Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add HTTP Basic Auth option to OAuthHandler #15729

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add HTTP Basic Auth option to OAuthHandler #15729

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 26 additions & 2 deletions .../cdap-data-pipeline-base/src/main/java/io/cdap/cdap/datapipeline/oauth/OAuthProvider.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,15 +26,18 @@ public class OAuthProvider {
private final String tokenRefreshURL;
@Nullable
private final OAuthClientCredentials clientCreds;
private final CredentialEncodingStrategy strategy;

public OAuthProvider(String name,
String loginURL,
String tokenRefreshURL,
@Nullable OAuthClientCredentials clientCreds) {
@Nullable OAuthClientCredentials clientCreds,
@Nullable CredentialEncodingStrategy strategy) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

usually constructors are meant to be private if the builder class exists for objects.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changing this seems outside the scope of my PR though

this.name = name;
this.loginURL = loginURL;
this.tokenRefreshURL = tokenRefreshURL;
this.clientCreds = clientCreds;
this.strategy = strategy;
}

public String getName() {
Expand All @@ -54,6 +57,17 @@ public OAuthClientCredentials getClientCredentials() {
return clientCreds;
}

public CredentialEncodingStrategy getCredentialEncodingStrategy() {
return strategy;
}

public enum CredentialEncodingStrategy {
// (default) Sends client ID & secret as part of the POST request body
FORM_BODY,
// Sends client ID & secret as part of a HTTP Basic Auth header
BASIC_AUTH,
}

public static Builder newBuilder() {
return new Builder();
}
Expand All @@ -66,6 +80,7 @@ public static class Builder {
private String loginURL;
private String tokenRefreshURL;
private OAuthClientCredentials clientCreds;
private CredentialEncodingStrategy strategy;

public Builder() {}

Expand All @@ -89,11 +104,20 @@ public Builder withClientCredentials(@Nullable OAuthClientCredentials clientCred
return this;
}

public Builder withCredentialEncodingStrategy(@Nullable CredentialEncodingStrategy strategy) {
this.strategy = strategy;
return this;
}

public OAuthProvider build() {
Preconditions.checkNotNull(name, "OAuth provider name missing");
Preconditions.checkNotNull(loginURL, "Login URL missing");
Preconditions.checkNotNull(tokenRefreshURL, "Token refresh URL missing");
return new OAuthProvider(name, loginURL, tokenRefreshURL, clientCreds);
// Default to FORM_BODY strategy
if (strategy == null) {
this.strategy = CredentialEncodingStrategy.FORM_BODY;
}
return new OAuthProvider(name, loginURL, tokenRefreshURL, clientCreds, strategy);
}
}
}
8 changes: 7 additions & 1 deletion ...-pipeline-base/src/main/java/io/cdap/cdap/datapipeline/oauth/PutOAuthProviderRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,14 @@ public class PutOAuthProviderRequest {
private final String tokenRefreshURL;
private final String clientId;
private final String clientSecret;
private final OAuthProviderRequest.CredentialEncodingStrategy strategy;

public PutOAuthProviderRequest(String loginURL, String tokenRefreshURL, String clientId, String clientSecret) {
public PutOAuthProviderRequest(String loginURL, String tokenRefreshURL, String clientId, String clientSecret, OAuthProviderRequest.CredentialEncodingStrategy strategy) {
this.loginURL = loginURL;
this.tokenRefreshURL = tokenRefreshURL;
this.clientId = clientId;
this.clientSecret = clientSecret;
this.strategy = strategy;
}

public String getLoginURL() {
Expand All @@ -48,4 +50,8 @@ public String getClientId() {
public String getClientSecret() {
return clientSecret;
}

