Uploaded image for project: 'REST Client'
  1. REST Client
  2. MGNLRESTCL-114

Removing redundancy from configuration of security schemes

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Neutral
    • 2.0
    • None
    • None
    • None
    • Yes
    • Declarative REST 15
    • 5

    Description

      Rationale

      Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.

      Current status

      Security schemes are configured on rest client level, here is example configuration for auth0 service:

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
      restCalls:
        logs:
          method: get
          path: /logs
          entityClass: com.fasterxml.jackson.databind.JsonNode
          securitySchemeName: bearer
      securitySchemes:
        bearer:
          class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition
          authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token
          authenticationPayloadTemplate: >
            {
              "client_id":"%s",
              "client_secret":"%s",
              "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
              "grant_type":"client_credentials"
            }
          secrets:
            3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true
            3087f6e5-bddf-4585-a0d1-f2050addc793: true
          tokenJsonPath: '$.access_token'
          expiryJsonPath: '$.expires_in'
      

      Proposed configuration

      New configuration would look like this (together with MGNLRESTCL-113):

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
      restCalls:
        oauth2:
          path: /oauth/token
          method: post
          body: >
            {
              "client_id":"{password:<uuid>}",
              "client_secret":"{password:<uuid>}",
              "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
              "grant_type":"client_credentials"
            }
          logs:
            method: get
            path: /logs
            entityClass: com.fasterxml.jackson.databind.JsonNode
            securitySchemeName: bearer
      securitySchemes:
        # Basic Auth with MGNLRESTCL-113
        basic:
          class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition
          username: '{password:<uuid>}'
          password: '{password:<uuid>}'
        # Bearer Token with MGNLRESTCL-113
        bearer:
          class: ...
          restCall: oauth2
          tokenJsonPath: '$.access_token'
          expiryJsonPath: '$.expires_in'
      

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                jsimak Jaroslav Simak
                jsimak Jaroslav Simak
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Checklists

                    Task DoD