Fix #1191 - refactor CredentialsProvider return type (#1192)

* Fix #1191 - refactor CredentialsProvider return type

* Apply feedback

Signed-off-by: gabriel-farache <[email protected]>

* Better log message for oauth2 provider

Signed-off-by: gabriel-farache <[email protected]>

---------

Signed-off-by: gabriel-farache <[email protected]>

Author: gabriel-farache

client/integration-tests/auth-provider/src/main/java/io/quarkiverse/openapi/generator/it/auth/provider/CustomCredentialsProvider.java

@@ -1,5 +1,7 @@
 package io.quarkiverse.openapi.generator.it.auth.provider;
 
+import java.util.Optional;
+
 import jakarta.annotation.Priority;
 import jakarta.enterprise.context.Dependent;
 import jakarta.enterprise.inject.Alternative;
@@ -11,18 +13,18 @@
 @Dependent
 @Alternative
 @Specializes
-@Priority(200)
+@Priority(201)
 public class CustomCredentialsProvider extends ConfigCredentialsProvider {
     public CustomCredentialsProvider() {
     }
 
     @Override
-    public String getBearerToken(CredentialsContext input) {
-        return super.getBearerToken(input) + "_TEST";
+    public Optional<String> getBearerToken(CredentialsContext input) {
+        return Optional.of("BEARER_TOKEN_TEST");
     }
 
     @Override
-    public String getOauth2BearerToken(CredentialsContext input) {
-        return super.getOauth2BearerToken(input) + "_TEST";
+    public Optional<String> getOauth2BearerToken(CredentialsContext input) {
+        return Optional.of("KEYCLOAK_ACCESS_TOKEN_TEST");
     }
 }

client/integration-tests/override-credential-provider/src/main/java/io/quarkiverse/openapi/generator/it/creds/CustomCredentialsProvider.java

@@ -1,5 +1,7 @@
 package io.quarkiverse.openapi.generator.it.creds;
 
+import java.util.Optional;
+
 import jakarta.annotation.Priority;
 import jakarta.enterprise.context.Dependent;
 import jakarta.enterprise.inject.Alternative;
@@ -19,8 +21,8 @@ public class CustomCredentialsProvider extends ConfigCredentialsProvider {
     public static String TOKEN = "FIXED_TEST_TOKEN";
 
     @Override
-    public String getBearerToken(CredentialsContext input) {
+    public Optional<String> getBearerToken(CredentialsContext input) {
         LOGGER.info("========> getBearerToken from CustomCredentialsProvider");
-        return TOKEN;
+        return Optional.of(TOKEN);
     }
-}
+}

client/oidc/src/main/java/io/quarkiverse/openapi/generator/oidc/providers/OAuth2AuthenticationProvider.java

@@ -4,8 +4,10 @@
 
 import java.io.IOException;
 import java.util.List;
+import java.util.Optional;
 
 import jakarta.ws.rs.client.ClientRequestContext;
+import jakarta.ws.rs.core.HttpHeaders;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -32,27 +34,38 @@ public OAuth2AuthenticationProvider(String name,
 
     @Override
     public void filter(ClientRequestContext requestContext) throws IOException {
-        String bearerToken;
+        String bearerToken = "";
 
         if (this.isTokenPropagation()) {
             bearerToken = this.getTokenForPropagation(requestContext.getHeaders());
+            if (isEmptyOrBlank(bearerToken)) {
+                LOGGER.debug(
+                        "Token propagation for OAUTH2 is enabled but the configured propagation header defined by {} is not present",
+                        getHeaderForPropagation(getOpenApiSpecId(), getName()));
+            }
         } else {
-            delegate.filter(requestContext);
-            bearerToken = this.getCredentialsProvider().getOauth2BearerToken(CredentialsContext.builder()
-                    .requestContext(requestContext)
-                    .openApiSpecId(getOpenApiSpecId())
-                    .authName(getName())
-                    .build());
+            Optional<String> optionalBearerToken = this.getCredentialsProvider()
+                    .getOauth2BearerToken(CredentialsContext.builder()
+                            .requestContext(requestContext)
+                            .openApiSpecId(getOpenApiSpecId())
+                            .authName(getName())
+                            .build());
+            if (optionalBearerToken.isPresent()) {
+                bearerToken = optionalBearerToken.get();
+                if (isEmptyOrBlank(bearerToken)) {
+                    LOGGER.debug("The CredentialProvider implementation returned an empty OAUTH2 bearer");
+                }
+            } else {
+                LOGGER.debug(
+                        "There is no custom CredentialProvider implementation, the {} header will be set using delegate's filter. ",
+                        HttpHeaders.AUTHORIZATION);
+                delegate.filter(requestContext);
+            }
         }
 
