Add support to OAuth2

Signed-off-by: Ricardo Zanini <[email protected]>

Author: ricardozanini

deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/wrapper/QuarkusJavaClientCodegen.java

@@ -37,10 +37,10 @@ public void processOpts() {
     private void replaceWithQuarkusTemplateFiles() {
         supportingFiles.clear();
 
-        // TODO: add others as we go
         if (ProcessUtils.hasHttpBasicMethods(this.openAPI) ||
                 ProcessUtils.hasApiKeyMethods(this.openAPI) ||
-                ProcessUtils.hasHttpBearerMethods(this.openAPI)) {
+                ProcessUtils.hasHttpBearerMethods(this.openAPI) ||
+                ProcessUtils.hasOAuthMethods(this.openAPI)) {
             supportingFiles.add(
                     new SupportingFile("auth/compositeAuthenticationProvider.qute",
                             authFileFolder(),

deployment/src/main/resources/templates/auth/compositeAuthenticationProvider.qute

@@ -15,7 +15,11 @@ import io.quarkiverse.openapi.generator.providers.ApiKeyIn;
 {#if hasHttpBearerMethods}
 import io.quarkiverse.openapi.generator.providers.BearerAuthenticationProvider;
 {/if}
+{#if hasOAuthMethods}
+import io.quarkiverse.openapi.generator.providers.OAuth2AuthenticationProvider;
+{/if}
 import io.quarkiverse.openapi.generator.providers.AbstractCompositeAuthenticationProvider;
+import io.quarkiverse.openapi.generator.providers.OperationAuthInfo;
 
 @Priority(Priorities.AUTHENTICATION)
 public class CompositeAuthenticationProvider extends AbstractCompositeAuthenticationProvider {
@@ -25,17 +29,114 @@ public class CompositeAuthenticationProvider extends AbstractCompositeAuthentica
 
     @PostConstruct
     public void init() {
-        {#for auth in httpBasicMethods.orEmpty}this.addAuthenticationProvider(new BasicAuthenticationProvider("{auth.name}", authConfig));{/for}
-        {#for auth in httpBearerMethods.orEmpty}this.addAuthenticationProvider(new BearerAuthenticationProvider("{auth.name}", "{auth.scheme}", authConfig));{/for}
+        {#for auth in httpBasicMethods.orEmpty}
+        this.addAuthenticationProvider(new BasicAuthenticationProvider("{auth.name}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
+        {#for auth in oauthMethods.orEmpty}
+        this.addAuthenticationProvider(new OAuth2AuthenticationProvider("{auth.name}")
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
+        {#for auth in httpBearerMethods.orEmpty}
+        this.addAuthenticationProvider(new BearerAuthenticationProvider("{auth.name}", "{auth.scheme}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
+        {/for}
         {#for auth in apiKeyMethods.orEmpty}
         {#if auth.isKeyInQuery}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.query, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.query, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {#if auth.isKeyInHeader}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.header, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.header, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {#if auth.isKeyInCookie}
-        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.cookie, "{auth.keyParamName}", authConfig));
+        this.addAuthenticationProvider(new ApiKeyAuthenticationProvider("{auth.name}", ApiKeyIn.cookie, "{auth.keyParamName}", authConfig)
+        {#for api in apiInfo.apis}
+        {#for op in api.operations.operation}
+        {#if op.hasAuthMethods}
+        {#for authM in op.authMethods}
+        {#if authM.name == auth.name}
+            .addOperation(OperationAuthInfo.builder()
+                .withPath("{api.contextPath}{api.commonPath}{op.path.orEmpty}")
+                .withId("{op.operationId}")
+                .withMethod("{op.httpMethod}")
+                .build())
+        {/if}
+        {/for}
+        {/if}
+        {/for}
+        {/for});
         {/if}
         {/for}
     }

deployment/src/test/java/io/quarkiverse/openapi/generator/deployment/wrapper/OpenApiClientGeneratorWrapperTest.java

@@ -154,14 +154,6 @@ void checkAnnotations() throws URISyntaxException, FileNotFoundException {
                 .forEach(m -> assertThat(m).doesNotHaveCircuitBreakerAnnotation());
     }
 
-    private List<File> generateRestClientFiles() throws URISyntaxException {
-        OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("simple-openapi.json")
-                .withCircuitBreakerConfiguration(Map.of(
-                        "org.openapitools.client.api.DefaultApi", List.of("opThatDoesNotExist", "byeGet")));
-
-        return generatorWrapper.generate();
-    }
-
     @Test
     void verifyMultipartFormAnnotationIsGeneratedForParameter() throws URISyntaxException, FileNotFoundException {
         List<File> generatedFiles = createGeneratorWrapper("multipart-openapi.yml")
@@ -216,6 +208,14 @@ void verifyMultipartPojoGeneratedAndFieldsHaveAnnotations() throws URISyntaxExce
         });
     }
 
+    private List<File> generateRestClientFiles() throws URISyntaxException {
+        OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("simple-openapi.json")
+                .withCircuitBreakerConfiguration(Map.of(
+                        "org.openapitools.client.api.DefaultApi", List.of("opThatDoesNotExist", "byeGet")));
+
+        return generatorWrapper.generate();
+    }
+
     private OpenApiClientGeneratorWrapper createGeneratorWrapper(String specFileName) throws URISyntaxException {
         final Path openApiSpec = Path
                 .of(requireNonNull(this.getClass().getResource(String.format("/openapi/%s", specFileName))).toURI());

