feat(oidc-client): allow forcing the oidc client filter to get new to…

…kens, discarding all access or refresh tokens
quarkusio · Jan 30, 2024 · fc68cde · fc68cde
1 parent 8361af1
commit fc68cde
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 3 deletions.
diff --git a/...c-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java b/...c-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java
@@ -6,13 +6,17 @@
 import jakarta.annotation.PostConstruct;
 import jakarta.inject.Inject;
 
+import org.jboss.logging.Logger;
+
 import io.quarkus.arc.Arc;
 import io.quarkus.oidc.client.OidcClient;
 import io.quarkus.oidc.client.OidcClients;
 import io.quarkus.oidc.client.Tokens;
 import io.smallrye.mutiny.Uni;
 
 public abstract class AbstractTokensProducer {
+    private static final Logger LOG = Logger.getLogger(AbstractTokensProducer.class);
+    private static final String DEFAULT_OIDC_CLIENT_ID = "Default";
     private OidcClient oidcClient;
 
     protected boolean earlyTokenAcquisition = true;
@@ -46,7 +50,13 @@ protected void initTokens() {
     }
 
     public Uni<Tokens> getTokens() {
-        return tokensHelper.getTokens(oidcClient);
+        final boolean forceNewTokens = isForceNewTokens();
+        if (forceNewTokens) {
+            final Optional<String> clientId = clientId();
+            LOG.debugf("%s OidcClient will discard the current access and refresh tokens",
+                    clientId.orElse(DEFAULT_OIDC_CLIENT_ID));
+        }
+        return tokensHelper.getTokens(oidcClient, forceNewTokens);
     }
 
     public Tokens awaitTokens() {
@@ -60,4 +70,12 @@ public Tokens awaitTokens() {
     protected Optional<String> clientId() {
         return Optional.empty();
     }
+
+    /**
+     * @return {@code true} if the OIDC client must acquire a new set of tokens, discarding
+     *         previously obtained access and refresh tokens.
+     */
+    protected boolean isForceNewTokens() {
+        return false;
+    }
 }
diff --git a/...nsions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java b/...nsions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java
@@ -21,6 +21,10 @@ public void initTokens(OidcClient oidcClient) {
     }
 
     public Uni<Tokens> getTokens(OidcClient oidcClient) {
+        return getTokens(oidcClient, false);
+    }
+
+    public Uni<Tokens> getTokens(OidcClient oidcClient, boolean forceNewTokens) {
         TokenRequestState currentState = null;
         TokenRequestState newState = null;
         //if the tokens are expired we refresh them in an async manner
@@ -39,9 +43,9 @@ public Uni<Tokens> getTokens(OidcClient oidcClient) {
                 return currentState.tokenUni;
             } else {
                 Tokens tokens = currentState.tokens;
-                if (tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) {
+                if (forceNewTokens || tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) {
                     newState = new TokenRequestState(
-                            prepareUni((tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired())
+                            prepareUni((!forceNewTokens && tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired())
                                     ? oidcClient.refreshTokens(tokens.getRefreshToken())
                                     : oidcClient.getTokens()));
                     if (tokenRequestStateUpdater.compareAndSet(this, currentState, newState)) {