Add project scope to the settings (#1566)

rustam-gamidov-here · web-flow · commit b1e42c58e7e2 · 2024-12-02T17:15:12.000+02:00
It is attached to the token request and can be used on server side
in the authentication process.

Relates-To: DATASDK-8

Signed-off-by: Rustam Gamidov &lt;ext-rustam.gamidov@here.com&gt;
diff --git a/olp-cpp-sdk-authentication/include/olp/authentication/Settings.h b/olp-cpp-sdk-authentication/include/olp/authentication/Settings.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019-2023 HERE Europe B.V.
+ * Copyright (C) 2019-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -104,6 +104,11 @@ struct AUTHENTICATION_API Settings {
    * treated.
    */
   client::RetrySettings retry_settings;
+
+  /**
+   * @brief (Optional) The scope to be assigned to an access token requests.
+   */
+  boost::optional<std::string> scope;
 };
 
 }  // namespace authentication
diff --git a/olp-cpp-sdk-authentication/include/olp/authentication/TokenResult.h b/olp-cpp-sdk-authentication/include/olp/authentication/TokenResult.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019-2023 HERE Europe B.V.
+ * Copyright (C) 2019-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 
 #pragma once
 
+#include <boost/optional.hpp>
 #include <chrono>
 #include <ctime>
 #include <string>
@@ -43,16 +44,20 @@ class AUTHENTICATION_API TokenResult {
    * @param access_token The access token issued by the authorization server.
    * @param expiry_time The Epoch time when the token expires, or -1 if
    * the token is invalid.
+   * @param scope The scope assigned to the access token.
    */
-  TokenResult(std::string access_token, time_t expiry_time);
+  TokenResult(std::string access_token, time_t expiry_time,
+              boost::optional<std::string> scope);
 
   /**
    * @brief Creates the `TokenResult` instance.
    *
    * @param access_token The access token issued by the authorization server.
    * @param expires_in The expiry time of the access token.
+   * @param scop The scope assigned to the access token.
    */
-  TokenResult(std::string access_token, std::chrono::seconds expires_in);
+  TokenResult(std::string access_token, std::chrono::seconds expires_in,
+              boost::optional<std::string> scope);
   /**
    * @brief Creates the default `TokenResult` instance.
    */
@@ -81,10 +86,19 @@ class AUTHENTICATION_API TokenResult {
    */
   std::chrono::seconds GetExpiresIn() const;
 
+  /**
+   * @brief Gets the scope that is assigned to the access token.
+   *
+   * @return The optional string that contains the scope assigned to the access
+   * token.
+   */
+  const boost::optional<std::string>& GetScope() const;
+
  private:
   std::string access_token_;
   time_t expiry_time_{};
   std::chrono::seconds expires_in_{};
+  boost::optional<std::string> scope_;
 };
 
 }  // namespace authentication
diff --git a/olp-cpp-sdk-authentication/src/TokenEndpointImpl.cpp b/olp-cpp-sdk-authentication/src/TokenEndpointImpl.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2021-2023 HERE Europe B.V.
+ * Copyright (C) 2021-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,7 +19,9 @@
 
 #include "TokenEndpointImpl.h"
 
+#include <memory>
 #include <thread>
+#include <utility>
 
 #include <olp/authentication/SignInResult.h>
 #include <olp/core/http/HttpStatusCode.h>
@@ -52,6 +54,7 @@ constexpr auto kGrantType = "grantType";
 constexpr auto kClientGrantType = "client_credentials";
 constexpr auto kLogTag = "TokenEndpointImpl";
 constexpr auto kErrorWrongTimestamp = 401204;
+constexpr auto kScope = "scope";
 
 std::string GetBasePath(const std::string& base_string) {
   // Remove /oauth2/token from url to make sure only the base url is used
@@ -125,7 +128,8 @@ std::string GenerateUid() {
 }
 
 client::OlpClient::RequestBodyType GenerateClientBody(
-    const TokenRequest& token_request) {
+    const TokenRequest& token_request,
+    const boost::optional<std::string>& scope) {
   rapidjson::StringBuffer data;
   rapidjson::Writer<rapidjson::StringBuffer> writer(data);
   writer.StartObject();
@@ -140,6 +144,11 @@ client::OlpClient::RequestBodyType GenerateClientBody(
     writer.Uint(expires_in);
   }
 
+  if (scope) {
+    writer.Key(kScope);
+    writer.String(scope.get().c_str());
+  }
+
   writer.EndObject();
   auto content = data.GetString();
   return std::make_shared<RequestBodyData>(content, content + data.GetSize());
@@ -177,13 +186,15 @@ TimeResponse GetTimeFromServer(client::CancellationContext& context,
 
 TokenEndpointImpl::TokenEndpointImpl(Settings settings)
     : credentials_(std::move(settings.credentials)),
+      scope_(std::move(settings.scope)),
       settings_(ConvertSettings(std::move(settings))),
       auth_client_(settings_) {}
 
 client::CancellationToken TokenEndpointImpl::RequestToken(
     const TokenRequest& token_request, const RequestTokenCallback& callback) {
   AuthenticationClient::SignInProperties properties;
   properties.expires_in = token_request.GetExpiresIn();
+  properties.scope = scope_;
   return auth_client_.SignInClient(
       credentials_, properties,
       [callback](
@@ -200,8 +211,10 @@ client::CancellationToken TokenEndpointImpl::RequestToken(
           return;
         }
 
-        callback(TokenResult{sign_in_result.GetAccessToken(),
-                             sign_in_result.GetExpiresIn()});
+        callback(TokenResult{
+            sign_in_result.GetAccessToken(), sign_in_result.GetExpiresIn(),
+            sign_in_result.GetScope().empty() ? boost::optional<std::string>{}
+                                              : sign_in_result.GetScope()});
       });
 }
 
