Add JWT authentication

adapter/api/proto/wso2/discovery/api/api_authentication.proto

@@ -35,16 +35,17 @@ message APIKey {
 message JWT {
   string header         = 1; // name of the header containing the JWT
   bool sendTokenToUpstream  = 2; // send the token to upstream
+  repeated string audience = 3;
+}
+
+message Oauth2 {
+  string header         = 1; // name of the header containing the JWT
+  bool sendTokenToUpstream  = 2; // send the token to upstream
 }
 
 message APIAuthentication {
   bool disabled          = 1; // disable authentication
   JWT jwt = 2;
   repeated APIKey apikey = 3;
-  TestConsoleKey testConsoleKey = 4;
-}
-
-message TestConsoleKey {
-  string header         = 1; // name of the header containing the test key
-  bool sendTokenToUpstream  = 2; // send the token to upstream
+  Oauth2 Oauth2 = 4;
 }

adapter/internal/oasparser/config_generator.go

@@ -258,6 +258,7 @@ func castAPIAuthenticationsToEnforcerAPIAuthentications(authentication *model.Au
 		enforcerAuthentication.Jwt = &api.JWT{
 			Header:              strings.ToLower(authentication.JWT.Header),
 			SendTokenToUpstream: authentication.JWT.SendTokenToUpstream,
+			Audience: authentication.JWT.Audience,
 		}
 	}
 	var apiKeys []*api.APIKey
@@ -273,19 +274,12 @@ func castAPIAuthenticationsToEnforcerAPIAuthentications(authentication *model.Au
 		})
 	}
 	enforcerAuthentication.Apikey = apiKeys
-	if authentication.TestConsoleKey != nil {
-		enforcerAuthentication.TestConsoleKey = &api.TestConsoleKey{
-			Header:              strings.ToLower(authentication.TestConsoleKey.Header),
-			SendTokenToUpstream: authentication.TestConsoleKey.SendTokenToUpstream,
+	if authentication.Oauth2 != nil {
+		enforcerAuthentication.Oauth2 = &api.Oauth2{
+			Header:              strings.ToLower(authentication.Oauth2.Header),
+			SendTokenToUpstream: authentication.Oauth2.SendTokenToUpstream,
 		}
 	}
-	if authentication.TestConsoleKey != nil {
-		enforcerAuthentication.TestConsoleKey = &api.TestConsoleKey{
-			Header:              strings.ToLower(authentication.TestConsoleKey.Header),
-			SendTokenToUpstream: authentication.TestConsoleKey.SendTokenToUpstream,
-		}
-	}
-
 	return enforcerAuthentication
 }
 

adapter/internal/oasparser/model/api_operation.go

@@ -50,17 +50,18 @@ type Authentication struct {
 	Disabled       bool
 	JWT            *JWT
 	APIKey         []APIKey
-	TestConsoleKey *TestConsoleKey
+	Oauth2         *Oauth2
 }
 
 // JWT holds JWT related configurations
 type JWT struct {
 	Header              string
 	SendTokenToUpstream bool
+	Audience []string
 }
 
-// TestConsoleKey holds testkey related configurations
-type TestConsoleKey struct {
+// Oauth2 holds Oauth2 related configurations
+type Oauth2 struct {
 	Header              string
 	SendTokenToUpstream bool
 }

adapter/internal/oasparser/model/http_route.go

@@ -19,7 +19,6 @@ package model
 
 import (
 	"github.com/google/uuid"
-	"github.com/wso2/apk/adapter/internal/loggers"
 	"github.com/wso2/apk/adapter/internal/oasparser/constants"
 	"github.com/wso2/apk/adapter/internal/operator/utils"
 	dpv1alpha1 "github.com/wso2/apk/common-go-libs/apis/dp/v1alpha1"
@@ -234,19 +233,28 @@ func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
 		sendTokenToUpstream = authScheme.Spec.Override.AuthTypes.Oauth2.SendTokenToUpstream
 	}
 	auth := &Authentication{Disabled: false,
-		TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader},
-		JWT:            &JWT{Header: authHeader, SendTokenToUpstream: sendTokenToUpstream},
+		Oauth2: &Oauth2{Header: authHeader, SendTokenToUpstream: sendTokenToUpstream},
 	}
 	if authScheme != nil && authScheme.Spec.Override != nil {
 		if authScheme.Spec.Override.Disabled != nil && *authScheme.Spec.Override.Disabled {
 			return &Authentication{Disabled: true}
 		}
 		authFound := false
-		if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.Oauth2.Disabled {
-			auth = &Authentication{Disabled: false,
-				TestConsoleKey: &TestConsoleKey{Header: constants.TestConsoleKeyHeader},
-			}
+		if authScheme.Spec.Override.AuthTypes != nil && !authScheme.Spec.Override.AuthTypes.Oauth2.Disabled {
+			authFound = true
 		} else {
+			auth = &Authentication{Disabled: false}
+		}
+		if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.JWT.Disabled != nil && !*authScheme.Spec.Override.AuthTypes.JWT.Disabled {
+			audience := make([]string, 0)
+			if len(authScheme.Spec.Override.AuthTypes.JWT.Audience) > 0 {
+				audience = authScheme.Spec.Override.AuthTypes.JWT.Audience
+			}
+			jwtHeader := constants.TestConsoleKeyHeader
+			if len(authScheme.Spec.Override.AuthTypes.JWT.Header) > 0 {
+				jwtHeader = authScheme.Spec.Override.AuthTypes.JWT.Header
+			}
+			auth.JWT = &JWT{Header: jwtHeader, SendTokenToUpstream: sendTokenToUpstream, Audience: audience}
 			authFound = true
 		}
 		if authScheme.Spec.Override.AuthTypes != nil && authScheme.Spec.Override.AuthTypes.APIKey != nil {
@@ -262,7 +270,6 @@ func getSecurity(authScheme *dpv1alpha2.Authentication) *Authentication {
 			auth.APIKey = apiKeys
 		}
 		if !authFound {
-			loggers.LoggerOasparser.Debug("Disabled security.")
 			return &Authentication{Disabled: true}
 		}
 	}