Introduction to Quarkus Security by Sergey Beryozkin

• OpenID Connect is the most mainstream authentication mechanism, offering single sign-on capabilities and wide provider support (Google, Twitter, etc.)

• Quarkus Security provides zero-code configuration for multiple authentication providers through simple properties, with built-in dev services and reasonable defaults

• Token-based authentication supports both JWT and OAuth2/OpenID Connect tokens, with automatic validation, signature verification, and claims processing

• Multi-tenant support allows applications to work with multiple identity providers simultaneously through tenant configuration and resolution

• Role-based access control is implemented through annotations (@RolesAllowed, @SecurityIdentity) and can be customized with fine-grained permissions

• Token propagation enables seamless forwarding of authentication between services without manual token handling

• Dev services automatically configure security properties and mock providers for development and testing

• Support for both traditional authentication (Basic, Form) and modern approaches (OAuth2, OpenID Connect)

• Integration with Kubernetes and cloud-native environments is built-in

• Security customization is possible through security providers, authentication mechanisms, and policy configurations while maintaining simplicity by default

This is a relatively new pillar, full stack development so we’re not only about backend but also frontend security integration.