Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move OIDC propagation annotation to oidc-client #29147

Merged
merged 2 commits into from
Nov 9, 2022
Merged

Move OIDC propagation annotation to oidc-client #29147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f573a42
Move OIDC propagation annotation to oidc-client
sberyozkin Nov 9, 2022
4c0e5dc
Update OIDC propagation reactive to support AccessToken annotation
sberyozkin Nov 9, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
19 changes: 18 additions & 1 deletion docs/src/main/asciidoc/security-openid-connect-client-reference.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -828,7 +828,24 @@ quarkus.log.category."io.quarkus.oidc.client.runtime.OidcClientRecorder".min-lev

The `quarkus-oidc-token-propagation-reactive` extension provides RestEasy Reactive Client `io.quarkus.oidc.token.propagation.reactive.AccessTokenRequestReactiveFilter` that simplifies the propagation of authentication information by propagating the xref:security-openid-connect.adoc[Bearer] token present in the current active request or the token acquired from the xref:security-openid-connect-web-authentication.adoc[Authorization Code Flow], as the HTTP `Authorization` header's `Bearer` scheme value.

You can selectively register `AccessTokenRequestReactiveFilter` using `org.eclipse.microprofile.rest.client.annotation.RegisterProvider` annotation, for example:
You can selectively register `AccessTokenRequestReactiveFilter` by using either `io.quarkus.oidc.token.propagation.AccessToken` or `org.eclipse.microprofile.rest.client.annotation.RegisterProvider` annotation, for example:

[source,java]
----
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
import io.quarkus.oidc.token.propagation.AccessToken;

@RegisterRestClient
@AccessToken
@Path("/")
public interface ProtectedResourceService {

@GET
String getUserName();
}
----

or

[source,java]
----
Expand Down
0 ...s/oidc/token/propagation/AccessToken.java → ...s/oidc/token/propagation/AccessToken.java
View file
Open in desktop
File renamed without changes.
27 changes: 27 additions & 0 deletions ...ava/io/quarkus/oidc/token/propagation/reactive/OidcTokenPropagationReactiveBuildStep.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,17 +1,44 @@
package io.quarkus.oidc.token.propagation.reactive;

import java.util.Collection;
import java.util.List;
import java.util.function.BooleanSupplier;

import org.jboss.jandex.AnnotationInstance;
import org.jboss.jandex.AnnotationValue;
import org.jboss.jandex.DotName;
import org.jboss.jandex.Type;

import io.quarkus.arc.deployment.AdditionalBeanBuildItem;
import io.quarkus.deployment.annotations.BuildProducer;
import io.quarkus.deployment.annotations.BuildStep;
import io.quarkus.deployment.annotations.BuildSteps;
import io.quarkus.deployment.builditem.AdditionalIndexedClassesBuildItem;
import io.quarkus.deployment.builditem.CombinedIndexBuildItem;
import io.quarkus.deployment.builditem.nativeimage.ReflectiveClassBuildItem;
import io.quarkus.oidc.token.propagation.AccessToken;
import io.quarkus.rest.client.reactive.deployment.DotNames;
import io.quarkus.rest.client.reactive.deployment.RegisterProviderAnnotationInstanceBuildItem;

@BuildSteps(onlyIf = OidcTokenPropagationReactiveBuildStep.IsEnabled.class)
public class OidcTokenPropagationReactiveBuildStep {

private static final DotName ACCESS_TOKEN = DotName.createSimple(AccessToken.class.getName());
private static final DotName ACCESS_TOKEN_REQUEST_REACTIVE_FILTER = DotName
.createSimple(AccessTokenRequestReactiveFilter.class.getName());

@BuildStep
void oidcClientFilterSupport(CombinedIndexBuildItem indexBuildItem,
BuildProducer<RegisterProviderAnnotationInstanceBuildItem> producer) {
Collection<AnnotationInstance> instances = indexBuildItem.getIndex().getAnnotations(ACCESS_TOKEN);
for (AnnotationInstance instance : instances) {
String targetClass = instance.target().asClass().name().toString();
producer.produce(new RegisterProviderAnnotationInstanceBuildItem(targetClass, AnnotationInstance.create(
DotNames.REGISTER_PROVIDER, instance.target(), List.of(AnnotationValue.createClassValue("value",
Type.create(ACCESS_TOKEN_REQUEST_REACTIVE_FILTER, org.jboss.jandex.Type.Kind.CLASS))))));
}
}

@BuildStep
void registerProvider(BuildProducer<AdditionalBeanBuildItem> additionalBeans,
BuildProducer<ReflectiveClassBuildItem> reflectiveClass,
Expand Down
5 changes: 3 additions & 2 deletions ...c/test/java/io/quarkus/oidc/token/propagation/reactive/AccessTokenPropagationService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,12 @@
import javax.ws.rs.GET;
import javax.ws.rs.Path;

import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;

import io.quarkus.oidc.token.propagation.AccessToken;

@RegisterRestClient
@RegisterProvider(AccessTokenRequestReactiveFilter.class)
@AccessToken
@Path("/")
public interface AccessTokenPropagationService {

Expand Down