Details
-
Improvement
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Yes
-
Declarative REST 15
-
5
Description
Rationale
Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.
Current status
Security schemes are configured on rest client level, here is example configuration for auth0 service:
baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: bearer: class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token authenticationPayloadTemplate: > { "client_id":"%s", "client_secret":"%s", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } secrets: 3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true 3087f6e5-bddf-4585-a0d1-f2050addc793: true tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in'
Proposed configuration
New configuration would look like this (together with MGNLRESTCL-113):
baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: oauth2: path: /oauth/token method: post body: > { "client_id":"{password:<uuid>}", "client_secret":"{password:<uuid>}", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: # Basic Auth with MGNLRESTCL-113 basic: class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition username: '{password:<uuid>}' password: '{password:<uuid>}' # Bearer Token with MGNLRESTCL-113 bearer: class: ... restCall: oauth2 tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in'
Checklists
Acceptance criteria
Attachments
Issue Links
- depends upon
-
MGNLRESTCL-113 Hide sensitive information from the rest call definiton query parameters / headers / etc.
-
- Closed
-
- is causing
-
MGNLRESTCL-115 DOC: Redundancies removed from configuration of security schemes
-
- Closed
-