Fix #1127 - Use CredentialProvider in OAuth2 provider (#1126)

* Use CredentialProvider in OAUTH2 provider and update data structure for
CrendentialProvider

Signed-off-by: gabriel-farache <[email protected]>

* Fix Custom auth provider doc

Signed-off-by: gabriel-farache <[email protected]>

---------

Signed-off-by: gabriel-farache <[email protected]>

Author: gabriel-farache

client/deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/GeneratorProcessor.java

@@ -174,6 +174,7 @@ void produceOauthAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
                     .annotation(OpenApiSpec.class)
                     .addValue("openApiSpecId", openApiSpecId)
                     .done()
+                    .addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
                     .addInjectionPoint(ClassType.create(OAuth2AuthenticationProvider.OidcClientRequestFilterDelegate.class),
                             AnnotationInstance.builder(OidcClient.class).add("name", sanitizeAuthName(name)).build())
                     .addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))

client/integration-tests/auth-provider/pom.xml

@@ -0,0 +1,124 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <parent>
+    <artifactId>quarkus-openapi-generator-integration-tests</artifactId>
+    <groupId>io.quarkiverse.openapi.generator</groupId>
+    <version>3.0.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+
+  <artifactId>quarkus-openapi-generator-it-auth-provider</artifactId>
+  <name>Quarkus - OpenAPI Generator - Integration Tests - Client - Auth Provider</name>
+  <description>A few use cases that relies on authentication provider use cases with the OpenAPI Generator</description>
+
+  <dependencies>
+    <dependency>
+      <groupId>io.quarkiverse.openapi.generator</groupId>
+      <artifactId>quarkus-openapi-generator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.quarkiverse.openapi.generator</groupId>
+      <artifactId>quarkus-openapi-generator-oidc</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-junit5</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.wiremock</groupId>
+      <artifactId>wiremock</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>io.rest-assured</groupId>
+      <artifactId>rest-assured</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>io.quarkus</groupId>
+        <artifactId>quarkus-maven-plugin</artifactId>
+        <extensions>true</extensions>
+        <executions>
+          <execution>
+            <goals>
+              <goal>build</goal>
+              <goal>generate-code</goal>
+              <goal>generate-code-tests</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+  <profiles>
+    <profile>
+      <id>native-image</id>
+      <activation>
+        <property>
+          <name>native</name>
+        </property>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <artifactId>maven-surefire-plugin</artifactId>
+            <configuration>
+              <skipTests>${native.surefire.skip}</skipTests>
+            </configuration>
+          </plugin>
+          <plugin>
+            <artifactId>maven-failsafe-plugin</artifactId>
+            <executions>
+              <execution>
+                <goals>
+                  <goal>integration-test</goal>
+                  <goal>verify</goal>
+                </goals>
+                <configuration>
+                  <systemPropertyVariables>
+                    <native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
+                    <java.util.logging.manager>org.jboss.logmanager.LogManager</java.util.logging.manager>
+                    <maven.home>${maven.home}</maven.home>
+                  </systemPropertyVariables>
+                </configuration>
+              </execution>
+            </executions>
+          </plugin>
+        </plugins>
+      </build>
+      <properties>
+        <quarkus.package.type>native</quarkus.package.type>
+      </properties>
+    </profile>
+    <profile>
+      <id>resteasy-reactive</id>
+      <dependencies>
+        <dependency>
+          <groupId>io.quarkus</groupId>
+          <artifactId>quarkus-rest-client-oidc-filter</artifactId>
+        </dependency>
+      </dependencies>
+    </profile>
+    <profile>
+      <id>resteasy-classic</id>
+      <activation>
+        <activeByDefault>true</activeByDefault>
+      </activation>
+      <dependencies>
+        <dependency>
+          <groupId>io.quarkus</groupId>
+          <artifactId>quarkus-resteasy-client-oidc-filter</artifactId>
+        </dependency>
+        <dependency>
+          <groupId>io.quarkus</groupId>
+          <artifactId>quarkus-resteasy-multipart</artifactId>
+        </dependency>
+      </dependencies>
+    </profile>
+  </profiles>
+</project>

client/integration-tests/auth-provider/src/main/java/io/quarkiverse/openapi/generator/it/auth/TokenServerResource.java

