Merge pull request #51383 from michalvavrik/feature/configurable-oidc-db-state-man-col-size

sberyozkin · web-flow · commit ffebdaa57652 · 2025-12-03T22:58:53.000Z
Allow to configure OIDC DB token state manager column sizes for tokens
diff --git a/extensions/oidc-db-token-state-manager/deployment/src/main/java/io/quarkus/oidc/db/token/state/manager/OidcDbTokenStateManagerProcessor.java b/extensions/oidc-db-token-state-manager/deployment/src/main/java/io/quarkus/oidc/db/token/state/manager/OidcDbTokenStateManagerProcessor.java
@@ -11,11 +11,11 @@
 
 import java.util.function.BooleanSupplier;
 
-import jakarta.enterprise.context.Dependent;
 import jakarta.inject.Singleton;
 
 import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
 import io.quarkus.arc.deployment.BeanContainerBuildItem;
+import io.quarkus.arc.deployment.BeanContainerListenerBuildItem;
 import io.quarkus.arc.deployment.SyntheticBeanBuildItem;
 import io.quarkus.arc.deployment.SyntheticBeansRuntimeInitBuildItem;
 import io.quarkus.builder.item.SimpleBuildItem;
@@ -27,7 +27,7 @@
 import io.quarkus.oidc.TokenStateManager;
 import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManager;
 import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerInitializer;
-import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerInitializer.OidcDbTokenStateManagerInitializerProperties;
+import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerInitializer.SupportedReactiveSqlClient;
 import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerRecorder;
 import io.quarkus.runtime.configuration.ConfigurationException;
 
@@ -109,77 +109,17 @@ AdditionalBeanBuildItem makeDbTokenStateManagerInitializerBean() {
 
     @BuildStep
     @Record(STATIC_INIT)
-    SyntheticBeanBuildItem createDbTokenStateInitializerProps(ReactiveSqlClientBuildItem sqlClientBuildItem,
+    BeanContainerListenerBuildItem createDbTokenStateInitializerProps(ReactiveSqlClientBuildItem sqlClientBuildItem,
             OidcDbTokenStateManagerRecorder recorder) {
-        final String createTableDdl;
-        final boolean supportsIfTableNotExists;
-        switch (sqlClientBuildItem.reactiveClient) {
-            case REACTIVE_PG_CLIENT:
-                createTableDdl = "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager (" +
-                        "id VARCHAR(100) PRIMARY KEY, " +
-                        "id_token VARCHAR, " +
-                        "access_token VARCHAR, " +
-                        "refresh_token VARCHAR, " +
-                        "access_token_expires_in BIGINT, " +
-                        "access_token_scope VARCHAR, " +
-                        "expires_in BIGINT NOT NULL)";
-                supportsIfTableNotExists = true;
-                break;
-            case REACTIVE_MYSQL_CLIENT:
-                createTableDdl = "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager ("
-                        + "id VARCHAR(100), "
-                        + "id_token VARCHAR(5000) NULL, "
-                        + "access_token VARCHAR(5000) NULL, "
-                        + "refresh_token VARCHAR(5000) NULL, "
-                        + "access_token_expires_in BIGINT NULL, "
-                        + "access_token_scope VARCHAR(100) NULL, "
-                        + "expires_in BIGINT NOT NULL, "
-                        + "PRIMARY KEY (id))";
-                supportsIfTableNotExists = true;
-                break;
-            case REACTIVE_MSSQL_CLIENT:
-                createTableDdl = "CREATE TABLE oidc_db_token_state_manager ("
-                        + "id NVARCHAR(100) PRIMARY KEY, "
-                        + "id_token NVARCHAR(MAX), "
-                        + "access_token NVARCHAR(MAX), "
-                        + "refresh_token NVARCHAR(MAX), "
-                        + "access_token_expires_in BIGINT, "
-                        + "access_token_scope NVARCHAR(100), "
-                        + "expires_in BIGINT NOT NULL)";
-                supportsIfTableNotExists = false;
-                break;
-            case REACTIVE_DB2_CLIENT:
-                createTableDdl = "CREATE TABLE oidc_db_token_state_manager ("
-                        + "id VARCHAR(100) NOT NULL PRIMARY KEY, "
-                        + "id_token VARCHAR(5000), "
-                        + "access_token VARCHAR(5000), "
-                        + "refresh_token VARCHAR(5000), "
-                        + "access_token_expires_in BIGINT, "
-                        + "access_token_scope VARCHAR(100), "
-                        + "expires_in BIGINT NOT NULL)";
-                supportsIfTableNotExists = false;
-                break;
-            case REACTIVE_ORACLE_CLIENT:
-                createTableDdl = "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager ("
-                        + "id VARCHAR2(100), "
-                        + "id_token VARCHAR2(5000), "
-                        + "access_token VARCHAR2(5000), "
-                        + "refresh_token VARCHAR2(5000), "
-                        + "access_token_expires_in NUMBER, "
-                        + "access_token_scope VARCHAR2(100), "
-                        + "expires_in NUMBER NOT NULL, "
-                        + "PRIMARY KEY (id))";
-                supportsIfTableNotExists = true;
-                break;
-            default:
-                throw new ConfigurationException("Unknown Reactive Sql Client " + sqlClientBuildItem.reactiveClient);
-        }
-        return SyntheticBeanBuildItem
-                .configure(OidcDbTokenStateManagerInitializerProperties.class)
-                .supplier(recorder.createDbTokenStateInitializerProps(createTableDdl, supportsIfTableNotExists))
-                .unremovable()
-                .scope(Dependent.class)
-                .done();
+        var supportedReactiveSqlClient = switch (sqlClientBuildItem.reactiveClient) {
+            case REACTIVE_PG_CLIENT -> SupportedReactiveSqlClient.POSTGRESQL;
+            case REACTIVE_MYSQL_CLIENT -> SupportedReactiveSqlClient.MYSQL;
+            case REACTIVE_MSSQL_CLIENT -> SupportedReactiveSqlClient.MSSQL;
+            case REACTIVE_DB2_CLIENT -> SupportedReactiveSqlClient.DB2;
+            case REACTIVE_ORACLE_CLIENT -> SupportedReactiveSqlClient.ORACLE;
+            default -> throw new ConfigurationException("Unknown Reactive Sql Client " + sqlClientBuildItem.reactiveClient);
+        };
+        return new BeanContainerListenerBuildItem(recorder.setSupportedReactiveSqlClient(supportedReactiveSqlClient));
     }
 
