Skip to content

Fix #1127 - Use CredentialProvider in OAuth2 provider #1126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Fix #1127 - Use CredentialProvider in OAuth2 provider #1126

wants to merge 8 commits into from

Conversation

gabriel-farache
Copy link
Contributor

@gabriel-farache gabriel-farache commented Apr 30, 2025
edited
Loading

Many thanks for submitting your Pull Request ❤️!

Please make sure that your PR meets the following requirements:

  • You have read the contributors guide
  • Your code is properly formatted according to our code style
  • Pull Request title contains the target branch if not targeting main: [0.9.x] Subject
  • Pull Request contains link to the issue
  • Pull Request contains link to any dependent or related Pull Request
  • Pull Request contains description of the issue
  • Pull Request does not include fixes for issues other than the main ticket

This PR solves #1127

  1. introduces tests for the Oauth2 provider (both Classic and Reactive depending on the delegate implementation used)
  2. make use of the newly introduced CredentialProvider interface instance when setting the token in the header
  • the behaviour is not a get as for the other providers but a set as the access token is first generated by the delegate and then set in the header. The reactive delegate and its Mutiny (async) usage force us to have all in one (getting the token and setting the header) to avoid losing the benefit of releasing the thread while waiting for the token. If we are fine with losing it, a getToken method can instead be defined in the OidcClientRequestFilterDelegate interface and then use it in a CredentialProvider get method for oauth2 instead of calling the filter from the delegate

@gabriel-farache gabriel-farache requested a review from a team as a code owner April 30, 2025 09:45
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch 6 times, most recently from 9cb6610 to 565cdd6 Compare April 30, 2025 09:57
@gabriel-farache
Copy link
Contributor Author

@ricardozanini PTAL

@ricardozanini ricardozanini self-assigned this Apr 30, 2025
@ricardozanini ricardozanini added the area:client This item is related to the client extension label Apr 30, 2025
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch 2 times, most recently from d0c6537 to aad13a7 Compare April 30, 2025 18:54
@gabriel-farache gabriel-farache changed the title Use CredentialProvider in OAuth2 provider Fix #1127 - Use CredentialProvider in OAuth2 provider Apr 30, 2025
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch 3 times, most recently from 9c48cc2 to a276dfa Compare April 30, 2025 19:07
github-advanced-security[bot]
github-advanced-security bot found potential problems Apr 30, 2025
View reviewed changes
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch 5 times, most recently from 30d851b to 8483233 Compare April 30, 2025 21:50
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch from 0f1e570 to 6df6a23 Compare May 5, 2025 13:52
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch 2 times, most recently from a225e19 to 23a4790 Compare May 13, 2025 09:26
@gabriel-farache
Copy link
Contributor Author

@ricardozanini I had to use Quarkus test profile to load the custom credentials provider for the IT, now it works, PTAL again :)

ricardozanini
ricardozanini reviewed May 13, 2025
View reviewed changes
Copy link
Member

@ricardozanini ricardozanini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll take another look later.

@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch from 23a4790 to 04c31a4 Compare May 13, 2025 13:46
ricardozanini
ricardozanini approved these changes May 13, 2025
View reviewed changes
Copy link
Member

@ricardozanini ricardozanini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@gabriel-farache
Copy link
Contributor Author

@ricardozanini I added a data structure which embed all parameters that must be made available to the methods of the CredentialProvider.

I added lombok dependency to have the getter and builder generated, if that pose a problem, I will remove, let me know

@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch from 898fb3b to 6f7ddc0 Compare May 14, 2025 08:27
@ricardozanini
Copy link
Member

Hey @gabriel-farache many thanks! Yes, please remove lombok.

@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch from 6f7ddc0 to d52de6a Compare May 14, 2025 18:35
@gabriel-farache
Copy link
Contributor Author

gabriel-farache commented May 14, 2025
edited
Loading

Hey @gabriel-farache many thanks! Yes, please remove lombok.

@ricardozanini done

@ricardozanini
Copy link
Member

I'll ask for more eyes.

@hbelmiro hbelmiro linked an issue May 17, 2025 that may be closed by this pull request
OAuth2 provider does not use the CrendentialProvider to get/set the token #1127
Open
hbelmiro
hbelmiro reviewed May 17, 2025
View reviewed changes
@gabriel-farache
Apply feedback
425df44 
Signed-off-by: gabriel-farache <[email protected]>
hbelmiro
hbelmiro approved these changes May 19, 2025
View reviewed changes
Copy link
Contributor

@hbelmiro hbelmiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @gabriel-farache.

gmunozfe
gmunozfe reviewed May 20, 2025
View reviewed changes
...est/java/io/quarkiverse/openapi/generator/oidc/ReactiveOAuth2AuthenticationProviderTest.java Outdated
Comment on lines 95 to 96
provider.filter(reactiveRequestContext);
assertHeader(headers, HttpHeaders.AUTHORIZATION, expectedAuthorizationHeader);
Copy link

@gmunozfe gmunozfe May 20, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

filter is a non-blocking method and then, immediately, you are checking the headers in the assertHeader.
Potentially header couldn't be there yet, making the test to be flaky.

Perhaps you can use CountDownLatch or other mechanism to wait until the filter logic finishes, and then assert the headers. Wdyt?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure how I could use a CountDownLatch as I do not want to add code just for testing purposes in the filter part handling the response
Plus, the getTokens method is mocked and should return instantly.

But I do agree, in rare case, there may be sync issue and the test may fail; to avoid that, I mocked the RestClientRequestContext that executes the suspend and resume methods which are used in the filter . THen I added a simple while-sleep loop to wait until the request is resumed. The loop may not be the most efficient solution, but for this case I believe it's enough as the impact will be very low, WDYT?

@gabriel-farache
Apply feedback related to sync
06eca21 
Signed-off-by: gabriel-farache <[email protected]>
@gabriel-farache
Fix formatting
fcbdbf0 
Signed-off-by: gabriel-farache <[email protected]>
@gabriel-farache gabriel-farache force-pushed the fix/oauth2_provider_credentialProvider branch from 11c0b03 to fcbdbf0 Compare May 21, 2025 15:05
@gabriel-farache gabriel-farache mentioned this pull request May 22, 2025
Open
@gabriel-farache gabriel-farache requested a review from gmunozfe May 26, 2025 07:38
@ricardozanini
Copy link
Member

@gmunozfe mind taking a look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ricardozanini ricardozanini ricardozanini approved these changes

@hbelmiro hbelmiro hbelmiro approved these changes

@mcruzdev mcruzdev Awaiting requested review from mcruzdev

@fjtirado fjtirado Awaiting requested review from fjtirado

@gmunozfe gmunozfe Awaiting requested review from gmunozfe

Assignees

@ricardozanini ricardozanini

Labels
area:client This item is related to the client extension backport-main-lts
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

OAuth2 provider does not use the CrendentialProvider to get/set the token
4 participants
@gabriel-farache @ricardozanini @gmunozfe @hbelmiro