Merge pull request #52 from quarkiverse/kogito-6970

Add support to OAuth2

Author: fjtirado

README.md

@@ -6,7 +6,8 @@
 
 Quarkus' extension for generation of [Rest Clients](https://quarkus.io/guides/rest-client) based on OpenAPI specification files.
 
-This extension is based on the [OpenAPI Generator Tool](https://openapi-generator.tech/).
+This extension is based on the [OpenAPI Generator Tool](https://openapi-generator.tech/). Please consider donation to help them maintain the
+project: https://opencollective.com/openapi_generator/donate
 
 ## Getting Started
 
@@ -158,6 +159,58 @@ Similarly to bearer token, the API Key Authentication also has the token entry k
 
 The API Key scheme has an additional property that requires where to add the API key in the request token: header, cookie or query. The inner provider takes care of that for you.
 
+### OAuth2 Authentication
+
+The extension will generate a `ClientRequestFilter` capable to add OAuth2 authentication capabilities to the OpenAPI operations that require it. This means that you can use
+the [Quarkus OIDC Extension](https://quarkus.io/guides/security-openid-connect-client) configuration to define your authentication flow.
+
+The generated code creates a named `OidcClient` for each [Security Scheme](https://spec.openapis.org/oas/v3.1.0#security-scheme-object) listed in the OpenAPI specification files. For example, given
+the following excerpt:
+
+```json
+{
+  "securitySchemes": {
+    "petstore_auth": {
+      "type": "oauth2",
+      "flows": {
+        "implicit": {
+          "authorizationUrl": "https://petstore3.swagger.io/oauth/authorize",
+          "scopes": {
+            "write:pets": "modify pets in your account",
+            "read:pets": "read your pets"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+You can configure this `OidcClient` as:
+
+```properties
+quarkus.oidc-client.petstore_auth.auth-server-url=https://petstore3.swagger.io/oauth/authorize
+quarkus.oidc-client.petstore_auth.discovery-enabled=false
+quarkus.oidc-client.petstore_auth.token-path=/tokens
+quarkus.oidc-client.petstore_auth.credentials.secret=secret
+quarkus.oidc-client.petstore_auth.grant.type=password
+quarkus.oidc-client.petstore_auth.grant-options.password.username=alice
+quarkus.oidc-client.petstore_auth.grant-options.password.password=alice
+quarkus.oidc-client.petstore_auth.client-id=petstore-app
+```
+
+The configuration suffix `quarkus.oidc-client.petstore_auth` is exclusive for the schema defined in the specification file.
+
+For this to work you **must** add [Quarkus OIDC Client Filter Extension](https://quarkus.io/guides/security-openid-connect-client#oidc-client-filter) to your project:
+
+````xml
+
+<dependency>
+  <groupId>io.quarkus</groupId>
+  <artifactId>quarkus-oidc-client-filter</artifactId>
+</dependency>
+````
+
 ## Circuit Breaker
 
 You can define the [CircuitBreaker annotation from MicroProfile Fault Tolerance](https://microprofile.io/project/eclipse/microprofile-fault-tolerance/spec/src/main/asciidoc/circuitbreaker.asciidoc)
@@ -357,7 +410,8 @@ to `application/json`.
 
 ## Generating files via InputStream
 
-Having the files in the `src/main/openapi` directory will generate the REST stubs by default. Alternatively, you can implement the `io.quarkiverse.openapi.generator.deployment.codegen.OpenApiSpecInputProvider`
+Having the files in the `src/main/openapi` directory will generate the REST stubs by default. Alternatively, you can implement
+the `io.quarkiverse.openapi.generator.deployment.codegen.OpenApiSpecInputProvider`
 interface to provide a list of `InputStream`s of OpenAPI specification files. This is useful in scenarios where you want to dynamically generate the client code without having the target spec file
 saved locally in your project.
 
@@ -374,7 +428,6 @@ Use the property key `<base_package>.model.MyClass.generateDeprecated=false` to
 
 These are the known limitations of this pre-release version:
 
-- No OAuth2 support
 - No reactive support
 - Only Jackson support
 

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/SpecConfig.java

@@ -1,16 +1,36 @@
 package io.quarkiverse.openapi.generator.deployment;
 
 import java.nio.file.Path;
+import java.util.Collections;
+import java.util.Map;
 
+import io.quarkus.runtime.annotations.ConfigGroup;
+import io.quarkus.runtime.annotations.ConfigItem;
+import io.quarkus.runtime.annotations.ConfigRoot;
+
+// This configuration is read in codegen phase (before build time), the annotation is for document purposes and avoiding quarkus warns
+@ConfigGroup
+@ConfigRoot(prefix = SpecConfig.BUILD_TIME_CONFIG_PREFIX)
 public class SpecConfig {
 
