Merge pull request #36501 from sberyozkin/oidc_token_propagatiion_exc…

…hange_token

Let custom OIDC token propagation filters customize the exchange status

extensions/oidc-token-propagation-reactive/runtime/src/main/java/io/quarkus/oidc/token/propagation/reactive/AccessTokenRequestReactiveFilter.java

@@ -59,13 +59,13 @@ public AccessTokenRequestReactiveFilter() {
 
     @PostConstruct
     public void initExchangeTokenClient() {
-        if (exchangeToken) {
+        if (isExchangeToken()) {
             OidcClients clients = Arc.container().instance(OidcClients.class).get();
             String clientName = getClientName();
             exchangeTokenClient = clientName != null ? clients.getClient(clientName) : clients.getClient();
             Grant.Type exchangeTokenGrantType = ConfigProvider.getConfig()
                     .getValue(
-                            "quarkus.oidc-client." + (oidcClientName.isPresent() ? oidcClientName.get() + "." : "")
+                            "quarkus.oidc-client." + (clientName != null ? clientName + "." : "")
                                     + "grant.type",
                             Grant.Type.class);
             if (exchangeTokenGrantType == Grant.Type.EXCHANGE) {
@@ -79,6 +79,10 @@ public void initExchangeTokenClient() {
         }
     }
 
+    protected boolean isExchangeToken() {
+        return exchangeToken;
+    }
+
     @Override
     public void filter(ResteasyReactiveClientRequestContext requestContext) {
         if (verifyTokenInstance(requestContext)) {

extensions/oidc-token-propagation/deployment/src/test/java/io/quarkus/oidc/token/propagation/CustomAccessTokenRequestFilter.java

@@ -0,0 +1,15 @@
+package io.quarkus.oidc.token.propagation;
+
+public class CustomAccessTokenRequestFilter extends AccessTokenRequestFilter {
+
+    @Override
+    protected String getClientName() {
+        return "exchange";
+    }
+
+    @Override
+    protected boolean isExchangeToken() {
+        return true;
+    }
+
+}

extensions/oidc-token-propagation/runtime/src/main/java/io/quarkus/oidc/token/propagation/AccessTokenRequestFilter.java

@@ -52,13 +52,13 @@ public AccessTokenRequestFilter() {
 
     @PostConstruct
     public void initExchangeTokenClient() {
-        if (exchangeToken) {
+        if (isExchangeToken()) {
             OidcClients clients = Arc.container().instance(OidcClients.class).get();
             String clientName = getClientName();
             exchangeTokenClient = clientName != null ? clients.getClient(clientName) : clients.getClient();
             Grant.Type exchangeTokenGrantType = ConfigProvider.getConfig()
                     .getValue(
-                            "quarkus.oidc-client." + (oidcClientName.isPresent() ? oidcClientName.get() + "." : "")
+                            "quarkus.oidc-client." + (clientName != null ? clientName + "." : "")
                                     + "grant.type",
                             Grant.Type.class);
             if (exchangeTokenGrantType == Grant.Type.EXCHANGE) {
@@ -72,6 +72,10 @@ public void initExchangeTokenClient() {
         }
     }
 
+    protected boolean isExchangeToken() {
+        return exchangeToken;
+    }
+
     @Override
     public void filter(ClientRequestContext requestContext) throws IOException {
         if (acquireTokenCredentialFromCtx(requestContext)) {

integration-tests/oidc-token-propagation/src/main/java/io/quarkus/it/keycloak/AccessTokenPropagationService.java

@@ -3,12 +3,11 @@
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 
+import org.eclipse.microprofile.rest.client.annotation.RegisterProvider;
 import org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
 
-import io.quarkus.oidc.token.propagation.AccessToken;
-
 @RegisterRestClient(configKey = "access-token-propagation")
-@AccessToken
+@RegisterProvider(CustomAccessTokenRequestFilter.class)
 @Path("/")
 public interface AccessTokenPropagationService {
 

integration-tests/oidc-token-propagation/src/main/java/io/quarkus/it/keycloak/CustomAccessTokenRequestFilter.java

@@ -0,0 +1,15 @@
+package io.quarkus.it.keycloak;
+
+import io.quarkus.oidc.token.propagation.AccessTokenRequestFilter;
+
+public class CustomAccessTokenRequestFilter extends AccessTokenRequestFilter {
+    @Override
+    protected String getClientName() {
+        return "exchange-token";
+    }
+
+    @Override
+    protected boolean isExchangeToken() {
+        return true;
+    }
+}

integration-tests/oidc-token-propagation/src/main/resources/application.properties

@@ -18,9 +18,6 @@ quarkus.oidc-client.exchange-token.credentials.secret=${quarkus.oidc.credentials
 quarkus.oidc-client.exchange-token.grant.type=exchange
 quarkus.oidc-client.exchange-token.grant-options.exchange.audience=quarkus-app-exchange
 
-quarkus.oidc-token-propagation.exchange-token=true
-quarkus.oidc-token-propagation.client-name=exchange-token
-
 quarkus.rest-client.jwt-token-propagation.uri=http://localhost:8081/protected
 quarkus.rest-client.jwt-token-propagation.verify-host=false
 quarkus.rest-client.access-token-propagation.uri=http://localhost:8081/protected