Package com.graphql_java_generator.client

Class OAuthTokenExtractor

  • public class OAuthTokenExtractor
extends java.lang.Object
    This class is used to retrieve the OAuth token, when in client mode, for subscription. It is used by the SubscriptionClientReactiveImpl class, when executing a subscription. The reason is that the current websocket implementation doesn't use Spring Security OAuth filters. So we have to manually implement them (for subscription only).
    This implementation is based on philsttr idea, as explained on this page. Here is what philsttr proposed:
    • Create an ExchangeFunction that has two filters that execute in the following order:
      • ServerOAuth2AuthorizedClientExchangeFilterFunction
      • a custom ExchangeFilterFunction that:
        • if the request is a bogus request (from step 2) capture the request's Authorization header and returns a ClientResponse with an Authorization header (without invoking the downstream ExchangeFunction)
        • else invoke the downstream ExchangeFunction (to handle requests created by the ServerOAuth2AuthorizedClientExchangeFilterFunction, such as a request to refresh the token)
    • Send a bogus request through the ExchangeFunction created in step 1
      • grab the Authorization header from the ClientResponse
    Using this stream, I can reuse ExchangeFilterFunctions provided by spring security to generically obtain the Authorization header value for use in places other than a WebClient.
    Author:
    philsttr, etienne-sf

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String AUTHORIZATION_HEADER_NAME
      The name of the HTTP header that contains the OAuth token

    • Constructor Summary

      Constructors 
      Constructor Description
      OAuthTokenExtractor​(org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction)  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String getAuthorizationHeaderValue()
      Returns the Authorization header value, as it has been returned by the ServerOAuth2AuthorizedClientExchangeFilterFunction, from the OAuth authorization server.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • AUTHORIZATION_HEADER_NAME

        public static final java.lang.String AUTHORIZATION_HEADER_NAME
        The name of the HTTP header that contains the OAuth token
        See Also:
        Constant Field Values

    • Constructor Detail

      • OAuthTokenExtractor

        public OAuthTokenExtractor​(org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction)
        Parameters:
        serverOAuth2AuthorizedClientExchangeFilterFunction - The ServerOAuth2AuthorizedClientExchangeFilterFunction is responsible for getting OAuth token from the OAuth authorization server. It is optional, and may be provided by the App's spring config. If it is not provided, then there is no OAuth authentication on client side. If provided, then the client uses it to provide the OAuth2 authorization token, when accessing the GraphQL resource server, for queries/mutations/subscriptions.

    • Method Detail

      • getAuthorizationHeaderValue

        public java.lang.String getAuthorizationHeaderValue()
        Returns the Authorization header value, as it has been returned by the ServerOAuth2AuthorizedClientExchangeFilterFunction, from the OAuth authorization server. The method is synchronized to avoid that the client, when using multi-threading, try to retrieve two token simultaneously.
        Returns: