Refactor outbound authentication with custom providers and handlers

examples/secured-client-with-basic-auth/secured_client_with_basic_auth.bal

@@ -3,16 +3,22 @@ import ballerina/config;
 import ballerina/http;
 import ballerina/log;
 
-// Define the basic auth client endpoint to call the backend services.
-// Basic authentication is enabled by setting the `scheme: http:BASIC_AUTH`
-// The `username` and `password` should be specified as needed.
+// Defines the Basic Auth client endpoint to call the backend services.
+// Basic Authentication is enabled by creating an
+// `auth:OutboundBasicAuthProvider` with the `username` and `password`
+// passed as a record.
+auth:OutboundBasicAuthProvider outboundBasicAuthProvider = new({
+    username: "tom",
+    password: "1234"
+});
+
+// Creates a Basic Auth handler with the created Basic Auth provider.
+http:BasicAuthHandler outboundBasicAuthHandler =
+                                            new(outboundBasicAuthProvider);
+
 http:Client httpEndpoint = new("https://localhost:9090", config = {
     auth: {
-        scheme: http:BASIC_AUTH,
-        config: {
-            username: "tom",
-            password: "1234"
-        }
+        authHandler: outboundBasicAuthHandler
     }
 });
 
@@ -31,13 +37,13 @@ public function main() {
     }
 }
 
-// Create a Basic authentication handler with the relevant configurations.
-auth:ConfigAuthStoreProvider basicAuthProvider = new;
-http:BasicAuthHeaderAuthnHandler basicAuthnHandler = new(basicAuthProvider);
-
+// Defines the sample backend service, which is secured with Basic Auth
+// authentication.
+auth:InboundBasicAuthProvider inboundBasicAuthProvider = new(());
+http:BasicAuthHandler inboundBasicAuthHandler = new(inboundBasicAuthProvider);
 listener http:Listener ep  = new(9090, config = {
     auth: {
-        authnHandlers: [basicAuthnHandler]
+        authHandlers: [inboundBasicAuthHandler]
     },
     secureSocket: {
         keyStore: {
@@ -47,19 +53,8 @@ listener http:Listener ep  = new(9090, config = {
     }
 });
 
-@http:ServiceConfig {
-    basePath: "/hello",
-    auth: {
-        enabled: true
-    }
-}
-service echo on ep {
-
-    @http:ResourceConfig {
-        methods: ["GET"],
-        path: "/sayHello"
-    }
-    resource function hello(http:Caller caller, http:Request req) {
+service hello on ep {
+    resource function sayHello(http:Caller caller, http:Request req) {
         error? result = caller->respond("Hello, World!!!");
         if (result is error) {
             log:printError("Error in responding to caller", err = result);

examples/secured-client-with-basic-auth/secured_client_with_basic_auth.description

@@ -1,6 +1,9 @@
-// A secured client with basic authentication is used to connect to a
-// secured service with basic authentication. An additional `auth`
-// field is added to the HTTP client endpoint initialization in order
-// to make the simple HTTP client endpoint into a secure client endpoint.
-// Inside the `auth` field the `scheme`, `username` and `password`
-// is defined for basic authentication.
+// A client, which is secured with Basic authentication should be used to
+// connect to a service, which is secured with Basic authentication.
+// The `auth:OutboundBasicAuthProvider` is initialized with the `username` and
+// `password` and the `http:BasicAuthHandler` is initialized by providing
+// the created `auth:OutboundBasicAuthProvider`. An additional `auth` field is
+// added to the HTTP  client endpoint initialization in order to secure the
+// simple HTTP client endpoint.
+// The `authHandler` field is defined inside the `auth` field with the value of
+// it being the reference of the created `http:BearerAuthHandler`.

