Open klopfdreh opened 3 years ago
Just wanted to know if there are any updates to update the documentation / on this ticket so far? I just had a look into the auto configuration of the client rest API (https://github.com/spring-cloud/spring-cloud-dataflow/blob/main/spring-cloud-dataflow-rest-client/src/main/java/org/springframework/cloud/dataflow/rest/client/config/DataFlowClientAutoConfiguration.java) and found out 4 ways to configure the client:
Basic Authentication:
spring:
cloud:
dataflow:
client:
authentication:
basic:
username: ...
password: ...
Client Credentials:
spring:
cloud:
dataflow:
client:
serverUri: https://hostname:8443
authentication:
client-id: clientid
client-secret: secret
token-uri: https://hostofoauth/oauth/token
scope:
- firstscope
- anotherscope
Access Token:
spring:
cloud:
dataflow:
client:
authentication:
access-token: <token>
Bearer Token:
spring:
cloud:
dataflow:
client:
authentication:
oauth2:
clientRegistrationId: clientid also used for client credentials mode
username: <username> # User to authenticate with
password: <password> # Password to authenticate with
Client Credentials, Access Token and Bearer Token require the SCDF-Server to configure the resourceserver either with jwt or opaque token validation. (Docs can be found here: https://github.com/spring-projects/spring-security/blob/main/docs/manual/src/docs/asciidoc/_includes/servlet/oauth2/oauth2-resourceserver.adoc)
My issue that there is no configuration for "client-authentication-method: post" is also still opened.
I just noticed that Spring Security did a recent update on this configuration (https://github.com/spring-projects/spring-security/blob/main/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java) - see "client_secret_post"
Thanks in advance :)
I added a second sample for keycloak https://github.com/jvalkeal/randomstuff/tree/master/dataflow-keycloak-basic which may give some ideas how to configure client side as shell works atop of rest.
We finally managed to build in the authentication with the Client Credentials flow and used the configuration mentioned in my previous comment. It would be nice to have this documentation of how to configure the client's spring boot application yaml somewhere in the spring cloud data flow manual. Other than that I would close the ticket, because all is working like expected.
Problem description: We finally managed to configure our SCDF Server to work with OAuth2 in OpenShift4. The OAuth2 Server of our setup supports the flows authentication_code and implicit. My issue now is that we can't make the rest client to run authenticated.
config:
Because OpenShift requires the client-id to use colons there is an issue which causes the connection attempt to fail with an error message mentioning this. In spring-security-oauth2 there is a method to use POST instead of GET "client-authentication-method: post" which is not available in the Spring Cloud Data Flow Config. (see https://github.com/spring-projects/spring-security-oauth/issues/1709)
Solution description: Beside the issue with the colon, is there any example available for implicit or authentication_code flows for the rest client so that I can see how I should configure it?