Uploaded image for project: 'REST Client'
  1. REST Client
  2. MGNLRESTCL-114

Removing redundancy from configuration of security schemes

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 2.0
    • None
    • None
    • None
    • Yes
    • Declarative REST 15
    • 5

      Rationale

      Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.

      Current status

      Security schemes are configured on rest client level, here is example configuration for auth0 service:

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
restCalls:
  logs:
    method: get
    path: /logs
    entityClass: com.fasterxml.jackson.databind.JsonNode
    securitySchemeName: bearer
securitySchemes:
  bearer:
    class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition
    authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token
    authenticationPayloadTemplate: >
      {
        "client_id":"%s",
        "client_secret":"%s",
        "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
        "grant_type":"client_credentials"
      }
    secrets:
      3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true
      3087f6e5-bddf-4585-a0d1-f2050addc793: true
    tokenJsonPath: '$.access_token'
    expiryJsonPath: '$.expires_in'

      Proposed configuration

      New configuration would look like this (together with MGNLRESTCL-113):

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
restCalls:
  oauth2:
    path: /oauth/token
    method: post
    body: >
      {
        "client_id":"{password:<uuid>}",
        "client_secret":"{password:<uuid>}",
        "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
        "grant_type":"client_credentials"
      }
    logs:
      method: get
      path: /logs
      entityClass: com.fasterxml.jackson.databind.JsonNode
      securitySchemeName: bearer
securitySchemes:
  # Basic Auth with MGNLRESTCL-113
  basic:
    class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition
    username: '{password:<uuid>}'
    password: '{password:<uuid>}'
  # Bearer Token with MGNLRESTCL-113
  bearer:
    class: ...
    restCall: oauth2
    tokenJsonPath: '$.access_token'
    expiryJsonPath: '$.expires_in'

        Acceptance criteria

              jsimak Jaroslav Simak
              jsimak Jaroslav Simak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Task DoD