     @Consume(SyntheticBeansRuntimeInitBuildItem.class)
diff --git a/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerInitializer.java b/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerInitializer.java
@@ -2,12 +2,14 @@
 
 import static io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManager.now;
 
+import java.util.Objects;
 import java.util.concurrent.atomic.AtomicBoolean;
 import java.util.function.BiFunction;
 import java.util.function.Consumer;
 import java.util.function.Function;
 
 import jakarta.enterprise.event.Observes;
+import jakarta.inject.Singleton;
 
 import org.jboss.logging.Logger;
 
@@ -20,20 +22,27 @@
 import io.vertx.sqlclient.Row;
 import io.vertx.sqlclient.RowSet;
 
-public class OidcDbTokenStateManagerInitializer {
+@Singleton
+public final class OidcDbTokenStateManagerInitializer {
 
     private static final Logger LOG = Logger.getLogger(OidcDbTokenStateManagerInitializer.class);
     private static final String FAILED_TO_CREATE_DB_TABLE = "unknown reason, please report the issue and create table manually";
     /**
      * Extra 30 seconds before we delete expired tokens.
      */
     private static final long EXPIRED_EXTRA_GRACE = 30;
-    private static volatile Long timerId = null;
+    private volatile Long timerId = null;
+    private volatile SupportedReactiveSqlClient supportedReactiveSqlClient = null;
 
-    void initialize(@Observes StartupEvent event, OidcDbTokenStateManagerRunTimeConfig config, Vertx vertx, Pool pool,
-            OidcDbTokenStateManagerInitializerProperties initializerProps) {
+    void setSupportedReactiveSqlClient(SupportedReactiveSqlClient supportedReactiveSqlClient) {
+        this.supportedReactiveSqlClient = supportedReactiveSqlClient;
+    }
+
+    void initialize(@Observes StartupEvent event, OidcDbTokenStateManagerRunTimeConfig config, Vertx vertx, Pool pool) {
+        Objects.requireNonNull(supportedReactiveSqlClient);
         if (config.createDatabaseTableIfNotExists()) {
-            createDatabaseTable(pool, initializerProps.createTableDdl, initializerProps.supportsIfTableNotExists);
+            createDatabaseTable(pool, supportedReactiveSqlClient.getCreateTableDdl(config),
+                    supportedReactiveSqlClient.supportsIfTableNotExists);
         }
         periodicallyDeleteExpiredTokens(vertx, pool, config.deleteExpiredDelay().toMillis());
     }
@@ -44,7 +53,7 @@ void shutdown(@Observes ShutdownEvent event, Vertx vertx) {
         }
     }
 
