SESSION ABSTRACTS

Introduction to Quarkus Security

In this session, Sergey will introduce you to Quarkus and Quarkus Security Architecture and explain how it can help solve real world security requirements with Developer Joy remaining a Priority for the Quarkus Security team.

He will show how you can develop and test services secured with OpenId Connect in Dev mode, and how you can learn to customize a verified security identity, how to use both role and permission based access control, and combine multiple authentication mechanisms with annotations. You will be introduced to one of the most compact ways of generating signed, encrypted or both inner-signed and encrypted JSON Web Tokens, currently available to Quarkus but also SmallRye JWT users.

At the end of the session you will be invited to a `Dance With Quarkus Security` demo where Sergey will explain how you can authenticate users with multiple OpenId Connect (OIDC) and OAuth2 providers with literally several lines of configuration only, with many tricky issues such as enabling a secure Proof Key for Code Exchange being taken care of under the hood automatically, explain how many different OIDC tenant resolution policies work in Quarkus allowing users build the most complex OIDC provider combinations, and more. Hopefully you will agree after this talk that working with security in Quarkus is the new cool.

Drinks and food courtesy of our wonderful partner network

Quarkus Fitness Advisor - secure custom ChatGPT action

OpenAI introduced custom GPT actions for ChatGPT Plus subscribers. In this session, Sergey will explain what GPTs are, how they can be created, and how they can authenticate to and access remote API endpoints in order to help ChatGPT formulate correct answers.

You will be introduced to Quarkus OpenId Connect (OIDC) proxy which makes it straightforward to add an OIDC or OAuth2 authorization code flow authentication to custom GPTs, especially when the GPT OAuth wizard does not support options required by a given provider. You will learn how Quarkus OIDC proxy can prevent GPTs from seeing sensitive OIDC connection details and restrict their access to refresh and/or ID tokens, in order to minimize the risk of them being leaked. You will also see how Quarkus OIDC proxy can create a redirect URI bridge for your registered OIDC applications to avoid enabling ChatGPT specific redirect URIs in the OIDC provider's dashboard and instead link to the redirect URI in the trusted domain.

At the end of the session you will meet Quarkus Fitness Adviser, a secure GPT which authenticates users with Strava OAuth2 provider and uses acquired access tokens to retrieve the authenticated user's activity data from a Quarkus Strava service. By the end of the session you will learn how to create custom GPTs, while keeping important security considerations in mind.

Sergey Beryozkin Bio

Sergey Beryozkin is a Principal Software Engineer at Red Hat working on Quarkus Security. His main expertise is in OpenId Connect and JSON Web Token (JWT) security.

He was and is still involved in the Eclipse MicroProfile JWT specification work. Sergey is a long time Open Source developer. Before rejoining Red Hat, he was an Apache Software Foundation (ASF) CXF JAX-RS (Java API for RESTful Web Services) implementation and security support project lead for many years, when he also became a committer in several other ASF projects such as Apache Tika and Camel. He is interested in how distributed software systems can interoperate at scale. He is a former proud IONA Technologies employee. He likes working with users and has responded to a lot of user queries and bug reports during his career.

He has lived in Dublin for a quarter of a century, is an aspiring cyclist, a keen walker and a club team chess player.

GitHub: sberyozkn X (formerly Twitter): @sberyozkin

About the Dublin Java User Group

Since 2006, the Dublin Java User Group, aka DubJUG, has been working with the global Java community to amplify technical knowledge for the benefit of Irish based developers and businesses.