Uploaded image for project: 'REST Client'
  1. REST Client
  2. MGNLRESTCL-114

Removing redundancy from configuration of security schemes

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Neutral Neutral
    • 2.0
    • None
    • None
    • None
    • Yes
    • Declarative REST 15
    • 5

      Rationale

      Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.

      Current status

      Security schemes are configured on rest client level, here is example configuration for auth0 service:

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
      restCalls:
        logs:
          method: get
          path: /logs
          entityClass: com.fasterxml.jackson.databind.JsonNode
          securitySchemeName: bearer
      securitySchemes:
        bearer:
          class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition
          authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token
          authenticationPayloadTemplate: >
            {
              "client_id":"%s",
              "client_secret":"%s",
              "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
              "grant_type":"client_credentials"
            }
          secrets:
            3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true
            3087f6e5-bddf-4585-a0d1-f2050addc793: true
          tokenJsonPath: '$.access_token'
          expiryJsonPath: '$.expires_in'
      

      Proposed configuration

      New configuration would look like this (together with MGNLRESTCL-113):

      baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
      restCalls:
        oauth2:
          path: /oauth/token
          method: post
          body: >
            {
              "client_id":"{password:<uuid>}",
              "client_secret":"{password:<uuid>}",
              "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
              "grant_type":"client_credentials"
            }
          logs:
            method: get
            path: /logs
            entityClass: com.fasterxml.jackson.databind.JsonNode
            securitySchemeName: bearer
      securitySchemes:
        # Basic Auth with MGNLRESTCL-113
        basic:
          class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition
          username: '{password:<uuid>}'
          password: '{password:<uuid>}'
        # Bearer Token with MGNLRESTCL-113
        bearer:
          class: ...
          restCall: oauth2
          tokenJsonPath: '$.access_token'
          expiryJsonPath: '$.expires_in'
      

        Acceptance criteria

              jsimak Jaroslav Simak
              jsimak Jaroslav Simak
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: