Use CredentialProvider in OAUTH2 provider

gabriel-farache · gabriel-farache · commit 9cb6610e175c · 2025-04-30T11:56:19.000+02:00
Signed-off-by: gabriel-farache &lt;gfarache@redhat.com&gt;
diff --git a/client/oidc/src/main/java/io/quarkiverse/openapi/generator/oidc/providers/OAuth2AuthenticationProvider.java b/client/oidc/src/main/java/io/quarkiverse/openapi/generator/oidc/providers/OAuth2AuthenticationProvider.java
@@ -5,16 +5,13 @@
 import java.io.IOException;
 import java.util.List;
 
-import jakarta.ws.rs.client.ClientRequestContext;
-import jakarta.ws.rs.core.HttpHeaders;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import io.quarkiverse.openapi.generator.providers.AbstractAuthProvider;
 import io.quarkiverse.openapi.generator.providers.ConfigCredentialsProvider;
 import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
-import io.quarkus.oidc.common.runtime.OidcConstants;
+import jakarta.ws.rs.client.ClientRequestContext;
 
 public class OAuth2AuthenticationProvider extends AbstractAuthProvider {
 
@@ -31,13 +28,7 @@ public OAuth2AuthenticationProvider(String name,
 
     @Override
     public void filter(ClientRequestContext requestContext) throws IOException {
-        if (isTokenPropagation()) {
-            String bearerToken = getTokenForPropagation(requestContext.getHeaders());
-            bearerToken = sanitizeBearerToken(bearerToken);
-            requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION, OidcConstants.BEARER_SCHEME + " " + bearerToken);
-        } else {
-            delegate.filter(requestContext);
-        }
+        getCredentialsProvider().setOauth2BearerToken(requestContext, getOpenApiSpecId(), getName(), delegate::filter);
     }
 
     private void validateConfig() {
diff --git a/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/AbstractAuthProvider.java b/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/AbstractAuthProvider.java
@@ -60,22 +60,33 @@ public String getName() {
     }
 
     public boolean isTokenPropagation() {
-        return ConfigProvider.getConfig()
-                .getOptionalValue(getCanonicalAuthConfigPropertyName(AuthConfig.TOKEN_PROPAGATION), Boolean.class)
-                .orElse(false);
+        return isTokenPropagation(getOpenApiSpecId(), getName());
     }
 
-    public String getTokenForPropagation(MultivaluedMap<String, Object> httpHeaders) {
-        String headerName = getHeaderName() != null ? getHeaderName() : HttpHeaders.AUTHORIZATION;
-        String propagatedHeaderName = propagationHeaderName(getOpenApiSpecId(), getName(), headerName);
+    public static String getTokenForPropagation(MultivaluedMap<String, Object> httpHeaders, String openApiSpecId,
+            String authName) {
+        String headerName = getHeaderName(openApiSpecId, authName) != null ? getHeaderName(openApiSpecId, authName)
+                : HttpHeaders.AUTHORIZATION;
+        String propagatedHeaderName = propagationHeaderName(openApiSpecId, authName, headerName);
         return Objects.toString(httpHeaders.getFirst(propagatedHeaderName));
     }
 
+    public String getTokenForPropagation(MultivaluedMap<String, Object> httpHeaders) {
+        return getTokenForPropagation(httpHeaders, getOpenApiSpecId(), getName());
+    }
+
     public String getHeaderName() {
         return ConfigProvider.getConfig()
                 .getOptionalValue(getCanonicalAuthConfigPropertyName(AuthConfig.HEADER_NAME), String.class).orElse(null);
     }
 
+    public static String getHeaderName(String openApiSpecId, String authName) {
+        return ConfigProvider.getConfig()
+                .getOptionalValue(getCanonicalAuthConfigPropertyName(AuthConfig.HEADER_NAME, openApiSpecId, authName),
+                        String.class)
+                .orElse(null);
+    }
+
     @Override
     public List<OperationAuthInfo> operationsToFilter() {
         return applyToOperations;
@@ -88,4 +99,15 @@ public final String getCanonicalAuthConfigPropertyName(String authPropertyName)
     public static String getCanonicalAuthConfigPropertyName(String authPropertyName, String openApiSpecId, String authName) {
         return String.format(CANONICAL_AUTH_CONFIG_PROPERTY_NAME, openApiSpecId, authName, authPropertyName);
     }
+
+    public static boolean isTokenPropagation(String openApiSpecId, String authName) {
+        return ConfigProvider.getConfig()
+                .getOptionalValue(getCanonicalAuthConfigPropertyName(AuthConfig.TOKEN_PROPAGATION, openApiSpecId, authName),
+                        Boolean.class)
+                .orElse(false);
+    }
+
+    public CredentialsProvider getCredentialsProvider() {
+        return credentialsProvider;
+    }
 }
diff --git a/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ConfigCredentialsProvider.java b/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ConfigCredentialsProvider.java
@@ -1,14 +1,19 @@
 package io.quarkiverse.openapi.generator.providers;
 
+import java.io.IOException;
+
 import jakarta.annotation.Priority;
 import jakarta.enterprise.context.Dependent;
 import jakarta.enterprise.inject.Alternative;
 import jakarta.ws.rs.client.ClientRequestContext;
+import jakarta.ws.rs.core.HttpHeaders;
 
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import io.quarkus.oidc.common.runtime.OidcConstants;
+
 @Dependent
 @Alternative
 @Priority(100)
@@ -63,4 +68,22 @@ public String getBearerToken(ClientRequestContext requestContext, String openApi
                 .orElse("");
     }
 
+    @Override
+    public void setOauth2BearerToken(ClientRequestContext requestContext, String openApiSpecId, String authName,
+            ThrowingConsumer<ClientRequestContext, IOException> filter) throws IOException {
+        if (AbstractAuthProvider.isTokenPropagation(openApiSpecId, authName)) {
+            String bearerToken = AbstractAuthProvider.getTokenForPropagation(requestContext.getHeaders(), openApiSpecId,
+                    authName);
+            requestContext.getHeaders().add(HttpHeaders.AUTHORIZATION,
+                    OidcConstants.BEARER_SCHEME + " " + AbstractAuthProvider.sanitizeBearerToken(bearerToken));
+        } else {
+            filter.accept(requestContext);
+        }
+    }
+
+    @FunctionalInterface
+    public interface ThrowingConsumer<T, E extends Exception> {
+        void accept(T t) throws E;
+    }
+
 }
diff --git a/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/CredentialsProvider.java b/client/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/CredentialsProvider.java
@@ -1,5 +1,7 @@
 package io.quarkiverse.openapi.generator.providers;
 
+import java.io.IOException;
+
 import jakarta.ws.rs.client.ClientRequestContext;
 
 /**
@@ -44,4 +46,13 @@ public interface CredentialsProvider {
      * @return the Bearer Token to use when filtering the request
      */
     String getBearerToken(ClientRequestContext requestContext, String openApiSpecId, String authName);
+
+    /**
+     * Gets the Bearer Token given the OpenAPI definition and security schema
+     *
+     * @param openApiSpecId the OpenAPI Spec identification as defined by the OpenAPI Extension
+     * @param authName The security schema for this Bearer Token definition
+     */
+    void setOauth2BearerToken(ClientRequestContext requestContext, String openApiSpecId, String authName,
+            ConfigCredentialsProvider.ThrowingConsumer<ClientRequestContext, IOException> filter) throws IOException;
 }
