Add OpenIdConnectAuthenticationMarker

Author: indiealexh

client/deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/GeneratorProcessor.java

@@ -22,11 +22,7 @@
 import io.quarkiverse.openapi.generator.OidcClient;
 import io.quarkiverse.openapi.generator.OpenApiGeneratorConfig;
 import io.quarkiverse.openapi.generator.OpenApiSpec;
-import io.quarkiverse.openapi.generator.markers.ApiKeyAuthenticationMarker;
-import io.quarkiverse.openapi.generator.markers.BasicAuthenticationMarker;
-import io.quarkiverse.openapi.generator.markers.BearerAuthenticationMarker;
-import io.quarkiverse.openapi.generator.markers.OauthAuthenticationMarker;
-import io.quarkiverse.openapi.generator.markers.OperationMarker;
+import io.quarkiverse.openapi.generator.markers.*;
 import io.quarkiverse.openapi.generator.oidc.ClassicOidcClientRequestFilterDelegate;
 import io.quarkiverse.openapi.generator.oidc.OidcAuthenticationRecorder;
 import io.quarkiverse.openapi.generator.oidc.ReactiveOidcClientRequestFilterDelegate;
@@ -51,6 +47,8 @@ public class GeneratorProcessor {
 
     private static final String FEATURE = "openapi-generator";
     private static final DotName OAUTH_AUTHENTICATION_MARKER = DotName.createSimple(OauthAuthenticationMarker.class);
+    private static final DotName OPEN_ID_CONNECT_AUTHENTICATION_MARKER = DotName
+            .createSimple(OpenIdConnectAuthenticationMarker.class);
     private static final DotName BASIC_AUTHENTICATION_MARKER = DotName.createSimple(BasicAuthenticationMarker.class);
     private static final DotName BEARER_AUTHENTICATION_MARKER = DotName.createSimple(BearerAuthenticationMarker.class);
     private static final DotName API_KEY_AUTHENTICATION_MARKER = DotName.createSimple(ApiKeyAuthenticationMarker.class);
@@ -185,6 +183,68 @@ void produceOauthAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
         }
     }
 
+    @BuildStep
+    @Record(ExecutionTime.RUNTIME_INIT)
+    void produceOpenIdConnectAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,
+            BuildProducer<AuthProviderBuildItem> authenticationProviders,
+            BuildProducer<SyntheticBeanBuildItem> beanProducer,
+            OidcAuthenticationRecorder oidcRecorder) {
+
+        Collection<AnnotationInstance> authenticationMarkers = beanArchiveBuildItem.getIndex()
+                .getAnnotationsWithRepeatable(OPEN_ID_CONNECT_AUTHENTICATION_MARKER, beanArchiveBuildItem.getIndex())
+                .stream()
+                .collect(Collectors.toMap(
+                        AnnotationInstance::equivalenceHashCode,
+                        marker -> marker,
+                        (existing, duplicate) -> existing))
+                .values();
+
+        if (!isClassPresentAtRuntime(ABSTRACT_TOKEN_PRODUCER)) {
+            if (!authenticationMarkers.isEmpty()) {
+                throw new IllegalStateException(
+                        "OAuth2 flows detected in spec(s) " +
+                                authenticationMarkers.stream()
+                                        .map(m -> m.value("openApiSpecId").asString())
+                                        .distinct()
+                                        .collect(Collectors.joining(", "))
+                                +
+                                " but quarkus-openapi-generator-oidc and quarkus-rest-client-oidc-filter or quarkus-oidc-client-reactive-filter are not on the classpath. "
+                                +
+                                "Please add those dependencies to your project. See https://docs.quarkiverse.io/quarkus-openapi-generator/dev/client.html#_oauth2_authentication");
+            }
+            LOGGER.debug("{} class not found in runtime, skipping OAuth bean generation", ABSTRACT_TOKEN_PRODUCER);
+            return;
+        }
+        LOGGER.debug("{} class found in runtime, producing OAuth bean generation", ABSTRACT_TOKEN_PRODUCER);
+
+        Map<String, List<AnnotationInstance>> operationsBySpec = getOperationsBySpec(beanArchiveBuildItem);
+
+        for (AnnotationInstance authenticationMarker : authenticationMarkers) {
+            String name = authenticationMarker.value("name").asString();
+            String openApiSpecId = authenticationMarker.value("openApiSpecId").asString();
+            List<OperationAuthInfo> operations = getOperations(operationsBySpec, openApiSpecId, name);
+            authenticationProviders.produce(new AuthProviderBuildItem(openApiSpecId, name));
+            beanProducer.produce(SyntheticBeanBuildItem.configure(AuthProvider.class)
+                    .scope(Dependent.class)
+                    .addQualifier()
+                    .annotation(AuthName.class)
+                    .addValue("name", name)
+                    .done()
+                    .addQualifier()
+                    .annotation(OpenApiSpec.class)
+                    .addValue("openApiSpecId", openApiSpecId)
+                    .done()
+                    .addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
+                    .addInjectionPoint(ClassType.create(OAuth2AuthenticationProvider.OidcClientRequestFilterDelegate.class),
+                            AnnotationInstance.builder(OidcClient.class).add("name", sanitizeAuthName(name)).build())
+                    .addInjectionPoint(ClassType.create(DotName.createSimple(CredentialsProvider.class)))
+                    .createWith(oidcRecorder.recordOauthAuthProvider(sanitizeAuthName(name), openApiSpecId, operations))
+                    .setRuntimeInit()
+                    .unremovable()
+                    .done());
+        }
+    }
+
     @BuildStep
     @Record(ExecutionTime.RUNTIME_INIT)
     void produceBasicAuthentication(CombinedIndexBuildItem beanArchiveBuildItem,

client/deployment/src/main/resources/templates/libraries/microprofile/auth/compositeAuthenticationProvider.qute