examples/secured-client-with-jwt-auth/secured_client_with_jwt_auth.bal

@@ -1,86 +1,80 @@
-// TODO: Resolve with https://github.com/ballerina-platform/ballerina-lang/issues/15487
-//import ballerina/http;
-//import ballerina/jwt;
-//import ballerina/log;
-//import ballerina/runtime;
-//
-//// Define the JWT auth client endpoint to call the backend services.
-//// JWT authentication is enabled by setting the `scheme: http:JWT_AUTH`
-//http:Client httpEndpoint = new("https://localhost:9090", config = {
-//    auth: {
-//        scheme: http:JWT_AUTH
-//    }
-//});
-//
-//public function main() {
-//    // Set the JWT token into runtime invocation context mentioning
-//    // scheme as `jwt`
-//    string token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiYWxsZXJ" +
-//        "pbmEiLCJpc3MiOiJiYWxsZXJpbmEiLCJleHAiOjI4MTg0MTUwMTksImlhdCI6MTUyND" +
-//        "U3NTAxOSwianRpIjoiZjVhZGVkNTA1ODVjNDZmMmI4Y2EyMzNkMGMyYTNjOWQiLCJhdW" +
-//        "QiOlsiYmFsbGVyaW5hIiwiYmFsbGVyaW5hLm9yZyIsImJhbGxlcmluYS5pbyJdLCJzY" +
-//        "29wZSI6ImhlbGxvIn0.bNoqz9_DzgeKSK6ru3DnKL7NiNbY32ksXPYrh6Jp0_O3ST7W" +
-//        "fXMs9WVkx6Q2TiYukMAGrnMUFrJnrJvZwC3glAmRBrl4BYCbQ0c5mCbgM9qhhCjC1tB" +
-//        "A50rjtLAtRW-JTRpCKS0B9_EmlVKfvXPKDLIpM5hnfhOin1R3lJCPspJ2ey_Ho6fDhs" +
-//        "KE3DZgssvgPgI9PBItnkipQ3CqqXWhV-RFBkVBEGPDYXTUVGbXhdNOBSwKw5ZoVJrCU" +
-//        "iNG5XD0K4sgN9udVTi3EMKNMnVQaq399k6RYPAy3vIhByS6QZtRjOG8X93WJw-9GLiH" +
-//        "vcabuid80lnrs2-mAEcstgiHVw";
-//    runtime:getInvocationContext().authenticationContext.scheme = "jwt";
-//    runtime:getInvocationContext().authenticationContext.authToken = token;
-//
-//    // Send a `GET` request to the specified endpoint.
-//    var response = httpEndpoint->get("/hello/sayHello");
-//    if (response is http:Response) {
-//        var result = response.getTextPayload();
-//        log:printInfo((result is error) ? "Failed to retrieve payload."
-//                                        : result);
-//    } else {
-//        log:printError("Failed to call the endpoint.", err = response);
-//    }
-//}
-//
-//// Create a JWT authentication provider with the relevant configurations.
-//jwt:JWTAuthProvider jwtAuthProvider = new({
-//    issuer: "ballerina",
-//    audience: ["ballerina.io"],
-//    certificateAlias: "ballerina",
-//    trustStore: {
-//        path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
-//        password: "ballerina"
-//    }
-//});
-//
-//// Create a JWT authentication handler with the created JWT auth provider.
-//http:BearerAuthHeaderAuthnHandler jwtAuthnHandler = new(jwtAuthProvider);
-//
-//listener http:Listener ep = new(9090, config = {
-//    auth: {
-//        authnHandlers: [jwtAuthnHandler]
-//    },
-//    secureSocket: {
-//        keyStore: {
-//            path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
-//            password: "ballerina"
-//        }
-//    }
-//});
-//
-//@http:ServiceConfig {
-//    basePath: "/hello",
-//    auth: {
-//        enabled: true
-//    }
-//}
-//service echo on ep {
-//
-//    @http:ResourceConfig {
-//        methods: ["GET"],
-//        path: "/sayHello"
-//    }
-//    resource function hello(http:Caller caller, http:Request req) {
-//        error? result = caller->respond("Hello, World!!!");
-//        if (result is error) {
-//            log:printError("Error in responding to caller", err = result);
-//        }
-//    }
-//}
+import ballerina/http;
+import ballerina/jwt;
+import ballerina/log;
+import ballerina/runtime;
+
+// Defines the JWT auth client endpoint to call the backend services.
+// JWT authentication is enabled by creating a `jwt:OutboundJWTAuthProvider`
+// with/without passing the JWT issuer configurations as a record. If the JWT
+// issuer configurations are passed, a new JWT will be issued and it will be
+// used for the outbound authentication.
+jwt:OutboundJwtAuthProvider outboundJwtAuthProvider = new(());
+
+// Create a Bearer Auth handler with the created JWT Auth provider.
+http:BearerAuthHandler outboundJwtAuthHandler = new(outboundJwtAuthProvider);
+
+http:Client httpEndpoint = new("https://localhost:9090", config = {
+    auth: {
+        authHandler: outboundJwtAuthHandler
+    }
+});
+
+public function main() {
+    // Sets the JWT token into the runtime invocation context mentioning
+    // the scheme as `jwt`.
+    string token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiYWxsZXJ" +
+        "pbmEiLCJpc3MiOiJiYWxsZXJpbmEiLCJleHAiOjI4MTg0MTUwMTksImlhdCI6MTUyND" +
+        "U3NTAxOSwianRpIjoiZjVhZGVkNTA1ODVjNDZmMmI4Y2EyMzNkMGMyYTNjOWQiLCJhd" +
+        "WQiOlsiYmFsbGVyaW5hIiwiYmFsbGVyaW5hLm9yZyIsImJhbGxlcmluYS5pbyJdLCJz" +
+        "Y29wZSI6ImhlbGxvIn0.bNoqz9_DzgeKSK6ru3DnKL7NiNbY32ksXPYrh6Jp0_O3ST7" +
+        "WfXMs9WVkx6Q2TiYukMAGrnMUFrJnrJvZwC3glAmRBrl4BYCbQ0c5mCbgM9qhhCjC1t" +
+        "BA50rjtLAtRW-JTRpCKS0B9_EmlVKfvXPKDLIpM5hnfhOin1R3lJCPspJ2ey_Ho6fDh" +
+        "sKE3DZgssvgPgI9PBItnkipQ3CqqXWhV-RFBkVBEGPDYXTUVGbXhdNOBSwKw5ZoVJrC" +
+        "UiNG5XD0K4sgN9udVTi3EMKNMnVQaq399k6RYPAy3vIhByS6QZtRjOG8X93WJw-9GLi" +
+        "Hvcabuid80lnrs2-mAEcstgiHVw";
+    runtime:getInvocationContext().authenticationContext.scheme = "jwt";
+    runtime:getInvocationContext().authenticationContext.authToken = token;
+
+    // Sends a `GET` request to the specified endpoint.
+    var response = httpEndpoint->get("/hello/sayHello");
+    if (response is http:Response) {
+        var result = response.getTextPayload();
+        log:printInfo((result is error) ? "Failed to retrieve payload."
+                                        : result);
+    } else {
+        log:printError("Failed to call the endpoint.", err = response);
+    }
+}
+
+// Defines the sample backend service, which is secured with JWT Auth
+// authentication.
+jwt:InboundJwtAuthProvider inboundJwtAuthProvider = new({
+    issuer: "ballerina",
+    audience: ["ballerina.io"],
+    certificateAlias: "ballerina",
+    trustStore: {
+        path: "${ballerina.home}/bre/security/ballerinaTruststore.p12",
+        password: "ballerina"
+    }
+});
+http:BearerAuthHandler inboundJwtAuthHandler = new(inboundJwtAuthProvider);
+listener http:Listener ep = new(9090, config = {
+    auth: {
+        authHandlers: [inboundJwtAuthHandler]
+    },
+    secureSocket: {
+        keyStore: {
+            path: "${ballerina.home}/bre/security/ballerinaKeystore.p12",
+            password: "ballerina"
+        }
+    }
+});
+
+service hello on ep {
+    resource function sayHello(http:Caller caller, http:Request req) {
+        error? result = caller->respond("Hello, World!!!");
+        if (result is error) {
+            log:printError("Error in responding to caller", err = result);
+        }
+    }
+}