-    private static void periodicallyDeleteExpiredTokens(Vertx vertx, Pool pool, long delayBetweenChecks) {
+    private void periodicallyDeleteExpiredTokens(Vertx vertx, Pool pool, long delayBetweenChecks) {
         timerId = vertx
                 .setPeriodic(5000, delayBetweenChecks, new Handler<Long>() {
 
@@ -101,6 +110,7 @@ public Uni<String> apply(RowSet<Row> rows, Throwable throwable) {
                                 return Uni.createFrom().item(throwable.getMessage());
                             } else {
                                 // most likely we tried to create table even though it already exists
+                                LOG.debug("Failed to create database table", throwable);
                                 return Uni.createFrom().nullItem();
                             }
                         }
@@ -140,14 +150,85 @@ public String apply(Throwable throwable) {
         }
     }
 
-    public static final class OidcDbTokenStateManagerInitializerProperties {
+    public enum SupportedReactiveSqlClient {
+        POSTGRESQL(true,
+                (int idToken, int accessToken, int refreshToken) -> "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager ("
+                        + "id VARCHAR(100) PRIMARY KEY, "
+                        + "id_token VARCHAR(" + idToken + "), "
+                        + "access_token VARCHAR(" + accessToken + "), "
+                        + "refresh_token VARCHAR(" + refreshToken + "), "
+                        + "access_token_expires_in BIGINT, "
+                        + "access_token_scope VARCHAR, "
+                        + "expires_in BIGINT NOT NULL)"),
+        DB2(false, (int idToken, int accessToken, int refreshToken) -> "CREATE TABLE oidc_db_token_state_manager ("
+                + "id VARCHAR(100) NOT NULL PRIMARY KEY, "
+                + "id_token VARCHAR(" + idToken + "), "
+                + "access_token VARCHAR(" + accessToken + "), "
+                + "refresh_token VARCHAR(" + refreshToken + "), "
+                + "access_token_expires_in BIGINT, "
+                + "access_token_scope VARCHAR(100), "
+                + "expires_in BIGINT NOT NULL)"),
+        ORACLE(true,
+                (int idToken, int accessToken, int refreshToken) -> "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager ("
+                        + "id VARCHAR2(100), "
+                        + "id_token VARCHAR2(" + idToken + "), "
+                        + "access_token VARCHAR2(" + accessToken + "), "
+                        + "refresh_token VARCHAR2(" + refreshToken + "), "
+                        + "access_token_expires_in NUMBER, "
+                        + "access_token_scope VARCHAR2(100), "
+                        + "expires_in NUMBER NOT NULL, "
+                        + "PRIMARY KEY (id))"),
+        MYSQL(true,
+                (int idToken, int accessToken, int refreshToken) -> "CREATE TABLE IF NOT EXISTS oidc_db_token_state_manager ("
+                        + "id VARCHAR(100), "
+                        + "id_token VARCHAR(" + idToken + ") NULL, "
+                        + "access_token VARCHAR(" + accessToken + ") NULL, "
+                        + "refresh_token VARCHAR(" + refreshToken + ") NULL, "
+                        + "access_token_expires_in BIGINT NULL, "
+                        + "access_token_scope VARCHAR(100) NULL, "
+                        + "expires_in BIGINT NOT NULL, "
+                        + "PRIMARY KEY (id))"),
+        MSSQL(false, new CreateTableDdlProvider() {
+
+            @Override
+            public String getCreateTableDdl(int idToken, int accessToken, int refreshToken) {
+                return "CREATE TABLE oidc_db_token_state_manager ("
+                        + "id NVARCHAR(100) PRIMARY KEY, "
+                        + "id_token NVARCHAR(" + getColumnSize(idToken) + "), "
+                        + "access_token NVARCHAR(" + getColumnSize(accessToken) + "), "
+                        + "refresh_token NVARCHAR(" + getColumnSize(refreshToken) + "), "
+                        + "access_token_expires_in BIGINT, "
+                        + "access_token_scope NVARCHAR(100), "
+                        + "expires_in BIGINT NOT NULL)";
+            }
+
+            private static String getColumnSize(int columnSize) {
+                // from SQL Server docs:
+                // - the value of n defines the string size in byte-pairs, and can be from 1 through 4000
+                // - 'max' indicates that the maximum storage size is 2^31-1 characters (2 GB)
+                // therefore if someone tries to set more than maximum 4000 byte-pairs, we simply use 'max'
+                if (columnSize > 4000) {
+                    return "max";
+                }
+                return Integer.toString(columnSize);
+            }
+        });
 