-    private static final String BUILD_TIME_CONFIG_PREFIX = "quarkus.openapi-generator.codegen";
+    public static final String BUILD_TIME_CONFIG_PREFIX = "quarkus.openapi-generator.codegen";
     public static final String API_PKG_SUFFIX = ".api";
     public static final String MODEL_PKG_SUFFIX = ".model";
-    public static final String BUILD_TIME_SPEC_PREFIX_FORMAT = BUILD_TIME_CONFIG_PREFIX + ".spec.\"%s\"";
+    // package visibility for unit tests
+    static final String BUILD_TIME_SPEC_PREFIX_FORMAT = BUILD_TIME_CONFIG_PREFIX + ".spec.\"%s\"";
     private static final String BASE_PACKAGE_PROP_FORMAT = "%s.base-package";
     private static final String SKIP_FORM_MODEL_PROP_FORMAT = "%s.skip-form-model";
 
+    /**
+     * OpenAPI Spec details for codegen configuration.
+     */
+    @ConfigItem(name = "spec")
+    Map<String, SpecItemConfig> specItem;
+
+    public Map<String, SpecItemConfig> getSpecItem() {
+        return Collections.unmodifiableMap(specItem);
+    }
+
     public static String resolveApiPackage(final String basePackage) {
         return String.format("%s%s", basePackage, API_PKG_SUFFIX);
     }

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/SpecItemConfig.java

@@ -0,0 +1,14 @@
+package io.quarkiverse.openapi.generator.deployment;
+
+// Configuration class for documentation purposes
+import io.quarkus.runtime.annotations.ConfigItem;
+
+public class SpecItemConfig {
+
+    /**
+     * Base package for where the generated code for the given OpenAPI specification will be added.
+     */
+    @ConfigItem
+    String basePackage;
+
+}

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/codegen/ModelCodegenConfigParser.java

@@ -20,9 +20,7 @@ public static Map<String, Object> parse(final Config config, final String basePa
         final List<String> modelProperties = filterModelPropertyNames(config.getPropertyNames(),
                 resolveModelPackage(basePackage));
         final Map<String, Object> modelConfig = new HashMap<>();
-        modelProperties.forEach(m -> {
-            modelConfig.put(m, config.getValue(m, String.class));
-        });
+        modelProperties.forEach(m -> modelConfig.put(m, config.getValue(m, String.class)));
         return modelConfig;
     }
 

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/QuarkusJavaClientCodegen.java

@@ -37,10 +37,10 @@ public void processOpts() {
     private void replaceWithQuarkusTemplateFiles() {
         supportingFiles.clear();
 
-        // TODO: add others as we go
         if (ProcessUtils.hasHttpBasicMethods(this.openAPI) ||
                 ProcessUtils.hasApiKeyMethods(this.openAPI) ||
-                ProcessUtils.hasHttpBearerMethods(this.openAPI)) {
+                ProcessUtils.hasHttpBearerMethods(this.openAPI) ||
+                ProcessUtils.hasOAuthMethods(this.openAPI)) {
             supportingFiles.add(
                     new SupportingFile("auth/compositeAuthenticationProvider.qute",
                             authFileFolder(),

deployment/src/main/resources/templates/auth/compositeAuthenticationProvider.qute

@@ -15,7 +15,11 @@ import io.quarkiverse.openapi.generator.providers.ApiKeyIn;
 {#if hasHttpBearerMethods}
 import io.quarkiverse.openapi.generator.providers.BearerAuthenticationProvider;
 {/if}
+{#if hasOAuthMethods}
+import io.quarkiverse.openapi.generator.providers.OAuth2AuthenticationProvider;
+{/if}
 import io.quarkiverse.openapi.generator.providers.AbstractCompositeAuthenticationProvider;
+import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
 
 @Priority(Priorities.AUTHENTICATION)
 public class CompositeAuthenticationProvider extends AbstractCompositeAuthenticationProvider {
@@ -25,17 +29,114 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
 
     @PostConstruct
     public void init() {
-        {#for auth in httpBasicMethods.orEmpty}this.addAuthenticationProvider(new BasicAuthenticationProvider("{auth.name}", authConfig));{/for}
-        {#for auth in httpBearerMethods.orEmpty}this.addAuthenticationProvider(new BearerAuthenticationProvider("{auth.name}", "{auth.scheme}", authConfig));{/for}
+        {#for auth in httpBasicMethods.orEmpty}
+        this.addAuthenticationProvider(new BasicAuthenticationProvider("{auth.name}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
+        {#for auth in oauthMethods.orEmpty}
+        this.addAuthenticationProvider(new OAuth2AuthenticationProvider("{auth.name}")
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
+        {#for auth in httpBearerMethods.orEmpty}
+        this.addAuthenticationProvider(new BearerAuthenticationProvider("{auth.name}", "{auth.scheme}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
         {#for auth in apiKeyMethods.orEmpty}
         {#if auth.isKeyInQuery}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.query, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.query, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {#if auth.isKeyInHeader}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.header, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.header, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {#if auth.isKeyInCookie}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.cookie, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.cookie, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {/for}
     }

deployment/src/test/java/io/quarkiverse/openapi/generator/deployment/wrapper/OpenApiClientGeneratorWrapperTest.java