@@ -0,0 +1,50 @@
+package io.quarkiverse.openapi.generator.it.auth;
+
+import jakarta.ws.rs.POST;
+import jakarta.ws.rs.Path;
+
+import org.eclipse.microprofile.rest.client.inject.RestClient;
+
+@Path("/token_server")
+public class TokenServerResource {
+
+    @RestClient
+    org.acme.externalservice1.api.DefaultApi defaultApi1;
+
+    @RestClient
+    org.acme.externalservice2.api.DefaultApi defaultApi2;
+
+    @RestClient
+    org.acme.externalservice3.api.DefaultApi defaultApi3;
+
+    @RestClient
+    org.acme.externalservice5.api.DefaultApi defaultApi5;
+
+    @POST
+    @Path("service1")
+    public String service1() {
+        defaultApi1.executeQuery1();
+        return "hello";
+    }
+
+    @POST
+    @Path("service2")
+    public String service2() {
+        defaultApi2.executeQuery2();
+        return "hello";
+    }
+
+    @POST
+    @Path("service3")
+    public String service3() {
+        defaultApi3.executeQuery3();
+        return "hello";
+    }
+
+    @POST
+    @Path("service5")
+    public String service5() {
+        defaultApi5.executeQuery5();
+        return "hello";
+    }
+}

client/integration-tests/auth-provider/src/main/java/io/quarkiverse/openapi/generator/it/auth/provider/CustomCredentialsProvider.java

@@ -0,0 +1,27 @@
+package io.quarkiverse.openapi.generator.it.auth.provider;
+
+import jakarta.annotation.Priority;
+import jakarta.enterprise.context.Dependent;
+import jakarta.enterprise.inject.Alternative;
+import jakarta.enterprise.inject.Specializes;
+
+import io.quarkiverse.openapi.generator.providers.ConfigCredentialsProvider;
+
+@Dependent
+@Alternative
+@Specializes
+@Priority(200)
+public class CustomCredentialsProvider extends ConfigCredentialsProvider {
+    public CustomCredentialsProvider() {
+    }
+
+    @Override
+    public String getBearerToken(CredentialsContext input) {
+        return super.getBearerToken(input) + "_TEST";
+    }
+
+    @Override
+    public String getOauth2BearerToken(CredentialsContext input) {
+        return super.getOauth2BearerToken(input) + "_TEST";
+    }
+}

client/integration-tests/auth-provider/src/main/openapi/token-external-service1.yaml

@@ -0,0 +1,19 @@
+---
+openapi: 3.0.3
+info:
+  title: token-external-service1 API
+  version: 3.0.0-SNAPSHOT
+paths:
+  /token-external-service1/executeQuery1:
+    post:
+      operationId: executeQuery1
+      responses:
+        "200":
+          description: OK
+      security:
+        - service1-http-bearer: []
+components:
+  securitySchemes:
+    service1-http-bearer:
+      type: http
+      scheme: bearer

client/integration-tests/auth-provider/src/main/openapi/token-external-service2.yaml

@@ -0,0 +1,23 @@
+---
+openapi: 3.0.3
+info:
+  title: token-external-service2 API
+  version: 3.0.0-SNAPSHOT
+paths:
+  /token-external-service2/executeQuery2:
+    post:
+      operationId: executeQuery2
+      responses:
+        "200":
+          description: OK
+      security:
+        - service2-oauth2: []
+components:
+  securitySchemes:
+    service2-oauth2:
+        type: oauth2
+        flows:
+          clientCredentials:
+            authorizationUrl: https://example.com/oauth
+            tokenUrl: https://example.com/oauth/token
+            scopes: {}

client/integration-tests/auth-provider/src/main/openapi/token-external-service3.yaml