         if (!isEmptyOrBlank(bearerToken)) {
             addAuthorizationHeader(requestContext.getHeaders(),
                     AuthUtils.authTokenOrBearer("Bearer", AbstractAuthProvider.sanitizeBearerToken(bearerToken)));
-        } else {
-            LOGGER.debug("No bearer token was found for the oauth2 security scheme: {}." +
-                    " You must verify that a Quarkus OIDC Client with the name: {} is properly configured," +
-                    " or the request header: {} is set when the token propagation is enabled.",
-                    getName(), getName(), getHeaderForPropagation(getOpenApiSpecId(), getName()));
         }
     }
 

client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProvider.java

@@ -11,6 +11,8 @@
 import jakarta.ws.rs.core.UriBuilder;
 
 import org.eclipse.microprofile.config.ConfigProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import io.quarkiverse.openapi.generator.OpenApiGeneratorException;
 
@@ -23,6 +25,8 @@ public class ApiKeyAuthenticationProvider extends AbstractAuthProvider {
     private final ApiKeyIn apiKeyIn;
     private final String apiKeyName;
 
+    private static final Logger LOGGER = LoggerFactory.getLogger(ApiKeyAuthenticationProvider.class);
+
     public ApiKeyAuthenticationProvider(final String openApiSpecId, final String name, final ApiKeyIn apiKeyIn,
             final String apiKeyName, List<OperationAuthInfo> operations, CredentialsProvider credentialsProvider) {
         super(name, openApiSpecId, operations, credentialsProvider);
@@ -54,11 +58,20 @@ && isUseAuthorizationHeaderValue()) {
     }
 
     private String getApiKey(ClientRequestContext requestContext) {
-        return credentialsProvider.getApiKey(CredentialsContext.builder()
+        final String key = credentialsProvider.getApiKey(CredentialsContext.builder()
                 .requestContext(requestContext)
                 .openApiSpecId(getOpenApiSpecId())
                 .authName(getName())
-                .build());
+                .build()).orElse("");
+
+        if (key.isEmpty()) {
+            LOGGER.warn("configured {} property (see application.properties) is empty. hint: configure it.",
+                    AbstractAuthProvider.getCanonicalAuthConfigPropertyName(ConfigCredentialsProvider.API_KEY,
+                            getOpenApiSpecId(),
+                            getName()));
+        }
+
+        return key;
     }
 
     private boolean isUseAuthorizationHeaderValue() {

client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/BasicAuthenticationProvider.java

@@ -29,15 +29,15 @@ private String getUsername(ClientRequestContext requestContext) {
                 .requestContext(requestContext)
                 .openApiSpecId(getOpenApiSpecId())
                 .authName(getName())
-                .build());
+                .build()).orElse("");
     }
 
     private String getPassword(ClientRequestContext requestContext) {
         return credentialsProvider.getBasicPassword(CredentialsContext.builder()
                 .requestContext(requestContext)
                 .openApiSpecId(getOpenApiSpecId())
                 .authName(getName())
-                .build());
+                .build()).orElse("");
     }
 
     @Override

client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/BearerAuthenticationProvider.java

@@ -51,6 +51,6 @@ private String getBearerToken(ClientRequestContext requestContext) {
                 .requestContext(requestContext)
                 .openApiSpecId(getOpenApiSpecId())
                 .authName(getName())
-                .build());
+                .build()).orElse("");
     }
 }

client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ConfigCredentialsProvider.java

@@ -1,9 +1,10 @@
 package io.quarkiverse.openapi.generator.providers;
 
+import java.util.Optional;
+
 import jakarta.annotation.Priority;
 import jakarta.enterprise.context.Dependent;
 import jakarta.enterprise.inject.Alternative;
-import jakarta.ws.rs.core.HttpHeaders;
 
