Description

Vert.x OIDC users are experiencing difficulties with migrating to Quarkus OIDC, likely due to the following reasons:

• Vert.x OIDC setup is programmatic and/or aligned with how routes are setup, while Quarkus OIDC setup is mainly configuration driven
• Vert.x OIDC prefers and only supports stateful session management as a security preference, Quarkus OIDC uses stateless (encrypted cookie) session management by default

Quarkus should provide probably two guides for Vert.x users who do not mind migrating to work with:

• Migration guide for migrating OIDC authorization code flow applications
• Migration guide for migrating OIDC bearer token applications

Implementation ideas

We can use either Quarkus Redis or DB state extension to support stateful sessions for migrating code flow applications. May be we can also ship a test module with a TokenStateManager bean to allow using in-mem session management during tests or devmode.

There should be no problems with migrating bearer token applications