Add support for token-propagation-external-service6 with OpenID Connect integration

indiealexh · indiealexh · commit 97d49d341da9 · 2025-08-21T11:50:49.000-07:00
diff --git a/client/deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/QuarkusJavaClientCodegen.java b/client/deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/QuarkusJavaClientCodegen.java
@@ -75,10 +75,10 @@ private void replaceWithQuarkusTemplateFiles() {
 
         if (enableSecurityGeneration == null || enableSecurityGeneration) {
             if (ProcessUtils.hasHttpBasicMethods(this.openAPI) ||
-                ProcessUtils.hasApiKeyMethods(this.openAPI) ||
-                ProcessUtils.hasHttpBearerMethods(this.openAPI) ||
-                ProcessUtils.hasOAuthMethods(this.openAPI) ||
-                ProcessUtils.hasOpenIdConnectMethods(this.openAPI)) {
+                    ProcessUtils.hasApiKeyMethods(this.openAPI) ||
+                    ProcessUtils.hasHttpBearerMethods(this.openAPI) ||
+                    ProcessUtils.hasOAuthMethods(this.openAPI) ||
+                    ProcessUtils.hasOpenIdConnectMethods(this.openAPI)) {
                 supportingFiles.add(
                         new SupportingFile(AUTH_PACKAGE + "/compositeAuthenticationProvider.qute",
                                 authFileFolder(),
diff --git a/client/integration-tests/auth-provider/src/main/java/io/quarkiverse/openapi/generator/it/auth/TokenServerResource.java b/client/integration-tests/auth-provider/src/main/java/io/quarkiverse/openapi/generator/it/auth/TokenServerResource.java
@@ -20,6 +20,9 @@ public class TokenServerResource {
     @RestClient
     org.acme.externalservice5.api.DefaultApi defaultApi5;
 
+    @RestClient
+    org.acme.externalservice6.api.DefaultApi defaultApi6;
+
     @POST
     @Path("service1")
     public String service1() {
@@ -47,4 +50,11 @@ public String service5() {
         defaultApi5.executeQuery5();
         return "hello";
     }
+
+    @POST
+    @Path("service6")
+    public String service6() {
+        defaultApi6.executeQuery6();
+        return "hello";
+    }
 }
diff --git a/client/integration-tests/auth-provider/src/main/resources/application.properties b/client/integration-tests/auth-provider/src/main/resources/application.properties
@@ -46,6 +46,8 @@ quarkus.oidc-client.service5_oauth2.credentials.client-secret.value=secret
 quarkus.oidc-client.service6_oidc.auth-server-url=${keycloak.mock.service.url}
 quarkus.oidc-client.service6_oidc.discovery-enabled=true
 quarkus.oidc-client.service6_oidc.client-id=kogito-app
+quarkus.oidc-client.service6_oidc.grant.type=client
+quarkus.oidc-client.service6_oidc.credentials.client-secret.method=basic
 quarkus.oidc-client.service6_oidc.credentials.client-secret.value=secret
 
 
diff --git a/client/integration-tests/auth-provider/src/test/java/io/quarkiverse/openapi/generator/it/auth/TokenExternalServicesMock.java b/client/integration-tests/auth-provider/src/test/java/io/quarkiverse/openapi/generator/it/auth/TokenExternalServicesMock.java
@@ -60,6 +60,11 @@ public Map<String, String> start() {
         // configured. The token will be overridden by the custom credential provider
         stubForExternalService("/token-external-service5/executeQuery5", KEYCLOAK_ACCESS_TOKEN + "_TEST");
 
+        // stub the token-external-service6 invocation with the expected token, no propagation is produced
+        // in this case but the service must receive the token provided by Keycloak since it has oidc security
+        // configured. The token will be overridden by the custom credential provider
+        stubForExternalService("/token-external-service6/executeQuery6", KEYCLOAK_ACCESS_TOKEN + "_TEST");
+
         return Map.of(TOKEN_EXTERNAL_SERVICE_MOCK_URL, wireMockServer.baseUrl());
     }
 
diff --git a/client/integration-tests/auth-provider/src/test/java/io/quarkiverse/openapi/generator/it/auth/TokenWithCustomCredentialProviderTest.java b/client/integration-tests/auth-provider/src/test/java/io/quarkiverse/openapi/generator/it/auth/TokenWithCustomCredentialProviderTest.java
@@ -22,7 +22,7 @@
 class TokenWithCustomCredentialProviderTest {
 
