Skip to content

Commit a9a3653

Browse files
tiagomlalvestiagomlalves
committed
WIP
1 parent 1ee4699 commit a9a3653

File tree

3 files changed

+66
-0
lines changed

3 files changed

+66
-0
lines changed

common/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -154,6 +154,10 @@
154154
<artifactId>spotbugs-annotations</artifactId>
155155
<scope>provided</scope>
156156
</dependency>
157+
<dependency>
158+
<groupId>com.nimbusds</groupId>
159+
<artifactId>oauth2-oidc-sdk</artifactId>
160+
</dependency>
157161
</dependencies>
158162
<build>
159163
<plugins>

common/src/main/java/com/datastax/oss/common/sink/state/LifeCycleManager.java

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131
import static com.datastax.oss.driver.api.core.config.DefaultDriverOption.SSL_TRUSTSTORE_PATH;
3232

3333
import com.codahale.metrics.MetricRegistry;
34+
import com.datastax.db.driver.api.plugin.auth.OIDCAuthProvider;
3435
import com.datastax.dse.driver.api.core.config.DseDriverOption;
3536
import com.datastax.dse.driver.internal.core.auth.DseGssApiAuthProvider;
3637
import com.datastax.oss.common.sink.AbstractSinkTask;
@@ -66,17 +67,36 @@
6667
import com.datastax.oss.driver.shaded.guava.common.annotations.VisibleForTesting;
6768
import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
6869
import com.datastax.oss.dsbulk.codecs.api.ConvertingCodecFactory;
70+
import com.nimbusds.oauth2.sdk.AccessTokenResponse;
71+
import com.nimbusds.oauth2.sdk.ClientCredentialsGrant;
72+
import com.nimbusds.oauth2.sdk.ParseException;
73+
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
74+
import com.nimbusds.oauth2.sdk.TokenRequest;
75+
import com.nimbusds.oauth2.sdk.TokenResponse;
76+
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
77+
import com.nimbusds.oauth2.sdk.auth.ClientAuthenticationMethod;
78+
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
79+
import com.nimbusds.oauth2.sdk.auth.Secret;
80+
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
81+
import com.nimbusds.oauth2.sdk.id.ClientID;
82+
import com.nimbusds.oauth2.sdk.token.AccessToken;
83+
import com.nimbusds.openid.connect.sdk.OIDCTokenResponseParser;
6984
import com.typesafe.config.Config;
7085
import com.typesafe.config.ConfigFactory;
7186
import edu.umd.cs.findbugs.annotations.NonNull;
7287
import edu.umd.cs.findbugs.annotations.Nullable;
88+
89+
import java.io.IOException;
7390
import java.net.InetSocketAddress;
91+
import java.net.URI;
92+
import java.net.URISyntaxException;
7493
import java.nio.file.Path;
7594
import java.util.Collection;
7695
import java.util.HashMap;
7796
import java.util.List;
7897
import java.util.Map;
7998
import java.util.Optional;
99+
import java.util.Set;
80100
import java.util.concurrent.CompletableFuture;
81101
import java.util.concurrent.CompletionException;
82102
import java.util.concurrent.CompletionStage;
@@ -621,6 +641,42 @@ private static void processAuthenticatorConfig(
621641
AUTH_PROVIDER_SASL_PROPERTIES, ImmutableMap.of("javax.security.sasl.qop", "auth"))
622642
.withStringMap(DseDriverOption.AUTH_PROVIDER_LOGIN_CONFIGURATION, loginConfig);
623643
} else if (authConfig.getProvider() == AuthenticatorConfig.Provider.OIDC) {
644+
ClientCredentialsGrant grant = new ClientCredentialsGrant();
645+
646+
ClientID clientID = new ClientID(config.getAuthenticatorConfig().getOIDCClientId());
647+
Secret clientSecret = new Secret(config.getAuthenticatorConfig().getOIDCClientSecret());
648+
649+
ClientAuthentication clientAuth = new ClientSecretBasic(clientID, clientSecret);
650+
651+
URI tokenEndpoint = config.getAuthenticatorConfig().getOIDCIssuer();
652+
TokenRequest request = new TokenRequest(tokenEndpoint, clientAuth, grant, null);
653+
654+
TokenResponse tokenResponse;
655+
try
656+
{
657+
tokenResponse = OIDCTokenResponseParser.parse(request.toHTTPRequest().send());
658+
}
659+
catch (ParseException e) {
660+
throw new RuntimeException("Failed OIDC request parsing: " + e.getMessage());
661+
}
662+
catch (IOException e) {
663+
throw new RuntimeException("Failed OIDC request: " + e.getMessage());
664+
}
665+
666+
if (!tokenResponse.indicatesSuccess()) {
667+
// We got an error response...
668+
TokenErrorResponse errorResponse = tokenResponse.toErrorResponse();
669+
throw new RuntimeException("Failed OIDC token response:" + errorResponse.toString());
670+
}
671+
672+
AccessTokenResponse successResponse = tokenResponse.toSuccessResponse();
673+
674+
AccessToken accessToken = successResponse.getTokens().getAccessToken();
675+
// RefreshToken refreshToken = successResponse.getTokens().getRefreshToken();
676+
677+
OIDCAuthProvider authProvider = new OIDCAuthProvider(accessToken.getValue());
678+
679+
configLoaderBuilder.withClass(AUTH_PROVIDER_CLASS, OIDCAuthProvider.class);
624680
/*
625681
TODO: OidcApiAuthProvider.
626682
configLoaderBuilder

pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@
6262
<snappy.version>1.1.7.2</snappy.version>
6363
<jackson.version>2.10.0</jackson.version>
6464
<jackson-databind.version>2.10.0</jackson-databind.version>
65+
<nimbus.oidc-sdk.version>11.26</nimbus.oidc-sdk.version>
6566
</properties>
6667
<dependencyManagement>
6768
<dependencies>
@@ -201,6 +202,11 @@
201202
<artifactId>spotbugs-annotations</artifactId>
202203
<version>3.1.12</version>
203204
</dependency>
205+
<dependency>
206+
<groupId>com.nimbusds</groupId>
207+
<artifactId>oauth2-oidc-sdk</artifactId>
208+
<version>${nimbus.oidc-sdk.version}</version>
209+
</dependency>
204210
</dependencies>
205211
</dependencyManagement>
206212
<build>

0 commit comments

Comments
 (0)