[MGNLRESTCL-114] Removing redundancy from configuration of security schemes Created: 12/Dec/19  Updated: 28/Jan/20  Resolved: 27/Jan/20

Status: Closed
Project: REST Client
Component/s: None
Affects Version/s: None
Fix Version/s: 2.0

Type: Improvement Priority: Neutral
Reporter: Jaroslav Simak Assignee: Jaroslav Simak
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
is causing MGNLRESTCL-115 DOC: Redundancies removed from config... Closed
dependency
depends upon MGNLRESTCL-113 Hide sensitive information from the r... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Documentation update required:
Yes
Date of First Response:
Epic Link: Declarative REST clients
Sprint: Declarative REST 15
Story Points: 5

 Description   

Rationale

Configuration for security schemes is becoming more similar to rest call definitions, except few properties. Referencing the rest call name (and maybe also rest client?) would remove the redundancy in definitions.

Current status

Security schemes are configured on rest client level, here is example configuration for auth0 service:

baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
restCalls:
  logs:
    method: get
    path: /logs
    entityClass: com.fasterxml.jackson.databind.JsonNode
    securitySchemeName: bearer
securitySchemes:
  bearer:
    class: info.magnolia.rest.client.authentication.definition.BearerSecuritySchemeDefinition
    authenticationUrl: https://dev-7oqmqon1.auth0.com/oauth/token
    authenticationPayloadTemplate: >
      {
        "client_id":"%s",
        "client_secret":"%s",
        "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
        "grant_type":"client_credentials"
      }
    secrets:
      3a52cd43-5c98-48eb-8c3e-0fe21dea4987: true
      3087f6e5-bddf-4585-a0d1-f2050addc793: true
    tokenJsonPath: '$.access_token'
    expiryJsonPath: '$.expires_in'

Proposed configuration

New configuration would look like this (together with MGNLRESTCL-113):

baseUrl: https://dev-7oqmqon1.auth0.com/api/v2
restCalls:
  oauth2:
    path: /oauth/token
    method: post
    body: >
      {
        "client_id":"{password:<uuid>}",
        "client_secret":"{password:<uuid>}",
        "audience":"https://dev-7oqmqon1.auth0.com/api/v2/",
        "grant_type":"client_credentials"
      }
    logs:
      method: get
      path: /logs
      entityClass: com.fasterxml.jackson.databind.JsonNode
      securitySchemeName: bearer
securitySchemes:
  # Basic Auth with MGNLRESTCL-113
  basic:
    class: info.magnolia.rest.client.authentication.definition.BasicSecuritySchemeDefinition
    username: '{password:<uuid>}'
    password: '{password:<uuid>}'
  # Bearer Token with MGNLRESTCL-113
  bearer:
    class: ...
    restCall: oauth2
    tokenJsonPath: '$.access_token'
    expiryJsonPath: '$.expires_in'


 Comments   
Comment by Quach Hao Thien [ 12/Dec/19 ]

Instead of using a string

"client_id":"{password:<uuid>}"

usingĀ 

"client_id":"{@password-manager:<uuid>}"

a little verbosely, but will make the context clearer

Generated at Mon Feb 12 10:43:21 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.