[MGNLRESTCL-93] Use a REST Client via a REST Call Created: 31/Oct/19  Updated: 25/Jan/24

Status: Open
Project: REST Client
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Story Priority: Major
Reporter: Christopher Zimmermann Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Java Source File ConfiguredRestProxyEndpointDefinition.java     Java Source File RestProxyEndpoint.java     Java Source File RestProxyEndpointDefinition.java    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Release notes required:
Yes
Documentation update required:
Yes
Date of First Response:
Epic Link: Headless Backlog

 Description   

User Story

As a developer, I want to call REST Clients from a browser or other frontend  in a way that does not expose which endpoint I am hitting or any secrets or authentication information, so that I can use my configured REST clients, and so that they are secure, and to overcome any potential CORS issues.

Alternative Title

"Use a REST client via REST"

Acceptance Criteria:

  • Dev can make HTTP request from a frontend to the Magnolia server to trigger a Magnolia REST client.
  • Any headers and cookies will be sent along.
  • The complete response from the final endpoint will be returned, including headers and cookies.
  • By default the REST client cache will be respected, but there must be a convenient way to disable the cache on a call.
  • The proxy might be available under a path like /.proxy, or it might be considered a kind of REST endpoint and be available under /.rest.
  • Should be easy to setup. (Not sure if its a property on a REST client, or if it is a configurable REST Endpoint that then references a REST client.
  • Developer can choose the name that is exposed. By default it would be the name of the REST client.

Notes

resfn allows devs to use REST clients from templates. This feature allows devs to conveniently use REST Client in a headless context.

This can essentially be done currently by writing an FTL template which calls the REST Client via restfn. This ticket would make the feature more robust and simpler to setup and use.



 Comments   
Comment by Tobias Kerschbaum [ 01/Feb/23 ]

Some Context to the idea of this Endpoint:

In our demo we use different 3rd party endpoints with tokens. To secure this rest calls and to not expose the token we have to send to the 3rd party system I created a simple proxy rest endpoint. The implementation is really simple and consists only of 3 classes.

ConfiguredRestProxyEndpointDefinition.java
RestProxyEndpoint.java
RestProxyEndpointDefinition.java

 

The YAML definition in the end looks like this:

light-modules/headless-ecommerce/restEndpoints/segment-traits.yaml

class: info.magnolia.services.demos.rest.service.ConfiguredRestProxyEndpointDefinition
implementationClass: info.magnolia.services.demos.rest.service.RestProxyEndpoint
restClientName: segment
restCallName: traits 

light-modules/headless-ecommerce/restClients/segment.yaml

baseUrl: https://profiles.segment.com/v1/spaces/SEGMENT_SPACE_ID/collections/users/profiles/
cacheConfiguration:
  expireIn: 60
timeoutConfiguration:
  readTimeout: 5
  fallbackToCache: true
securitySchemes:
  b1:
    $type: basic
    username: SEGMENT_ACCESS_TOKEN
    password: ''
restCalls:
  traits:
    method: get
    path: /{id}/traits
    securityScheme: b1 
Comment by Mykola [ 09/Jun/23 ]

This might be a very usefull. I vote for this feature

Generated at Mon Feb 12 10:43:09 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.