@@ -0,0 +1,19 @@
+---
+openapi: 3.0.3
+info:
+  title: token-external-service3 API
+  version: 3.0.0-SNAPSHOT
+paths:
+  /token-external-service3/executeQuery3:
+    post:
+      operationId: executeQuery3
+      responses:
+        "200":
+          description: OK
+      security:
+        - service3-http-bearer: []
+components:
+  securitySchemes:
+    service3-http-bearer:
+      type: http
+      scheme: bearer

client/integration-tests/auth-provider/src/main/openapi/token-external-service5.yaml

@@ -0,0 +1,23 @@
+---
+openapi: 3.0.3
+info:
+  title: token-external-service5 API
+  version: 3.0.0-SNAPSHOT
+paths:
+  /token-external-service5/executeQuery5:
+    post:
+      operationId: executeQuery5
+      responses:
+        "200":
+          description: OK
+      security:
+        - service5-oauth2: []
+components:
+  securitySchemes:
+    service5-oauth2:
+        type: oauth2
+        flows:
+          clientCredentials:
+            authorizationUrl: https://example.com/oauth
+            tokenUrl: https://example.com/oauth/token
+            scopes: {}

client/integration-tests/auth-provider/src/main/resources/application.properties

@@ -0,0 +1,42 @@
+# Note: The property value is the name of an existing securityScheme in the spec file
+quarkus.openapi-generator.codegen.default-security-scheme=app_id
+
+#Token service
+quarkus.openapi-generator.codegen.spec.token_external_service1_yaml.base-package=org.acme.externalservice1
+quarkus.openapi-generator.codegen.spec.token_external_service2_yaml.base-package=org.acme.externalservice2
+quarkus.openapi-generator.codegen.spec.token_external_service3_yaml.base-package=org.acme.externalservice3
+quarkus.openapi-generator.codegen.spec.token_external_service5_yaml.base-package=org.acme.externalservice5
+
+quarkus.rest-client.token_external_service1_yaml.url=${propagation-external-service-mock.url}
+quarkus.rest-client.token_external_service2_yaml.url=${propagation-external-service-mock.url}
+quarkus.rest-client.token_external_service3_yaml.url=${propagation-external-service-mock.url}
+quarkus.rest-client.token_external_service5_yaml.url=${propagation-external-service-mock.url}
+
+# default propagation for token_external_service1 invocation
+quarkus.openapi-generator.token_external_service1_yaml.auth.service1_http_bearer.token-propagation=true
+# default propagation for token_external_service2 invocation
+quarkus.openapi-generator.token_external_service2_yaml.auth.service2_oauth2.token-propagation=true
+
+quarkus.openapi-generator.token_external_service3_yaml.auth.service3_http_bearer.bearer-token=BEARER_TOKEN
+
+# Oidc clients for the services that has oauth2 security.
+# Oidc client used by the token_external_service2
+quarkus.oidc-client.service2_oauth2.auth-server-url=${keycloak.mock.service.url}
+quarkus.oidc-client.service2_oauth2.token-path=${keycloak.mock.service.token-path}
+quarkus.oidc-client.service2_oauth2.discovery-enabled=false
+quarkus.oidc-client.service2_oauth2.client-id=kogito-app
+quarkus.oidc-client.service2_oauth2.grant.type=client
+quarkus.oidc-client.service2_oauth2.credentials.client-secret.method=basic
+quarkus.oidc-client.service2_oauth2.credentials.client-secret.value=secret
+
+
+# Oidc client used by the token_external_service5
+quarkus.oidc-client.service5_oauth2.auth-server-url=${keycloak.mock.service.url}
+quarkus.oidc-client.service5_oauth2.token-path=${keycloak.mock.service.token-path}
+quarkus.oidc-client.service5_oauth2.discovery-enabled=false
+quarkus.oidc-client.service5_oauth2.client-id=kogito-app
+quarkus.oidc-client.service5_oauth2.grant.type=client
+quarkus.oidc-client.service5_oauth2.credentials.client-secret.method=basic
+quarkus.oidc-client.service5_oauth2.credentials.client-secret.value=secret
+
+quarkus.keycloak.devservices.enabled=false