examples/secured-client-with-jwt-auth/secured_client_with_jwt_auth.description

@@ -1,5 +1,12 @@
-// A secured client with JWT authentication is used to connect to a
-// secured service with JWT authentication. An additional `auth`
-// field is added to the HTTP client endpoint initialization in order
-// to make the simple HTTP client endpoint into a secure client endpoint.
-// Inside the `auth` field the `scheme` is defined for JWT authentication.
+// A secured client, which is secured  with JWT authentication should be used
+// to connect to a service, which is secured with JWT authentication.
+// The `jwt:OutboundJWTAuthProvider` is initialized with/without passing
+// the JWT issuer configurations as a record. If the JWT issuer configurations
+// are passed, a new JWT will be issued and it will be used for the outbound
+// authentication. The `http:BearerAuthHandler` is initialized by  providing
+// the created `jwt:OutboundBasicAuthProvider`. An additional `auth` field is
+// added to the HTTP client endpoint initialization in order to secure the
+// simple HTTP client endpoint.
+// The `authHandler` field is defined inside the `auth` field with the value
+// of it being the reference of the created `http:BearerAuthHandler`.
+

examples/secured-client-with-jwt-auth/tests/secured_client_with_jwt_auth_test.bal

@@ -1,23 +1,22 @@
-// TODO: Resolve with https://github.com/ballerina-platform/ballerina-lang/issues/15487
-//import ballerina/test;
-//import ballerina/log;
-//
-//string log = "";
-//
-//// This is the mock function which will replace the real function
-//@test:Mock {
-//    moduleName: "ballerina/log",
-//    functionName: "printInfo"
-//}
-//public function mockPrintInfo(string|(function () returns (string)) msg) {
-//    if (msg is string) {
-//        log = msg;
-//    }
-//}
-//
-//@test:Config
-//function testFunc() {
-//    // Invoking the main function
-//    main();
-//    test:assertEquals(log, "Hello, World!!!");
-//}
+import ballerina/test;
+import ballerina/log;
+
+string log = "";
+
+// This is the mock function, which will replace the real function.
+@test:Mock {
+    moduleName: "ballerina/log",
+    functionName: "printInfo"
+}
+public function mockPrintInfo(string|(function () returns (string)) msg) {
+    if (msg is string) {
+        log = msg;
+    }
+}
+
+@test:Config
+function testFunc() {
+    // Invokes the main function,
+    main();
+    test:assertEquals(log, "Hello, World!!!");
+}