-
Improvement
-
Resolution: Fixed
-
Neutral
-
None
-
None
-
None
-
-
Empty show more show less
-
Yes
-
Declarative REST 15
-
5
Rationale
Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.
Current status
Security schemes are configured on rest client level, here is example configuration for auth0 service:
baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: bearer: class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token authenticationPayloadTemplate: > { "client_id":"%s", "client_secret":"%s", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } secrets: 3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true 3087f6e5-bddf-4585-a0d1-f2050addc793: true tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in'
Proposed configuration
New configuration would look like this (together with MGNLRESTCL-113):
baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: oauth2: path: /oauth/token method: post body: > { "client_id":"{password:<uuid>}", "client_secret":"{password:<uuid>}", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: # Basic Auth with MGNLRESTCL-113 basic: class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition username: '{password:<uuid>}' password: '{password:<uuid>}' # Bearer Token with MGNLRESTCL-113 bearer: class: ... restCall: oauth2 tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in'
Acceptance criteria
- depends upon
-
MGNLRESTCL-113 Hide sensitive information from the rest call definiton query parameters / headers / etc.
- Closed
- is causing
-
MGNLRESTCL-115 DOC: Redundancies removed from configuration of security schemes
- Closed