diff --git a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java index 55396274e51a0..28510f5d4ee05 100644 --- a/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java +++ b/extensions/oidc/runtime/src/main/java/io/quarkus/oidc/runtime/CodeAuthenticationMechanism.java @@ -321,8 +321,9 @@ public Uni apply(Throwable t) { if (!expired) { LOG.errorf("ID token verification failure: %s", t.getCause()); - return Uni.createFrom() - .failure(new AuthenticationCompletionException(t.getCause())); + return removeSessionCookie(context, configContext.oidcConfig) + .replaceWith(Uni.createFrom() + .failure(new AuthenticationCompletionException(t.getCause()))); } // Token has expired, try to refresh if (session.getRefreshToken() == null) { diff --git a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java index abe8b76675f3c..a67cd4eb3f94e 100644 --- a/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java +++ b/integration-tests/oidc-code-flow/src/test/java/io/quarkus/it/keycloak/CodeFlowTest.java @@ -564,6 +564,22 @@ public void testIdTokenInjection() throws IOException { page = webClient.getPage("http://localhost:8081/web-app"); assertEquals("alice", page.getBody().asNormalizedText()); + + Cookie sessionCookie = getSessionCookie(webClient, null); + assertNotNull(sessionCookie); + webClient.getCookieManager().clearCookies(); + webClient.getCookieManager().addCookie(new Cookie(sessionCookie.getDomain(), sessionCookie.getName(), + "1|2|3")); + sessionCookie = getSessionCookie(webClient, null); + assertEquals("1|2|3", sessionCookie.getValue()); + + try { + webClient.getPage("http://localhost:8081/web-app"); + fail("401 status error is expected"); + } catch (FailingHttpStatusCodeException ex) { + assertEquals(401, ex.getStatusCode()); + assertNull(getSessionCookie(webClient, null)); + } webClient.getCookieManager().clearCookies(); } }