Clientcore oauth updates (Azure#44846)

billwert · web-flow · commit 5066a029b56a · 2025-04-01T15:07:16.000-07:00
* add OAuthTokenCredentialTrait

* Make the constructor take a OAuthTokenRequest so it has a proper set of metdata.

Make the constructor take a OAuthTokenRequest so it has a proper set of metdata.

* linter fixes
diff --git a/sdk/clientcore/core/src/main/java/io/clientcore/core/http/pipeline/OAuthBearerTokenAuthenticationPolicy.java b/sdk/clientcore/core/src/main/java/io/clientcore/core/http/pipeline/OAuthBearerTokenAuthenticationPolicy.java
@@ -36,39 +36,33 @@ public class OAuthBearerTokenAuthenticationPolicy extends HttpCredentialPolicy {
     private static final ClientLogger LOGGER = new ClientLogger(OAuthBearerTokenAuthenticationPolicy.class);
     private static final String BEARER = "Bearer";
 
-    private final String[] scopes;
+    // The default context contains all OAuth metadata specified in the tsp.
+    private final OAuthTokenRequestContext context;
     private final OAuthTokenCredential credential;
 
     /**
      * Creates BearerTokenAuthenticationPolicy.
      *
-     * @param credential the token credential to authenticate the request
-     * @param scopes the scopes of authentication the credential should get token for
+     * @param credential the token credential to authenticate the request.
+     * @param context the default OAuth metadata to use for the token request.
      */
-    public OAuthBearerTokenAuthenticationPolicy(OAuthTokenCredential credential, String... scopes) {
+    public OAuthBearerTokenAuthenticationPolicy(OAuthTokenCredential credential, OAuthTokenRequestContext context) {
         Objects.requireNonNull(credential);
+        Objects.requireNonNull(context);
         this.credential = credential;
-        this.scopes = scopes;
+        this.context = context;
     }
 
     /**
      * Executed before sending the initial request and authenticates the request.
      *
      * @param httpRequest The request context.
+     * @param context the OAuth metadata to use for the token request.
      */
-    public void authorizeRequest(HttpRequest httpRequest) {
-        setAuthorizationHeader(httpRequest, new OAuthTokenRequestContext().addScopes(scopes));
-    }
-
-    /**
-     * Authorizes the request with the bearer token acquired using the specified {@code tokenRequestContext}
-     *
-     * @param request the HTTP request.
-     * @param tokenRequestContext the token request context to be used for token acquisition.
-     */
-    protected void setAuthorizationHeader(HttpRequest request, OAuthTokenRequestContext tokenRequestContext) {
-        AccessToken token = credential.getToken(tokenRequestContext);
-        request.getHeaders().set(HttpHeaderName.AUTHORIZATION, BEARER + " " + token.getToken());
+    public void authorizeRequest(HttpRequest httpRequest, OAuthTokenRequestContext context) {
+        // Credential implementations are responsible for knowing what to do with the OAuth metadata.
+        AccessToken token = credential.getToken(context);
+        httpRequest.getHeaders().set(HttpHeaderName.AUTHORIZATION, BEARER + " " + token.getToken());
     }
 
     @Override
@@ -80,7 +74,9 @@ public Response<BinaryData> process(HttpRequest httpRequest, HttpPipelineNextPol
 
         HttpPipelineNextPolicy nextPolicy = next.copy();
 
-        authorizeRequest(httpRequest);
+        // For now we don't support per-operation scopes. In the future when we do, we will need to retrieve the
+        // scope from the incoming httpRequest and merge it with the default context.
+        authorizeRequest(httpRequest, context);
         Response<BinaryData> httpResponse = next.process();
         String authHeader = httpResponse.getHeaders().getValue(HttpHeaderName.WWW_AUTHENTICATE);
         if (httpResponse.getStatusCode() == 401 && authHeader != null) {
diff --git a/sdk/clientcore/core/src/main/java/io/clientcore/core/traits/OAuthTokenCredentialTrait.java b/sdk/clientcore/core/src/main/java/io/clientcore/core/traits/OAuthTokenCredentialTrait.java
@@ -0,0 +1,27 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+package io.clientcore.core.traits;
+
+import io.clientcore.core.credentials.oauth.OAuthTokenCredential;
+
+/**
+ * A {@link io.clientcore.core.traits trait}  providing a consistent interface for setting
+ * {@link OAuthTokenCredential}.
+
+ * @param <T> The concrete type that implements the trait. This is required so that fluent operations can continue
+ * to return the concrete type, rather than the trait type.
+ *
+ * @see io.clientcore.core.traits
+ * @see OAuthTokenCredential
+ */
+public interface OAuthTokenCredentialTrait<T extends OAuthTokenCredentialTrait<T>> {
+    /**
+     * Sets the {@link OAuthTokenCredential} used to authorize requests sent to the service.
+     *
+     * @param credential {@link OAuthTokenCredential} used to authorize requests sent to the service.
+     * @return Returns the same concrete type with the appropriate properties updated, to allow for fluent chaining of
+     *      operations.
+     */
+    T credential(OAuthTokenCredential credential);
+}