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/MultipartTest.java

@@ -39,7 +39,7 @@ public class MultipartTest {
 
     @RestClient
     @Inject
-    private UserProfileDataApi userProfileDataApi;
+    UserProfileDataApi userProfileDataApi;
 
     @Test
     public void testUploadMultipartFormdata(@TempDir Path tempDir) throws IOException {

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/OpenWeatherTest.java

@@ -1,6 +1,7 @@
 package io.quarkiverse.openapi.generator.it;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 
 import javax.inject.Inject;
 
@@ -26,6 +27,9 @@ public class OpenWeatherTest {
     @ConfigProperty(name = "org.acme.openapi.weather.security.auth.app_id/api-key")
     String apiKey;
 
+    @ConfigProperty(name = "org.acme.openapi.weather.api.CurrentWeatherDataApi/mp-rest/url")
+    String weatherUrl;
+
     @RestClient
     @Inject
     CurrentWeatherDataApi weatherApi;
@@ -34,8 +38,9 @@ public class OpenWeatherTest {
     public void testGetWeatherByLatLon() {
         final Model200 model = weatherApi.currentWeatherData("", "", "10", "-10", "", "", "", "");
         assertEquals("Nowhere", model.getName());
+        assertNotNull(weatherUrl);
         openWeatherServer.verify(WireMock.getRequestedFor(
-                WireMock.urlEqualTo("/weather?q=&id=&lat=10&lon=-10&zip=&units=&lang=&mode=&appid=" + apiKey)));
+                WireMock.urlEqualTo("/data/2.5/weather?q=&id=&lat=10&lon=-10&zip=&units=&lang=&mode=&appid=" + apiKey)));
     }
 
 }

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/WiremockOpenWeather.java

@@ -20,14 +20,14 @@ public Map<String, String> start() {
         wireMockServer = new WireMockServer(8888);
         wireMockServer.start();
 
-        wireMockServer.stubFor(get(urlPathEqualTo("/weather"))
+        wireMockServer.stubFor(get(urlPathEqualTo("/data/2.5/weather"))
                 .willReturn(aResponse()
                         .withStatus(200)
                         .withHeader("Content-Type", "application/json")
                         .withBody(
                                 "{\"name\": \"Nowhere\"}")));
         return Collections.singletonMap("org.acme.openapi.weather.api.CurrentWeatherDataApi/mp-rest/url",
-                wireMockServer.baseUrl());
+                wireMockServer.baseUrl().concat("/data/2.5"));
     }
 
     @Override

integration-tests/example-project/src/test/java/io/quarkiverse/openapi/generator/it/WiremockPetStore.java

@@ -30,6 +30,11 @@
       <groupId>org.eclipse.microprofile.fault-tolerance</groupId>
       <artifactId>microprofile-fault-tolerance-api</artifactId>
     </dependency>
+    <!-- petstore requires OAuth2 -->
+    <dependency>
+      <groupId>io.quarkus</groupId>
+      <artifactId>quarkus-oidc-client-filter</artifactId>
+    </dependency>
     <dependency>
       <groupId>io.quarkiverse.openapi.generator</groupId>
       <artifactId>quarkus-openapi-generator</artifactId>
@@ -48,6 +53,11 @@
       <artifactId>wiremock-jre8</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>io.quarkiverse.openapi.generator</groupId>
+      <artifactId>quarkus-openapi-generator-test-utils</artifactId>
+      <scope>test</scope>
+    </dependency>
   </dependencies>
   <build>
     <plugins>

integration-tests/generation-tests/pom.xml

@@ -1,2 +1,13 @@
-
-
+quarkus.oidc-client.client-enabled=false
+# ${keycloak.url} is provided by test-utils
+# petstore_auth is the name of the security scheme from the openapi spec file (petstore.json)
+# you can configure your OAuth2 Client the way it fits your use case here.
+# see https://quarkus.io/guides/security-openid-connect-client
+quarkus.oidc-client.petstore_auth.auth-server-url=${keycloak.url}
+quarkus.oidc-client.petstore_auth.discovery-enabled=false
+quarkus.oidc-client.petstore_auth.token-path=/tokens
+quarkus.oidc-client.petstore_auth.credentials.secret=secret
+quarkus.oidc-client.petstore_auth.grant.type=password
+quarkus.oidc-client.petstore_auth.grant-options.password.username=alice
+quarkus.oidc-client.petstore_auth.grant-options.password.password=alice
+quarkus.oidc-client.petstore_auth.client-id=petstore-app

integration-tests/generation-tests/src/main/resources/application.properties

@@ -13,10 +13,12 @@
 
 import com.github.tomakehurst.wiremock.WireMockServer;
 
+import io.quarkiverse.openapi.generator.testutils.keycloak.KeycloakRealmResourceManager;
 import io.quarkus.test.common.QuarkusTestResource;
 import io.quarkus.test.junit.QuarkusTest;
 
 @QuarkusTestResource(WiremockPetStore.class)
+@QuarkusTestResource(KeycloakRealmResourceManager.class)
 @QuarkusTest
 public class PetStoreTest {