From 559a968d2c22dbcbc6d022ea4487c21aa7c07b31 Mon Sep 17 00:00:00 2001
From: dahoud <dahoud@dgbf.ci>
Date: Mon, 20 Oct 2025 13:02:07 +0000
Subject: [PATCH] Fix: Allow public access to Swagger UI and OpenAPI endpoints
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added explicit HTTP auth permissions to allow unauthenticated access to:
- /q/* (health endpoints)
- /openapi (OpenAPI spec)
- /swagger-ui/* (Swagger UI)

This fixes the issue where proactive auth mode blocked access to
documentation endpoints in production.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 src/main/resources/application-prod.properties | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index 0a7fb2b..32b3d90 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -42,6 +42,14 @@ quarkus.oidc.authentication.restore-path-after-redirect=true
 quarkus.security.auth.enabled=true
 quarkus.security.auth.proactive=true
 
+# Permissions pour accès public aux endpoints de documentation et santé
+quarkus.http.auth.permission.public.paths=/q/*,/openapi,/swagger-ui/*
+quarkus.http.auth.permission.public.policy=permit
+
+# Authentification requise pour tous les autres endpoints
+quarkus.http.auth.permission.authenticated.paths=/*
+quarkus.http.auth.permission.authenticated.policy=authenticated
+
 # Logging
 quarkus.log.level=INFO
 quarkus.log.category."dev.lions.btpxpress".level=INFO