security-openid-connect-quickstart and AWS Cognito

[aosama]

We have tried the exact same approach in this sample project security-openid-connect-quickstart with AWS Cogniot and could not get it to work based on the guidance in this example and the article.

The REST endpoint implemented in quarkus that is inside the class "UsersResource" having REST path of "/me" will always return 401 if the bearer token exists regardless of what type of annotation it has.

Would recommend to explain in the article how can one debug the reasons behind OIDC giving unauthorized ..... for example is it because BEARER toke expired? or is it because signature verification failure? or any debug log that tells us as developers the reason behind the authorization failure.

Having such logs would help trouble shoot why an endpoint refuse to serve the request based on OIDC.

[sberyozkin]

@aosama

Sorry for a delay

Can you please add

quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".min-level=TRACE
quarkus.log.category."io.quarkus.oidc.runtime.OidcProvider".level=TRACE

will also update the docs, thanks

[sberyozkin]

@aosama Docs have been updated: quarkusio/quarkus#17210