Merge pull request #154 from Apicurio/add-scope

Add scope to client credentials grant
Apicurio · Jul 17, 2023 · 7ea5987 · 7ea5987
2 parents d5ad147 + e492479
commit 7ea5987
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java b/rest-client-common/src/main/java/io/apicurio/rest/client/auth/OidcAuth.java
@@ -23,6 +23,7 @@
 import java.net.URLEncoder;
 import java.time.Duration;
 import java.time.Instant;
+import java.util.HashMap;
 import java.util.Map;
 import java.util.stream.Collectors;
 
@@ -41,6 +42,7 @@ public class OidcAuth implements Auth, AutoCloseable {
 
     private final String clientId;
     private final String clientSecret;
+    private final String scope;
     private final Duration tokenExpirationReduction;
 
     private String cachedAccessToken;
@@ -53,9 +55,14 @@ public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSec
     }
 
     public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSecret, Duration tokenExpirationReduction) {
+        this(httpClient, clientId, clientSecret, DEFAULT_TOKEN_EXPIRATION_REDUCTION, null);
+    }
+
+    public OidcAuth(ApicurioHttpClient httpClient, String clientId, String clientSecret, Duration tokenExpirationReduction, String scope) {
         this.clientId = clientId;
         this.clientSecret = clientSecret;
         this.apicurioHttpClient = httpClient;
+        this.scope = scope;
         if (null == tokenExpirationReduction) {
             this.tokenExpirationReduction = DEFAULT_TOKEN_EXPIRATION_REDUCTION;
         } else {
@@ -76,7 +83,15 @@ public void apply(Map<String, String> requestHeaders) {
 
     private void requestAccessToken() {
         try {
-            final Map<String, String> params = Map.of("grant_type", CLIENT_CREDENTIALS_GRANT, "client_id", clientId, "client_secret", clientSecret);
+            final Map<String, String> params = new HashMap<>();
+            params.put("grant_type", CLIENT_CREDENTIALS_GRANT);
+            params.put("client_id", clientId);
+            params.put("client_secret", clientSecret);
+
+            if (scope != null) {
+                params.put("scope", scope);
+            }
+
             final String paramsEncoded = params.entrySet().stream().map(entry -> String.join("=",
                     URLEncoder.encode(entry.getKey(), UTF_8),
                     URLEncoder.encode(entry.getValue(), UTF_8))

diff --git a/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java b/rest-client-jdk/src/test/java/io/apicurio/rest/client/auth/AuthTest.java
@@ -24,7 +24,7 @@ public class AuthTest {
     private static ApicurioHttpClient httpClient;
 
     private OidcAuth createOidcAuth(String adminClientId) {
-        return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18));
+        return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18), "openid profile email");
     }
 
     @BeforeAll

diff --git a/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java b/rest-client-vertx/src/test/java/io/apicurio/rest/client/auth/VertxAuthTest.java
@@ -73,6 +73,6 @@ public static void close() {
     }
 
     private OidcAuth createOidcAuth(String adminClientId) {
-        return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18));
+        return new OidcAuth(httpClient, adminClientId, "test1", Duration.ofSeconds(18), "openid profile email");
     }
 }