vert-x3 / vertx-web

HTTP web applications for Vert.x
Apache License 2.0
1.11k stars 534 forks source link

Ability to introspect and log the OAuth token obtained by the OAuth2WebClient. #2493

Closed danilocatapan closed 1 year ago

danilocatapan commented 1 year ago

Describe the feature

Ability to introspect and log the OAuth token obtained by the OAuth2WebClient.

Use cases

Current Behavior

Currently, after setting up the OAuth2WebClient with the required configurations, there isn't a straightforward way to introspect or log the obtained OAuth token.

WebClient webClient = WebClient.create(vertx);

OAuth2Options oAuth2Options = new OAuth2Options()
    .setClientId(clientId)
    .setClientSecret(clientSecret)
    .setSite(oauthSite)
    .setTokenPath(oauthTokenPath);

OAuth2WebClientOptions oAuthClientOption = new OAuth2WebClientOptions()
    .setRenewTokenOnForbidden(true);

OAuth2WebClient oauth2WebClient =
    OAuth2WebClient.create(webClient, OAuth2Auth.create(vertx, oAuth2Options), oAuthClientOption);

Oauth2Credentials oauth2Credentials = new Oauth2Credentials();
oauth2Credentials.setFlow(OAuth2FlowType.CLIENT);

oauth2WebClient.withCredentials(oauth2Credentials);

I would like to be able to consult/log the token after this configuration.

Contribution

While I am capable of drafting the feature request, I may not have the expertise to implement it. I'm hoping the Vertx team or someone familiar with the OAuth2WebClient internals can take this forward. However, if there are guidelines provided, I or other community members might be interested in contributing.

pendula95 commented 1 year ago

This can be done in 2 ways: 1) Expose method to obtain user via interface OAuth2WebClient (This is if we are going to mainstream the feature via public interface) 2) Change visibility of getUser() method from package-protected to public in implementation https://github.com/vert-x3/vertx-web/blob/847b594b67f1f48778d14e18da62344bc3608aed/vertx-web-client/src/main/java/io/vertx/ext/web/client/impl/Oauth2WebClientAware.java#L63 (This would require to cast the interface to Implementation class and obtain like that, as a concealed feature)

@pmlopes would be the person to consult but I guess the correct way is option 1.

tsegismont commented 1 year ago

I will backport this to 4.x

tsegismont commented 1 year ago

Fixed in 4.x by 82042d299