Update OIDC propagation reactive to support AccessToken annotation

quarkusio · Nov 9, 2022 · 4c0e5dc · 4c0e5dc
1 parent f573a42
commit 4c0e5dc
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 3 deletions.
diff --git a/docs/src/main/asciidoc/security-openid-connect-client-reference.adoc b/docs/src/main/asciidoc/security-openid-connect-client-reference.adoc
@@ -828,7 +828,24 @@ quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientRecorder".min-lev
 
 The `quarkus-oidc-token-propagation-reactive` extension provides RestEasy Reactive Client `io.quarkus.oidc.token.propagation.reactive.AccessTokenRequestReactiveFilter` that simplifies the propagation of authentication information by propagating the xref:security-openid-connect.adoc[Bearer] token present in the current active request or the token acquired from the xref:security-openid-connect-web-authentication.adoc[Authorization Code Flow], as the HTTP `Authorization` header's `Bearer` scheme value.
 
-You can selectively register `AccessTokenRequestReactiveFilter` using `org.eclipse.microprofile.rest.client.annotation.RegisterProvider` annotation, for example:
+You can selectively register `AccessTokenRequestReactiveFilter` by using either `io.quarkus.oidc.token.propagation.AccessToken` or `org.eclipse.microprofile.rest.client.annotation.RegisterProvider` annotation, for example:
+
+[source,java]
+----
+import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
+import io.quarkus.oidc.token.propagation.AccessToken;
+
+@RegisterRestClient
+@AccessToken
+@Path("/")
+public interface ProtectedResourceService {
+
+    @GET
+    String getUserName();
+}
+----
+
+or
 
 [source,java]
 ----

diff --git a/...ava/io/quarkus/oidc/token/propagation/reactive/OidcTokenPropagationReactiveBuildStep.java b/...ava/io/quarkus/oidc/token/propagation/reactive/OidcTokenPropagationReactiveBuildStep.java
@@ -1,17 +1,44 @@
 package io.quarkus.oidc.token.propagation.reactive;
 
+import java.util.Collection;
+import java.util.List;
 import java.util.function.BooleanSupplier;
 
+import org.jboss.jandex.AnnotationInstance;
+import org.jboss.jandex.AnnotationValue;
+import org.jboss.jandex.DotName;
+import org.jboss.jandex.Type;
+
 import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
 import io.quarkus.deployment.annotations.BuildProducer;
 import io.quarkus.deployment.annotations.BuildStep;
 import io.quarkus.deployment.annotations.BuildSteps;
 import io.quarkus.deployment.builditem.AdditionalIndexedClassesBuildItem;
+import io.quarkus.deployment.builditem.CombinedIndexBuildItem;
 import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
+import io.quarkus.oidc.token.propagation.AccessToken;
+import io.quarkus.rest.client.reactive.deployment.DotNames;
+import io.quarkus.rest.client.reactive.deployment.RegisterProviderAnnotationInstanceBuildItem;
 
 @BuildSteps(onlyIf = OidcTokenPropagationReactiveBuildStep.IsEnabled.class)
 public class OidcTokenPropagationReactiveBuildStep {
 
+    private static final DotName ACCESS_TOKEN = DotName.createSimple(AccessToken.class.getName());
+    private static final DotName ACCESS_TOKEN_REQUEST_REACTIVE_FILTER = DotName
+            .createSimple(AccessTokenRequestReactiveFilter.class.getName());
+
+    @BuildStep
+    void oidcClientFilterSupport(CombinedIndexBuildItem indexBuildItem,
+            BuildProducer<RegisterProviderAnnotationInstanceBuildItem> producer) {
+        Collection<AnnotationInstance> instances = indexBuildItem.getIndex().getAnnotations(ACCESS_TOKEN);
+        for (AnnotationInstance instance : instances) {
+            String targetClass = instance.target().asClass().name().toString();
+            producer.produce(new RegisterProviderAnnotationInstanceBuildItem(targetClass, AnnotationInstance.create(
+                    DotNames.REGISTER_PROVIDER, instance.target(), List.of(AnnotationValue.createClassValue("value",
+                            Type.create(ACCESS_TOKEN_REQUEST_REACTIVE_FILTER, org.jboss.jandex.Type.Kind.CLASS))))));
+        }
+    }
+
     @BuildStep
     void registerProvider(BuildProducer<AdditionalBeanBuildItem> additionalBeans,
             BuildProducer<ReflectiveClassBuildItem> reflectiveClass,

diff --git a/...c/test/java/io/quarkus/oidc/token/propagation/reactive/AccessTokenPropagationService.java b/...c/test/java/io/quarkus/oidc/token/propagation/reactive/AccessTokenPropagationService.java
@@ -3,11 +3,12 @@
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 
-import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 
+import io.quarkus.oidc.token.propagation.AccessToken;
+
 @RegisterRestClient
-@RegisterProvider(AccessTokenRequestReactiveFilter.class)
+@AccessToken
 @Path("/")
 public interface AccessTokenPropagationService {