Class OAuthTokenExtractor
java.lang.Object
com.graphql_java_generator.client.OAuthTokenExtractor
public class OAuthTokenExtractor
extends java.lang.Object
This class is used to retrieve the OAuth token, when in client mode, for subscription. It is used by the
This implementation is based on philsttr idea, as explained on this page. Here is what philsttr proposed:
SubscriptionClientReactiveImpl class, when executing a subscription. The reason is that the current websocket
implementation doesn't use Spring Security OAuth filters. So we have to manually implement them (for subscription
only).This implementation is based on philsttr idea, as explained on this page. Here is what philsttr proposed:
- Create an ExchangeFunction that has two filters that execute in the following order:
- ServerOAuth2AuthorizedClientExchangeFilterFunction
- a custom ExchangeFilterFunction that:
- if the request is a bogus request (from step 2) capture the request's Authorization header and returns a ClientResponse with an Authorization header (without invoking the downstream ExchangeFunction)
- else invoke the downstream ExchangeFunction (to handle requests created by the ServerOAuth2AuthorizedClientExchangeFilterFunction, such as a request to refresh the token)
- Send a bogus request through the ExchangeFunction created in step 1
- grab the Authorization header from the ClientResponse
- Author:
- philsttr, etienne-sf
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classOAuthTokenExtractor.GetOAuthTokenClientResponseAn implementation of a springClientResponse, that will contain the faked response, which body is the value for the Authorization header (that contains the bearer token)static classOAuthTokenExtractor.OAuthTokenFilterThis class filters the dummy request, and respond by theOAuthTokenExtractor.GetOAuthTokenClientResponsewhen theDUMMY_REQUESTis executed -
Field Summary
Fields Modifier and Type Field Description static java.lang.StringAUTHORIZATION_HEADER_NAMEThe name of the HTTP header that contains the OAuth token -
Constructor Summary
Constructors Constructor Description OAuthTokenExtractor(org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction) -
Method Summary
Modifier and Type Method Description java.lang.StringgetAuthorizationHeaderValue()Returns the Authorization header value, as it has been returned by theServerOAuth2AuthorizedClientExchangeFilterFunction, from the OAuth authorization server.
-
Field Details
-
AUTHORIZATION_HEADER_NAME
public static final java.lang.String AUTHORIZATION_HEADER_NAMEThe name of the HTTP header that contains the OAuth token- See Also:
- Constant Field Values
-
-
Constructor Details
-
OAuthTokenExtractor
public OAuthTokenExtractor(org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction)- Parameters:
serverOAuth2AuthorizedClientExchangeFilterFunction- TheServerOAuth2AuthorizedClientExchangeFilterFunctionis responsible for getting OAuth token from the OAuth authorization server. It is optional, and may be provided by the App's spring config. If it is not provided, then there is no OAuth authentication on client side. If provided, then the client uses it to provide the OAuth2 authorization token, when accessing the GraphQL resource server, for queries/mutations/subscriptions.
-
-
Method Details
-
getAuthorizationHeaderValue
public java.lang.String getAuthorizationHeaderValue()Returns the Authorization header value, as it has been returned by theServerOAuth2AuthorizedClientExchangeFilterFunction, from the OAuth authorization server. The method is synchronized to avoid that the client, when using multi-threading, try to retrieve two token simultaneously.- Returns:
-