-        private final String createTableDdl;
         private final boolean supportsIfTableNotExists;
+        private final CreateTableDdlProvider createTableDdlProvider;
 
-        OidcDbTokenStateManagerInitializerProperties(String createTableDdl, boolean supportsIfTableNotExists) {
-            this.createTableDdl = createTableDdl;
+        SupportedReactiveSqlClient(boolean supportsIfTableNotExists, CreateTableDdlProvider createTableDdlProvider) {
             this.supportsIfTableNotExists = supportsIfTableNotExists;
+            this.createTableDdlProvider = createTableDdlProvider;
+        }
+
+        private String getCreateTableDdl(OidcDbTokenStateManagerRunTimeConfig config) {
+            return createTableDdlProvider.getCreateTableDdl(config.idTokenColumnSize(), config.accessTokenColumnSize(),
+                    config.refreshTokenColumnSize());
+        }
+
+        private interface CreateTableDdlProvider {
+            String getCreateTableDdl(int idToken, int accessToken, int refreshToken);
         }
     }
 }
diff --git a/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerRecorder.java b/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerRecorder.java
@@ -3,7 +3,8 @@
 import java.util.function.Supplier;
 
 import io.quarkus.arc.runtime.BeanContainer;
-import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerInitializer.OidcDbTokenStateManagerInitializerProperties;
+import io.quarkus.arc.runtime.BeanContainerListener;
+import io.quarkus.oidc.db.token.state.manager.runtime.OidcDbTokenStateManagerInitializer.SupportedReactiveSqlClient;
 import io.quarkus.runtime.annotations.Recorder;
 import io.vertx.sqlclient.Pool;
 
@@ -27,13 +28,8 @@ public void setSqlClientPool(BeanContainer container) {
     }
 
     /* STATIC INIT */
-    public Supplier<OidcDbTokenStateManagerInitializerProperties> createDbTokenStateInitializerProps(String createTableDdl,
-            boolean supportsIfTableNotExists) {
-        return new Supplier<OidcDbTokenStateManagerInitializerProperties>() {
-            @Override
-            public OidcDbTokenStateManagerInitializerProperties get() {
-                return new OidcDbTokenStateManagerInitializerProperties(createTableDdl, supportsIfTableNotExists);
-            }
-        };
+    public BeanContainerListener setSupportedReactiveSqlClient(SupportedReactiveSqlClient supportedReactiveSqlClient) {
+        return container -> container.beanInstance(OidcDbTokenStateManagerInitializer.class)
+                .setSupportedReactiveSqlClient(supportedReactiveSqlClient);
     }
 }
diff --git a/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerRunTimeConfig.java b/extensions/oidc-db-token-state-manager/runtime/src/main/java/io/quarkus/oidc/db/token/state/manager/runtime/OidcDbTokenStateManagerRunTimeConfig.java
@@ -23,4 +23,22 @@ public interface OidcDbTokenStateManagerRunTimeConfig {
      */
     @WithDefault("true")
     boolean createDatabaseTableIfNotExists();
+
+    /**
+     * ID token column size.
+     */
+    @WithDefault("5000")
+    int idTokenColumnSize();
+
+    /**
+     * Access token column size.
+     */
+    @WithDefault("5000")
+    int accessTokenColumnSize();
+
+    /**
+     * Refresh token column size.
+     */
+    @WithDefault("5000")
+    int refreshTokenColumnSize();
 }