@@ -236,8 +249,10 @@ TokenResponse TokenEndpointImpl::RequestToken(
     return client::ApiError{sign_in_result.GetStatus(), std::move(message)};
   }
 
-  return TokenResult{sign_in_result.GetAccessToken(),
-                     sign_in_result.GetExpiresIn()};
+  return TokenResult{
+      sign_in_result.GetAccessToken(), sign_in_result.GetExpiresIn(),
+      sign_in_result.GetScope().empty() ? boost::optional<std::string>{}
+                                        : sign_in_result.GetScope()};
 }
 
 SignInResponse TokenEndpointImpl::SignInClient(
@@ -255,7 +270,7 @@ SignInResponse TokenEndpointImpl::SignInClient(
 
   RequestTimer timer = CreateRequestTimer(client, context);
 
-  const auto request_body = GenerateClientBody(token_request);
+  const auto request_body = GenerateClientBody(token_request, scope_);
 
   SignInResult response;
 
diff --git a/olp-cpp-sdk-authentication/src/TokenEndpointImpl.h b/olp-cpp-sdk-authentication/src/TokenEndpointImpl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2021 HERE Europe B.V.
+ * Copyright (C) 2021-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,9 @@
 
 #pragma once
 
+#include <boost/optional.hpp>
+#include <string>
+
 #include <olp/authentication/AuthenticationClient.h>
 #include <olp/authentication/AuthenticationCredentials.h>
 #include <olp/authentication/AuthenticationSettings.h>
@@ -87,6 +90,7 @@ class TokenEndpointImpl {
                                   client::CancellationContext& context) const;
 
   const AuthenticationCredentials credentials_;
+  const boost::optional<std::string> scope_;
   const AuthenticationSettings settings_;
   AuthenticationClient auth_client_;
 };
diff --git a/olp-cpp-sdk-authentication/src/TokenResult.cpp b/olp-cpp-sdk-authentication/src/TokenResult.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019-2023 HERE Europe B.V.
+ * Copyright (C) 2019-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,16 +21,22 @@
 
 namespace olp {
 namespace authentication {
-TokenResult::TokenResult(std::string access_token, time_t expiry_time)
-    : access_token_(std::move(access_token)), expiry_time_(expiry_time) {
+TokenResult::TokenResult(std::string access_token, time_t expiry_time,
+                         boost::optional<std::string> scope)
+    : access_token_(std::move(access_token)),
+      expiry_time_(expiry_time),
+      scope_(std::move(scope)) {
   const auto now = std::time(nullptr);
   expires_in_ =
       std::chrono::seconds(expiry_time_ > now ? (expiry_time_ - now) : 0);
 }
 
 TokenResult::TokenResult(std::string access_token,
-                         std::chrono::seconds expires_in)
-    : access_token_(std::move(access_token)), expires_in_(expires_in) {
+                         std::chrono::seconds expires_in,
+                         boost::optional<std::string> scope)
+    : access_token_(std::move(access_token)),
+      expires_in_(expires_in),
+      scope_(std::move(scope)) {
   expiry_time_ = std::time(nullptr) + expires_in_.count();
 }
 
@@ -40,5 +46,9 @@ time_t TokenResult::GetExpiryTime() const { return expiry_time_; }
 
 std::chrono::seconds TokenResult::GetExpiresIn() const { return expires_in_; }
 
+const boost::optional<std::string>& TokenResult::GetScope() const {
+  return scope_;
+}
+
 }  // namespace authentication
 }  // namespace olp
diff --git a/tests/common/matchers/NetworkUrlMatchers.h b/tests/common/matchers/NetworkUrlMatchers.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019-2021 HERE Europe B.V.
+ * Copyright (C) 2019-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -93,6 +93,13 @@ MATCHER_P(BodyEq, expected_body, "") {
              : expected_body_str.empty();
 }
 
+MATCHER_P(BodyContains, expected_substring, "") {
+  const std::string sstr(expected_substring);
+  const auto& body = arg.GetBody();
+  return std::search(body->cbegin(), body->cend(), sstr.cbegin(),
+                     sstr.cend()) != body->cend();
+}
+
 MATCHER_P(HeadersContain, expected_header, "") {
   const auto& headers = arg.GetHeaders();
   return std::find(headers.begin(), headers.end(), expected_header) !=
diff --git a/tests/integration/olp-cpp-sdk-authentication/AuthenticationClientTest.cpp b/tests/integration/olp-cpp-sdk-authentication/AuthenticationClientTest.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019-2022 HERE Europe B.V.
+ * Copyright (C) 2019-2024 HERE Europe B.V.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -410,7 +410,10 @@ TEST_F(AuthenticationClientTest, SignInClientUseWrongLocalTime) {
 TEST_F(AuthenticationClientTest, SignInClientScope) {
   ExpectTimestampRequest(*network_);
 
-  EXPECT_CALL(*network_, Send(IsPostRequest(kRequestAuth), _, _, _, _))
+  EXPECT_CALL(*network_,
+              Send(testing::AllOf(IsPostRequest(kRequestAuth),
+                                  BodyContains("\"scope\":\"scope\"")),
+                   _, _, _, _))
       .WillOnce(ReturnHttpResponse(GetResponse(http::HttpStatusCode::OK),
                                    kResponseWithScope));
 
diff --git a/tests/integration/olp-cpp-sdk-authentication/TokenEndpointTest.cpp b/tests/integration/olp-cpp-sdk-authentication/TokenEndpointTest.cpp