     @ParameterizedTest
-    @ValueSource(strings = { "service1", "service2", "service3", "service5" })
+    @ValueSource(strings = { "service1", "service2", "service3", "service5", "service6" })
     void testService(String service) {
         Map<String, String> headers = Map.of(HttpHeaders.AUTHORIZATION, AUTHORIZATION_TOKEN);
 
diff --git a/client/integration-tests/security/src/main/java/io/quarkiverse/openapi/generator/it/security/TokenPropagationResource.java b/client/integration-tests/security/src/main/java/io/quarkiverse/openapi/generator/it/security/TokenPropagationResource.java
@@ -24,6 +24,9 @@ public class TokenPropagationResource {
     @RestClient
     org.acme.externalservice5.api.DefaultApi defaultApi5;
 
+    @RestClient
+    org.acme.externalservice6.api.DefaultApi defaultApi6;
+
     @POST
     @Path("service1")
     public Response service1() {
@@ -53,4 +56,10 @@ public Response service4() {
     public Response service5() {
         return defaultApi5.executeQuery5();
     }
+
+    @POST
+    @Path("service6")
+    public Response service6() {
+        return defaultApi6.executeQuery6();
+    }
 }
diff --git a/client/integration-tests/security/src/main/openapi/token-propagation-external-service6.yaml b/client/integration-tests/security/src/main/openapi/token-propagation-external-service6.yaml
@@ -0,0 +1,20 @@
+---
+openapi: 3.0.3
+info:
+  title: external-service6 API
+  version: 3.0.0-SNAPSHOT
+paths:
+  /token-propagation-external-service6/executeQuery6:
+    post:
+      operationId: executeQuery6
+      responses:
+        "200":
+          description: OK
+      security:
+        - service6-oidc: []
+components:
+  securitySchemes:
+    service6-oidc:
+      type: openIdConnect
+      description: Authentication for service6
+      openIdConnectUrl: https://example.com/realms/master/.well-known/openid-configuration
diff --git a/client/integration-tests/security/src/main/resources/application.properties b/client/integration-tests/security/src/main/resources/application.properties
@@ -78,6 +78,14 @@ quarkus.oidc-client.service5_oauth2.grant.type=client
 quarkus.oidc-client.service5_oauth2.credentials.client-secret.method=basic
 quarkus.oidc-client.service5_oauth2.credentials.client-secret.value=secret
 
+# Oidc client used by the token_propagation_external_service6
+quarkus.oidc-client.service6_oidc.auth-server-url=${keycloak.mock.service.url}
+quarkus.oidc-client.service6_oidc.discovery-enabled=true
+quarkus.oidc-client.service6_oidc.client-id=kogito-app
+quarkus.oidc-client.service6_oidc.grant.type=client
+quarkus.oidc-client.service6_oidc.credentials.client-secret.method=basic
+quarkus.oidc-client.service6_oidc.credentials.client-secret.value=secret
+
 quarkus.keycloak.devservices.enabled=false
 
 # Slack OpenAPI
diff --git a/client/integration-tests/security/src/test/java/io/quarkiverse/openapi/generator/it/security/TokenPropagationExternalServicesMock.java b/client/integration-tests/security/src/test/java/io/quarkiverse/openapi/generator/it/security/TokenPropagationExternalServicesMock.java
@@ -66,6 +66,11 @@ public Map<String, String> start() {
         // configured.
         stubForExternalService("/token-propagation-external-service5/executeQuery5", KEYCLOAK_ACCESS_TOKEN);
 
+        // stub the token-propagation-external-service6 invocation with the expected token, no propagation is produced
+        // in this case but the service must receive the token provided by Keycloak since it has oidc security
+        // configured.
+        stubForExternalService("/token-propagation-external-service6/executeQuery6", KEYCLOAK_ACCESS_TOKEN);
+
         return Map.of(TOKEN_PROPAGATION_EXTERNAL_SERVICE_MOCK_URL, wireMockServer.baseUrl());
     }
 