@@ -4,6 +4,9 @@ package {apiPackage}.auth;
 {#for auth in openapi:getUniqueOAuthOperations(oauthMethods.orEmpty)}
 @io.quarkiverse.openapi.generator.markers.OauthAuthenticationMarker(name="{auth.name}", openApiSpecId="{quarkus-generator.openApiSpecId}")
 {/for}
+{#for auth in openapi:getUniqueOAuthOperations(openIdConnectMethods.orEmpty)}
+@io.quarkiverse.openapi.generator.markers.OpenIdConnectAuthenticationMarker(name="{auth.name}", openApiSpecId="{quarkus-generator.openApiSpecId}")
+{/for}
 {#for auth in httpBasicMethods.orEmpty}
 @io.quarkiverse.openapi.generator.markers.BasicAuthenticationMarker(name="{auth.name}", openApiSpecId="{quarkus-generator.openApiSpecId}")
 {/for}

client/integration-tests/auth-provider/src/main/resources/application.properties

@@ -44,7 +44,8 @@ quarkus.oidc-client.service5_oauth2.credentials.client-secret.value=secret
 
 # Oidc client used by the token_external_service6
 quarkus.oidc-client.service6_oidc.auth-server-url=${keycloak.mock.service.url}
-quarkus.oidc-client.service6_oidc.discovery-enabled=true
+quarkus.oidc-client.service6_oidc.token-path=${keycloak.mock.service.token-path}
+quarkus.oidc-client.service6_oidc.discovery-enabled=false
 quarkus.oidc-client.service6_oidc.client-id=kogito-app
 quarkus.oidc-client.service6_oidc.grant.type=client
 quarkus.oidc-client.service6_oidc.credentials.client-secret.method=basic

client/integration-tests/security/src/main/resources/application.properties

@@ -32,12 +32,15 @@ quarkus.openapi-generator.codegen.spec.token_propagation_external_service2_yaml.
 quarkus.openapi-generator.codegen.spec.token_propagation_external_service3_yaml.base-package=org.acme.externalservice3
 quarkus.openapi-generator.codegen.spec.token_propagation_external_service4_yaml.base-package=org.acme.externalservice4
 quarkus.openapi-generator.codegen.spec.token_propagation_external_service5_yaml.base-package=org.acme.externalservice5
+quarkus.openapi-generator.codegen.spec.token_propagation_external_service6_yaml.base-package=org.acme.externalservice6
 
 quarkus.rest-client.token_propagation_external_service1_yaml.url=${propagation-external-service-mock.url}
 quarkus.rest-client.token_propagation_external_service2_yaml.url=${propagation-external-service-mock.url}
 quarkus.rest-client.token_propagation_external_service3_yaml.url=${propagation-external-service-mock.url}
 quarkus.rest-client.token_propagation_external_service4_yaml.url=${propagation-external-service-mock.url}
 quarkus.rest-client.token_propagation_external_service5_yaml.url=${propagation-external-service-mock.url}
+quarkus.rest-client.token_propagation_external_service6_yaml.url=${propagation-external-service-mock.url}
+
 
 # default propagation for token_propagation_external_service1 invocation
 quarkus.openapi-generator.token_propagation_external_service1_yaml.auth.service1_http_bearer.token-propagation=true
@@ -80,7 +83,8 @@ quarkus.oidc-client.service5_oauth2.credentials.client-secret.value=secret
 
 # Oidc client used by the token_propagation_external_service6
 quarkus.oidc-client.service6_oidc.auth-server-url=${keycloak.mock.service.url}
-quarkus.oidc-client.service6_oidc.discovery-enabled=true
+quarkus.oidc-client.service6_oidc.token-path=${keycloak.mock.service.token-path}
+quarkus.oidc-client.service6_oidc.discovery-enabled=false
 quarkus.oidc-client.service6_oidc.client-id=kogito-app
 quarkus.oidc-client.service6_oidc.grant.type=client
 quarkus.oidc-client.service6_oidc.credentials.client-secret.method=basic

client/runtime/src/main/java/io/quarkiverse/openapi/generator/markers/OpenIdConnectAuthenticationMarker.java

@@ -0,0 +1,25 @@
+package io.quarkiverse.openapi.generator.markers;
+
+import static java.lang.annotation.ElementType.TYPE;
+
+import java.lang.annotation.Repeatable;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target(TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@Repeatable(OpenIdConnectAuthenticationMarker.AuthenticationMarkers.class)
+public @interface OpenIdConnectAuthenticationMarker {
+
+    String name();
+
+    String openApiSpecId();
+
+    @Target(TYPE)
+    @Retention(RetentionPolicy.RUNTIME)
+    @interface AuthenticationMarkers {
+        OpenIdConnectAuthenticationMarker[] value();
+    }
+
+}