public OAuthProviderRequest.CredentialEncodingStrategy getCredentialEncodingStrategy() {
return strategy;
}
}
64 changes: 52 additions & 12 deletions ...cdap-data-pipeline-base/src/main/java/io/cdap/cdap/datapipeline/service/OAuthHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
import io.cdap.cdap.datapipeline.oauth.OAuthStoreException;
import io.cdap.cdap.datapipeline.oauth.PutOAuthCredentialRequest;
import io.cdap.cdap.datapipeline.oauth.PutOAuthProviderRequest;
import io.cdap.cdap.datapipeline.oauth.PutOAuthProviderRequest.CredentialEncodingStrategy;
import io.cdap.cdap.datapipeline.oauth.RefreshTokenResponse;
import io.cdap.common.http.HttpRequest;
import io.cdap.common.http.HttpRequests;
Expand All @@ -43,6 +44,7 @@
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Optional;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
Expand Down Expand Up @@ -115,6 +117,7 @@ public void putOAuthProvider(HttpServiceRequest request, HttpServiceResponder re
PutOAuthProviderRequest putOAuthProviderRequest = GSON.fromJson(
StandardCharsets.UTF_8.decode(request.getContent()).toString(),
PutOAuthProviderRequest.class);
CredentialEncodingStrategy strategy = putOAuthProviderRequest.getCredentialEncodingStrategy();
// Validate URLs
URL loginURL = new URL(putOAuthProviderRequest.getLoginURL());
URL tokenRefreshURL = new URL(putOAuthProviderRequest.getTokenRefreshURL());
Expand All @@ -132,6 +135,7 @@ public void putOAuthProvider(HttpServiceRequest request, HttpServiceResponder re
.withLoginURL(loginURL.toString())
.withTokenRefreshURL(tokenRefreshURL.toString())
.withClientCredentials(clientCredentials)
.withCredentialEncodingStrategy(strategy)
.build();
oauthStore.writeProvider(provider, reuseClientCredentials);
responder.sendStatus(HttpURLConnection.HTTP_OK);
Expand Down Expand Up @@ -310,13 +314,29 @@ private boolean checkCredIsValid(HttpResponse response) throws OAuthServiceExcep
private HttpRequest createGetRefreshTokenRequest(OAuthProvider provider, String code, String redirectURI)
throws OAuthServiceException {
OAuthClientCredentials clientCreds = provider.getClientCredentials();
try {
return HttpRequest.post(new URL(provider.getTokenRefreshURL()))
.withBody(String.format(
CredentialEncodingStrategy strategy = provider.getCredentialEncodingStrategy();

String body;
switch (strategy) {
case BASIC_AUTH:
body = String.format("code=%s&redirect_uri=%s&grant_type=authorization_code", code, redirectURI);
case FORM_BODY:
default:
body = String.format(
"code=%s&redirect_uri=%s&client_id=%s&client_secret=%s&grant_type=authorization_code",
code, redirectURI, clientCreds.getClientId(), clientCreds.getClientSecret()))
.addHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED)
.build();
code, redirectURI, clientCreds.getClientId(), clientCreds.getClientSecret());
}

try {
HttpRequest.Builder requestBuilder = HttpRequest.post(new URL(provider.getTokenRefreshURL()))
.withBody(body)
.addHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED);

if (strategy == CredentialEncodingStrategy.BASIC_AUTH) {
requestBuilder.addHeader(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(clientCreds));
}

return requestBuilder.build();
} catch (MalformedURLException e) {
throw new OAuthServiceException(HttpURLConnection.HTTP_INTERNAL_ERROR, "Malformed URL", e);
}
Expand All @@ -325,19 +345,39 @@ private HttpRequest createGetRefreshTokenRequest(OAuthProvider provider, String
private HttpRequest createGetAccessTokenRequest(OAuthProvider provider, String refreshToken)
throws OAuthServiceException {
OAuthClientCredentials clientCreds = provider.getClientCredentials();
try {
return HttpRequest.post(new URL(provider.getTokenRefreshURL()))
.withBody(
String.format("grant_type=refresh_token&client_id=%s&client_secret=%s&refresh_token=%s",
CredentialEncodingStrategy strategy = provider.getCredentialEncodingStrategy();

String body;
switch (strategy) {
case BASIC_AUTH:
body = String.format("grant_type=refresh_token&refresh_token=%s", refreshToken);
Awk34 marked this conversation as resolved.
Show resolved Hide resolved
break;
case FORM_BODY: // fall-through
default:
body = String.format("grant_type=refresh_token&client_id=%s&client_secret=%s&refresh_token=%s",
clientCreds.getClientId(),
clientCreds.getClientSecret(),
refreshToken))
.build();
refreshToken);
}

try {
HttpRequest.Builder requestBuilder = HttpRequest.post(new URL(provider.getTokenRefreshURL()))
.withBody(body);

if (strategy == CredentialEncodingStrategy.BASIC_AUTH) {
requestBuilder.addHeader(HttpHeaders.AUTHORIZATION, getBasicAuthHeader(clientCreds));
}

return requestBuilder.build();
} catch (MalformedURLException e) {
throw new OAuthServiceException(HttpURLConnection.HTTP_INTERNAL_ERROR, "Malformed URL", e);
}
}

private String getBasicAuthHeader(OAuthClientCredentials clientCreds) {
return String.format("Basic %s", Base64.getEncoder().encode(String.format("%s:%s", clientCreds.getClientId(), clientCreds.getClientSecret()).getBytes()));
}

private OAuthProvider getProvider(String provider) throws OAuthServiceException {
try {
Optional<OAuthProvider> providerOptional = oauthStore.getProvider(provider);
Expand Down
Loading