schema-registry icon indicating copy to clipboard operation
schema-registry copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

DGS-3719 Added OAuthCredentialProvider and CachedOauthTokenRetriever

Open varunpv opened this issue 2 years ago • 3 comments

  • Added OAuthCredentialProvider which implements BearerAuthCredentialProvider
  • Implemented CachedAccessTokenRetriever which is a wrapper around HttpAccessTokenRetriever with simple caching mechanism. This is used by OAuthCredentialProvider to get token during

1-pager https://confluentinc.atlassian.net/wiki/spaces/DG/pages/2780922127/Schema+Registry+Client+Change+for+Oauth+OIDC+Integration

varunpv avatar Jul 22 '22 05:07 varunpv

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jul 22 '22 05:07 CLAassistant

@varunpv Please add more explanatory comments in the code.

amalgawa avatar Jul 25 '22 12:07 amalgawa

The code in CachedOauthTokenRetriever and OAuthCredentialProvider looks straightforward.

If you weren't already aware of it, you might want to take a look at ValidatorAccessTokenValidator. Its validation logic is a little more thorough as it leverages the jose4j library for JWT parsing, checks required claims are present, and performs signature validation. LoginAccessTokenValidator doesn't use jose4j and offers only cursory validation.

Considering this is client side code and server side token validation will happen some where else ( SDS service in case of Schema registry, Ksql etc), is ValidatorAccessTokenValidator recommended to be used here ?

varunpv avatar Aug 01 '22 05:08 varunpv