-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http91 bearer token support #117
Conversation
f5bef34
to
bea7c28
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Happy to see this change.
Left some comments/questions.
Apart from them, there is a code formater check failing on build.
src/main/java/com/getindata/connectors/http/internal/auth/OidcAccessTokenManager.java
Outdated
Show resolved
Hide resolved
...n/java/com/getindata/connectors/http/internal/table/lookup/HttpLookupTableSourceFactory.java
Outdated
Show resolved
Hide resolved
src/main/java/com/getindata/connectors/http/internal/table/lookup/RequestFactoryBase.java
Outdated
Show resolved
Hide resolved
src/test/java/com/getindata/connectors/http/internal/auth/OidcAccessTokenManagerTest.java
Show resolved
Hide resolved
src/test/java/com/getindata/connectors/http/internal/auth/OidcAccessTokenManagerTest.java
Show resolved
Hide resolved
...va/com/getindata/connectors/http/internal/table/lookup/HttpLookupTableSourceFactoryTest.java
Show resolved
Hide resolved
...va/com/getindata/connectors/http/internal/table/lookup/HttpLookupTableSourceFactoryTest.java
Outdated
Show resolved
Hide resolved
src/main/java/com/getindata/connectors/http/internal/auth/OidcAccessTokenManager.java
Show resolved
Hide resolved
@kristoffSC The fix isn't quite ready so I let the pr in draft. I was going to get the code clean before making the pr ready for review. But it is bonus that you have given me feedback anyway - that is really helpful - thanks :-)
In this way we preprocess the basic and OIDC authorization header content prior to calling the request. Also the change is minimal for the main code base, as it just tweaks the authorization header leaving the request processing unchanged. Before this change, the basic auth content could have been processed then we override it with an OIDC header. I am reworking the fix in this design. WDYT? |
@kristoffSC pushed up the new code addressing most of the code review comments - testing now. |
db8a2e0
to
74f0c72
Compare
@kristoffSC Hi I have been testing against the watsonx APIs, the latest fix is not working (I will sort that out). During this testing I found that the SSL handshake was failing. I had assumed that it would pickup the default JAVA certificates, but it does not. We can see that the SSLContext is created.
In Line 145 in 05d3b47
If not we could just not put the SSLContext on the httpRequest when there is no supplied keystore. My actions at this stage are to:
|
@kristoffSC the new design is not working because the preprocessing only works if there is a header to preprocess. In my case it was not working as I had not defined a Authentication header in the config - if I do it works. I see the following options: I am looking at option 2 as 1 seems unnecessary extra considerations for the user, 3 seems a bit of a hack. WDYT? |
e345642
to
ed4ec0d
Compare
0c91b48
to
1aae69e
Compare
I have included the public certs and it works. By this I mean while testing I put the public server cert in an ssl folder and referred to it in the config. Ideally we should not have to do this as public certs should just work as they are in the JVM- as per previous updates |
Hi @davidradl Regarding this Pr here, |
Hi @kristoffSC, In response to your comment
I have coded up option 2, by dummy header - if you search for dummy in the pr code you will see what I mean. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have coded up option 2, by dummy header - if you search for dummy in the pr code you will see what I mean.
This allows me to add an oidc header pre processor. I think adding another header pre processor like the basic auth one, seems a good place to put this. Do you have a strong view as to why this is not a good idea? Option 2 changes the main code path as you previously noted.
For me the dummy header looks fine. We can always refactor if we come up with better solution in the future.
I left only a few minor comments.
src/main/java/com/getindata/connectors/http/internal/ComposeHeaderPreprocessor.java
Outdated
Show resolved
Hide resolved
src/main/java/com/getindata/connectors/http/internal/table/lookup/HttpLookupTableSource.java
Outdated
Show resolved
Hide resolved
src/test/java/com/getindata/connectors/http/internal/auth/OidcAccessTokenManagerTest.java
Outdated
Show resolved
Hide resolved
8e515fc
to
d54a4c8
Compare
Signed-off-by: davidradl <[email protected]>
@grzegorz8 Hi there I have fixed up the requested changes- please could you review and ee if there is anything else you can spot and GTM if you are good with the changes. |
Thanks. I'll review it soon. |
@grzegorz8 sorry - good point- I forgot. |
src/main/java/com/getindata/connectors/http/internal/OIDCAuthHeaderValuePreprocessor.java
Outdated
Show resolved
Hide resolved
src/main/java/com/getindata/connectors/http/internal/table/lookup/HttpLookupTableSource.java
Outdated
Show resolved
Hide resolved
@grzegorz8 On the review comment , saying it was not addressed; I do not see any format changes now introduced by the fix. I see : |
Signed-off-by: davidradl <[email protected]>
This is what I see: |
@grzegorz8 I see - I thought you were referring to line 82. I will make this change. |
Signed-off-by: davidradl <[email protected]>
Signed-off-by: davidradl <[email protected]>
Signed-off-by: davidradl <[email protected]>
@grzegorz8 I fixed the format of the one you pointed out and also some in the test files. Let me know if you need anything else changing. |
All suggestions have been applied.
Description
Add support for bearer tokens.
Resolves
HTTP91
PR Checklist