Fix #824 - Introduce a separated OIDC module to hold security dependencies

[ricardozanini]

Fix #824

In this PR:

• Removed references of OIDC libraries from the main runtime module
• I created a separate quarkus-openapi-generator-oidc component to hold OIDC use cases; users now MUST add this new dependency to their project in case OIDC is required.
• Review the integration-tests module to remove OIDC from every module; just add to security where it's really required.
• Updated documentation.

Many thanks for submitting your Pull Request ❤️!

Please make sure that your PR meets the following requirements:

• You have read the contributors guide
• Your code is properly formatted according to our code style
• Pull Request title contains the target branch if not targeting main: [0.9.x] Subject
• Pull Request contains link to the issue
• Pull Request contains link to any dependent or related Pull Request
• Pull Request contains description of the issue
• Pull Request does not include fixes for issues other than the main ticket

How to backport a pull request to a different branch?

In order to automatically create a backporting pull request please add one or more labels having the following format backport-<branch-name>, where <branch-name> is the name of the branch where the pull request must be backported to (e.g., backport-quarkus2 to backport the original PR to the quarkus2 branch).

NOTE: backporting is an action aiming to move a change (usually a commit) from a branch (usually the main one) to another one, which is generally referring to a still maintained release branch. Keeping it simple: it is about to move a specific change or a set of them from one branch to another.

Once the original pull request is successfully merged, the automated action will create one backporting pull request per each label (with the previous format) that has been added.

If something goes wrong, the author will be notified and at this point a manual backporting is needed.

NOTE: this automated backporting is triggered whenever a pull request on main branch is labeled or closed, but both conditions must be satisfied to get the new PR created.

[Postremus]

works for me, quarkus starts now with quarkus-hibernate-validator.

[ricardozanini]

@gastaldi do I have to do anything else to release the new module?

[gastaldi]

@ricardozanini you can use conditional dependencies to have your module added automatically when quarkus-oidc is available: https://quarkus.io/guides/conditional-extension-dependencies

[gastaldi]

@gastaldi do I have to do anything else to release the new module?

No, it should work as usual

[ricardozanini]

@ricardozanini you can use conditional dependencies to have your module added automatically when quarkus-oidc is available: https://quarkus.io/guides/conditional-extension-dependencies

oh nice! I'll do that then :D

[ricardozanini]

After reviewing the code base to add these conditionals, I'd have to create a new oidc extension and two additional modules, auth and config, to support this use case. Then, move all the authentication-related generation codes to auth and the OIDC to oidc. We would end up with five additional modules.

It's unnecessary to add all this complexity to the code base at this moment. OIDC support will work if users can add the new module we introduced today to their dependencies.

This new way of generating authentication classes did more harm than good. This rework should have been done in the original PR, but I don't have time to implement it now. If someone from the community is interested, please let me know.