@@ -154,14 +154,6 @@ void checkAnnotations() throws URISyntaxException, FileNotFoundException {
                 .forEach(m -> assertThat(m).doesNotHaveCircuitBreakerAnnotation());
     }
 
-    private List<File> generateRestClientFiles() throws URISyntaxException {
-        OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("simple-openapi.json")
-                .withCircuitBreakerConfiguration(Map.of(
-                        "org.openapitools.client.api.DefaultApi", List.of("opThatDoesNotExist", "byeGet")));
-
-        return generatorWrapper.generate();
-    }
-
     @Test
     void verifyMultipartFormAnnotationIsGeneratedForParameter() throws URISyntaxException, FileNotFoundException {
         List<File> generatedFiles = createGeneratorWrapper("multipart-openapi.yml")
@@ -216,6 +208,14 @@ void verifyMultipartPojoGeneratedAndFieldsHaveAnnotations() throws URISyntaxExce
         });
     }
 
+    private List<File> generateRestClientFiles() throws URISyntaxException {
+        OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("simple-openapi.json")
+                .withCircuitBreakerConfiguration(Map.of(
+                        "org.openapitools.client.api.DefaultApi", List.of("opThatDoesNotExist", "byeGet")));
+
+        return generatorWrapper.generate();
+    }
+
     private OpenApiClientGeneratorWrapper createGeneratorWrapper(String specFileName) throws URISyntaxException {
         final Path openApiSpec = Path
                 .of(requireNonNull(this.getClass().getResource(String.format("/openapi/%s", specFileName))).toURI());

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/MultipartTest.java

@@ -39,7 +39,7 @@ public class MultipartTest {
 
     @RestClient
     @Inject
-    private UserProfileDataApi userProfileDataApi;
+    UserProfileDataApi userProfileDataApi;
 
     @Test
     public void testUploadMultipartFormdata(@TempDir Path tempDir) throws IOException {

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/OpenWeatherTest.java

@@ -1,6 +1,7 @@
 package io.quarkiverse.openapi.generator.it;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 import javax.inject.Inject;
 
@@ -26,6 +27,9 @@ public class OpenWeatherTest {
     @ConfigProperty(name = "org.acme.openapi.weather.security.auth.app_id/api-key")
     String apiKey;
 
+    @ConfigProperty(name = "org.acme.openapi.weather.api.CurrentWeatherDataApi/mp-rest/url")
+    String weatherUrl;
+
     @RestClient
     @Inject
     CurrentWeatherDataApi weatherApi;
@@ -34,8 +38,9 @@ public class OpenWeatherTest {
     public void testGetWeatherByLatLon() {
         final Model200 model = weatherApi.currentWeatherData("", "", "10", "-10", "", "", "", "");
         assertEquals("Nowhere", model.getName());
+        assertNotNull(weatherUrl);
         openWeatherServer.verify(WireMock.getRequestedFor(
-                WireMock.urlEqualTo("/weather?q=&id=&lat=10&lon=-10&zip=&units=&lang=&mode=&appid=" + apiKey)));
+                WireMock.urlEqualTo("/data/2.5/weather?q=&id=&lat=10&lon=-10&zip=&units=&lang=&mode=&appid=" + apiKey)));
     }
 
 }

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/WiremockOpenWeather.java

@@ -20,14 +20,14 @@ public Map<String, String> start() {
         wireMockServer = new WireMockServer(8888);
         wireMockServer.start();
 
-        wireMockServer.stubFor(get(urlPathEqualTo("/weather"))
+        wireMockServer.stubFor(get(urlPathEqualTo("/data/2.5/weather"))
                 .willReturn(aResponse()
                         .withStatus(200)
                         .withHeader("Content-Type", "application/json")
                         .withBody(
                                 "{\"name\": \"Nowhere\"}")));
         return Collections.singletonMap("org.acme.openapi.weather.api.CurrentWeatherDataApi/mp-rest/url",
-                wireMockServer.baseUrl());
+                wireMockServer.baseUrl().concat("/data/2.5"));
     }
 
     @Override