[MGNLRESTCL-114] Removing redundancy from configuration of security schemes Created: 12/Dec/19 Updated: 28/Jan/20 Resolved: 27/Jan/20 |
|
| Status: | Closed |
| Project: | REST Client |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 2.0 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Jaroslav Simak | Assignee: | Jaroslav Simak |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Template: |
|
||||||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||||||
| Task DoD: |
[ ]*
Doc/release notes changes? Comment present?
[ ]*
Downstream builds green?
[ ]*
Solution information and context easily available?
[ ]*
Tests
[ ]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||||||
| Documentation update required: |
Yes
|
||||||||||||||||
| Date of First Response: | |||||||||||||||||
| Epic Link: | Declarative REST clients | ||||||||||||||||
| Sprint: | Declarative REST 15 | ||||||||||||||||
| Story Points: | 5 | ||||||||||||||||
| Description |
RationaleConfiguration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions. Current statusSecurity schemes are configured on rest client level, here is example configuration for auth0 service: baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: bearer: class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token authenticationPayloadTemplate: > { "client_id":"%s", "client_secret":"%s", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } secrets: 3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true 3087f6e5-bddf-4585-a0d1-f2050addc793: true tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in' Proposed configurationNew configuration would look like this (together with baseUrl: https://dev-7oqmqon1.auth0.com/api/v2 restCalls: oauth2: path: /oauth/token method: post body: > { "client_id":"{password:<uuid>}", "client_secret":"{password:<uuid>}", "audience":"https://dev-7oqmqon1.auth0.com/api/v2/", "grant_type":"client_credentials" } logs: method: get path: /logs entityClass: com.fasterxml.jackson.databind.JsonNode securitySchemeName: bearer securitySchemes: # Basic Auth with MGNLRESTCL-113 basic: class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition username: '{password:<uuid>}' password: '{password:<uuid>}' # Bearer Token with MGNLRESTCL-113 bearer: class: ... restCall: oauth2 tokenJsonPath: '$.access_token' expiryJsonPath: '$.expires_in' |
| Comments |
| Comment by Quach Hao Thien [ 12/Dec/19 ] |
|
Instead of using a string "client_id":"{password:<uuid>}" usingĀ "client_id":"{@password-manager:<uuid>}" a little verbosely, but will make the context clearer |