From e4924790dee2e46579f57167499e7eb992cbe072 Mon Sep 17 00:00:00 2001 From: Carles Arnal Date: Mon, 17 Jul 2023 11:02:04 +0200 Subject: [PATCH] Add scope to client credentials grant --- .../io/apicurio/rest/client/auth/OidcAuth.java | 17 ++++++++++++++++- .../io/apicurio/rest/client/auth/AuthTest.java | 2 +- .../rest/client/auth/VertxAuthTest.java | 2 +- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java b/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java index 1001bf8..71a4512 100644 --- a/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java +++ b/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java @@ -23,6 +23,7 @@ import java.net.URLEncoder; import java.time.Duration; import java.time.Instant; +import java.util.HashMap; import java.util.Map; import java.util.stream.Collectors; @@ -41,6 +42,7 @@ public class OidcAuth implements Auth, AutoCloseable { private final String clientId; private final String clientSecret; + private final String scope; private final Duration tokenExpirationReduction; private String cachedAccessToken; @@ -53,9 +55,14 @@ public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSec } public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSecret, Duration tokenExpirationReduction) { + this(httpClient, clientId, clientSecret, DEFAULT_TOKEN_EXPIRATION_REDUCTION, null); + } + + public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSecret, Duration tokenExpirationReduction, String scope) { this.clientId = clientId; this.clientSecret = clientSecret; this.apicurioHttpClient = httpClient; + this.scope = scope; if (null == tokenExpirationReduction) { this.tokenExpirationReduction = DEFAULT_TOKEN_EXPIRATION_REDUCTION; } else { @@ -76,7 +83,15 @@ public void apply(Map requestHeaders) { private void requestAccessToken() { try { - final Map params = Map.of("grant_type", CLIENT_CREDENTIALS_GRANT, "client_id", clientId, "client_secret", clientSecret); + final Map params = new HashMap<>(); + params.put("grant_type", CLIENT_CREDENTIALS_GRANT); + params.put("client_id", clientId); + params.put("client_secret", clientSecret); + + if (scope != null) { + params.put("scope", scope); + } + final String paramsEncoded = params.entrySet().stream().map(entry -> String.join("=", URLEncoder.encode(entry.getKey(), UTF_8), URLEncoder.encode(entry.getValue(), UTF_8)) diff --git a/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java b/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java index 62723d8..2eb9d44 100644 --- a/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java +++ b/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java @@ -24,7 +24,7 @@ public class AuthTest { private static ApicurioHttpClient httpClient; private OidcAuth createOidcAuth(String adminClientId) { - return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18)); + return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18), "openid profile email"); } @BeforeAll diff --git a/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java b/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java index ca554f1..40432ff 100644 --- a/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java +++ b/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java @@ -73,6 +73,6 @@ public static void close() { } private OidcAuth createOidcAuth(String adminClientId) { - return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18)); + return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18), "openid profile email"); } }