Open boydingham opened 3 years ago
This one and these other two...
/api/offenders/
...Will be what I would like to pick your brains on @petergphillips @andymarke, whenever we get a chance to talk off line.
For endpoints that create data you need to provide an extra parameter when you create the client credentials of username=<valid nomis user>
.
Thank you @petergphillips,
"...For endpoints that create data you need to provide an extra parameter when you create the client credentials of
username=<valid nomis user>
..."
I will give that a shot in a few.
I guess that's an example of what they call "Implicit Knowledge" (aka, "Tribal Knowledge"). Right? Because I haven't seen that documented anywhere. And I've read a ton of stuff so far about several different HMPPS/MOJ/DPS projects.
Please correct me if I'm wrong though. Please point me to the documentation of that, that I overlooked? TIA.
"...
<valid nomis user>
..."
I will proceed on the assumption that "_ITAGUSER" is one such <valid nomis user>
.
Or can you share any shortcuts to getting a hold of a known <valid nomis user>
@petergphillips ? It might be valuable to share that here; on the off chance that other future non-DPS devs stumble across this same issue. TIA.
"...
<valid nomis user>
..."_I will proceed on the assumption that "_ITAGUSER" is one such
<valid nomis user>
_...
Dear "other future non-DPS devs",
I am pleased to report that "_ITAGUSER" is, indeed, one such <valid nomis user>
:)
I confirmed that, @petergphillips, with two curl
calls from the command line...
username=<valid nomis user>
to the token request to hmpps-auth
/api/offenders/{offenderId}/booking
endpoint with that access tokenNow that leaves only the Spring Security OAuth 2.0 client credentials configuration so that it does those two things on my behalf, under the covers. Right @petergphillips?
If you could share any shortcuts for (or even better, links to documentation of) that configuration, that'd be so super deluxe! TIA.
...Now that leaves only the Spring Security OAuth 2.0 client credentials configuration so that it does those two things on my behalf, under the covers. Right @petergphillips?...
The Customizing the Access Token Request section of the Spring Security OAuth 2.0 reference documentation offers some pretty decent guidance.
I'm reasonably certain as far as the "What" needs to be customized goes. My first stab at the specifics (i.e., the "How") still needs a little more work though.
In the meantime, any links to hints, tips or suggestions are welcome @petergphillips. TIA.
... ...My first stab at the specifics (i.e., the "How") still needs a little more work though...
I've worked out a now-working configuration @petergphillips. I found the missing piece of the puzzle in the Spring Security JavaDoc...
... Use OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager) instead. Create an instance of ClientCredentialsOAuth2AuthorizedClientProvider configured with a DefaultClientCredentialsTokenResponseClient (or a custom one) and than supply it to DefaultOAuth2AuthorizedClientManager ...
The Spring Security OAuth 2.0 configuration I now have in place, now programmatically does the needful "...provide an extra parameter when you create the client credentials of username=<valid nomis user>
" step.
Thanks again for sharing that username=<valid nomis user>
clue 👍
Sorry for the delay. An example of where we configure the web client to add the username
can be found in WebClientConfiguration and the code for the converter is CustomOAuth2ClientCredentialsGrantRequestEntityConverter
Expected Behavior
When the
/api/offenders/{offenderNo}
endpoint is called, an _OFFENDER_BOOKINGS
_ record should be created in persistent storage.Current Behavior
The system fails to create the _
OFFENDER_BOOKINGS
_ record (full stack trace)...Context
I am an external developer of a non-DPS system. My application is specified to consume API endpoints exposed by this project. My application will be authorized by HMPPS Auth using the OAuth 2.0 Client Credentials grant.
While stepping through the debugger during investigation of a separate, unrelated issue, I had observed that Spring Security refers to the security principle as "
AnonymousUser
" during the OAuth 2.0 Client Credentials grant flow.Assuming that an "
AnonymousUser
" would not have a user name, then the following two lines are reasonable suspects for the root cause of the reported "The given id must not be null
" error...(username = ((UserDetails) userPrincipal).getUsername();)
staffUserAccountRepository.findById(currentUsername)
Steps to Reproduce
/api/offenders/{offenderNo}
endpoint with a JWT access token issued by HMPPS Auth for an OAuth 2.0 Client Credentials grant.Your Environment