirements taken care of under the hood automatically, explain how many different OIDC tenant resolution policies work in Quarkus allowing users build the most complex OIDC provider combinations, and more. Hopefully you will agree after this talk that working with security in Quarkus is the new cool.