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.slf4j.Logger;
@@ -26,53 +27,44 @@ public ConfigCredentialsProvider() {
     }
 
     @Override
-    public String getApiKey(CredentialsContext input) {
-        final String key = ConfigProvider.getConfig()
+    public Optional<String> getApiKey(CredentialsContext input) {
+        return ConfigProvider.getConfig()
                 .getOptionalValue(
                         AbstractAuthProvider.getCanonicalAuthConfigPropertyName(API_KEY, input.getOpenApiSpecId(),
                                 input.getAuthName()),
-                        String.class)
-                .orElse("");
-        if (key.isEmpty()) {
-            LOGGER.warn("configured {} property (see application.properties) is empty. hint: configure it.",
-                    AbstractAuthProvider.getCanonicalAuthConfigPropertyName(API_KEY, input.getOpenApiSpecId(),
-                            input.getAuthName()));
-        }
-        return key;
+                        String.class);
+
     }
 
     @Override
-    public String getBasicUsername(CredentialsContext input) {
+    public Optional<String> getBasicUsername(CredentialsContext input) {
         return ConfigProvider.getConfig()
                 .getOptionalValue(
                         AbstractAuthProvider.getCanonicalAuthConfigPropertyName(USER_NAME, input.getOpenApiSpecId(),
                                 input.getAuthName()),
-                        String.class)
-                .orElse("");
+                        String.class);
     }
 
     @Override
-    public String getBasicPassword(CredentialsContext input) {
+    public Optional<String> getBasicPassword(CredentialsContext input) {
         return ConfigProvider.getConfig()
                 .getOptionalValue(
                         AbstractAuthProvider.getCanonicalAuthConfigPropertyName(PASSWORD, input.getOpenApiSpecId(),
                                 input.getAuthName()),
-                        String.class)
-                .orElse("");
+                        String.class);
     }
 
     @Override
-    public String getBearerToken(CredentialsContext input) {
+    public Optional<String> getBearerToken(CredentialsContext input) {
         return ConfigProvider.getConfig()
                 .getOptionalValue(
                         AbstractAuthProvider.getCanonicalAuthConfigPropertyName(BEARER_TOKEN, input.getOpenApiSpecId(),
                                 input.getAuthName()),
-                        String.class)
-                .orElse("");
+                        String.class);
     }
 
     @Override
-    public String getOauth2BearerToken(CredentialsContext input) {
-        return input.getRequestContext().getHeaderString(HttpHeaders.AUTHORIZATION);
+    public Optional<String> getOauth2BearerToken(CredentialsContext input) {
+        return Optional.empty();
     }
 }

client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/CredentialsProvider.java

@@ -1,5 +1,7 @@
 package io.quarkiverse.openapi.generator.providers;
 
+import java.util.Optional;
+
 /**
  * Provider for security credentials. Clients can implement this interface to control how to provide security credentials in
  * runtime.
@@ -13,37 +15,37 @@ public interface CredentialsProvider {
      * @param input the input data available to the method
      * @return the API Key to use when filtering the request
      */
-    String getApiKey(CredentialsContext input);
+    Optional<String> getApiKey(CredentialsContext input);
 
     /**
      * Gets the username given the OpenAPI definition and security schema
      *
      * @param input the input data available to the method
      * @return the username to use when filtering the request
      */
-    String getBasicUsername(CredentialsContext input);
+    Optional<String> getBasicUsername(CredentialsContext input);
 
     /**
      * Gets the password given the OpenAPI definition and security schema
      *
      * @param input the input data available to the method
      * @return the password to use when filtering the request
      */
-    String getBasicPassword(CredentialsContext input);
+    Optional<String> getBasicPassword(CredentialsContext input);
 
     /**
      * Gets the Bearer Token given the OpenAPI definition and security schema
      *
      * @param input the input data available to the method
      * @return the Bearer Token to use when filtering the request
      */
-    String getBearerToken(CredentialsContext input);
+    Optional<String> getBearerToken(CredentialsContext input);
 
     /**
      * Gets the OAuth2 Bearer Token given the OpenAPI definition and security schema
      *
      * @param input the input data available to the method
      * @return the Bearer Token to use when filtering the request
      */
-    String getOauth2BearerToken(CredentialsContext input);
+    Optional<String> getOauth2BearerToken(CredentialsContext input);
 }