chore: store credentials in function & correct auth header

connectors/http-json/src/main/java/io/camunda/connector/http/HttpJsonFunction.java

@@ -28,6 +28,7 @@
 import com.google.api.client.http.HttpResponseException;
 import com.google.api.client.http.UrlEncodedContent;
 import com.google.api.client.json.gson.GsonFactory;
+import com.google.auth.oauth2.OAuth2Credentials;
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
 import io.camunda.connector.api.annotation.OutboundConnector;
@@ -77,6 +78,7 @@ public class HttpJsonFunction implements OutboundConnectorFunction {
   private final HttpRequestFactory requestFactory;
 
   private final String proxyFunctionUrl;
+  private final OAuth2Credentials proxyCredentials;
 
   public HttpJsonFunction() {
     this(ConnectorConfigurationUtil.getProperty(Constants.PROXY_FUNCTION_URL_ENV_NAME));
@@ -99,8 +101,7 @@ public HttpJsonFunction(
     this.requestFactory = requestFactory;
     this.gsonFactory = gsonFactory;
     this.proxyFunctionUrl = proxyFunctionUrl;
-
-    ProxyOAuthHelper.initialize(proxyFunctionUrl);
+    this.proxyCredentials = ProxyOAuthHelper.initializeCredentials(proxyFunctionUrl);
   }
 
   @Override
@@ -112,7 +113,7 @@ public Object execute(final OutboundConnectorContext context) throws IOException
     context.replaceSecrets(request);
 
     if (proxyFunctionUrl != null) {
-      return executeRequestViaProxy(proxyFunctionUrl, request);
+      return executeRequestViaProxy(request);
     } else {
       return executeRequestDirectly(request);
     }
@@ -134,15 +135,14 @@ protected HttpJsonResult executeRequestDirectly(HttpJsonRequest request) throws
   }
 
   protected String extractAccessToken(HttpResponse oauthResponse) throws IOException {
-    String token = null;
     String oauthResponseStr = oauthResponse.parseAsString();
     if (oauthResponseStr != null && !oauthResponseStr.isEmpty()) {
       JsonObject jsonObject = gson.fromJson(oauthResponseStr, JsonObject.class);
       if (jsonObject.get(Constants.ACCESS_TOKEN) != null) {
-        token = jsonObject.get(Constants.ACCESS_TOKEN).toString();
+        return jsonObject.get(Constants.ACCESS_TOKEN).toString();
       }
     }
-    return token;
+    return null;
   }
 
   protected HttpRequest createOAuthRequest(HttpJsonRequest request) throws IOException {
@@ -199,23 +199,22 @@ protected HttpResponse executeHttpRequest(HttpRequest externalRequest, boolean i
     }
   }
 
-  protected HttpJsonResult executeRequestViaProxy(String proxyUrl, HttpJsonRequest request)
-      throws IOException {
+  protected HttpJsonResult executeRequestViaProxy(HttpJsonRequest request) throws IOException {
     // Using the JsonHttpContent cannot work with an element on the root content,
     // hence write it ourselves:
-    String contentAsJson = gson.toJson(request);
+    final String contentAsJson = gson.toJson(request);
     HttpContent content =
         new AbstractHttpContent(Constants.APPLICATION_JSON_CHARSET_UTF_8) {
           public void writeTo(OutputStream outputStream) throws IOException {
             outputStream.write(contentAsJson.getBytes(StandardCharsets.UTF_8));
           }
         };
-    final GenericUrl genericUrl = new GenericUrl(proxyUrl);
+    final GenericUrl genericUrl = new GenericUrl(proxyFunctionUrl);
 
     final HttpRequest httpRequest = requestFactory.buildPostRequest(genericUrl, content);
     httpRequest.setFollowRedirects(false);
     setTimeout(request, httpRequest);
-    ProxyOAuthHelper.addOauthHeaders(httpRequest);
+    ProxyOAuthHelper.addOauthHeaders(httpRequest, proxyCredentials);
 
     HttpResponse httpResponse = executeHttpRequest(httpRequest, true);
 

connectors/http-json/src/main/java/io/camunda/connector/http/auth/ProxyOAuthHelper.java

@@ -20,6 +20,7 @@
 import com.google.auth.oauth2.GoogleCredentials;
 import com.google.auth.oauth2.IdTokenCredentials;
 import com.google.auth.oauth2.IdTokenProvider;
+import com.google.auth.oauth2.OAuth2Credentials;
 import java.io.IOException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -28,27 +29,29 @@ public class ProxyOAuthHelper {
 
   private static final Logger LOGGER = LoggerFactory.getLogger(ProxyOAuthHelper.class);
 
-  public static IdTokenCredentials credentials;
-
-  public static void initialize(String proxyUrl) {
-    if (proxyUrl != null) {
-      // Statically try to initialize
-      try {
-        IdTokenProvider idTokenProvider = createIdTokenProvider();
-        credentials = createIdTokenCredentials(proxyUrl, idTokenProvider);
-      } catch (Exception ex) {
-        // and run without OAuth if not provided properly
-        LOGGER.warn("Could not wire OAuth for proxy, not using OAuth", ex);
-      }
+  public static OAuth2Credentials initializeCredentials(String proxyUrl) {
+    if (proxyUrl == null) {
+      return null;
+    }
+    // Statically try to initialize
+    try {
+      IdTokenProvider idTokenProvider = createIdTokenProvider();
+      return createIdTokenCredentials(proxyUrl, idTokenProvider);
+    } catch (Exception ex) {
+      // and run without OAuth if not provided properly
+      LOGGER.warn("Could not wire OAuth for proxy, not using OAuth", ex);
+      return null;
     }
   }
 
-  public static void addOauthHeaders(HttpRequest request) throws IOException {
-    if (credentials == null) {
-      return;
+  public static void addOauthHeaders(HttpRequest request, OAuth2Credentials credentials)
+      throws IOException {
+    if (credentials != null) {
+      credentials.refreshIfExpired();
+      request
+          .getHeaders()
+          .setAuthorization("Bearer " + credentials.getAccessToken().getTokenValue());
     }
-    credentials.refreshIfExpired();
-    request.getHeaders().setAuthorization(credentials.getAccessToken().getTokenValue());
   }
 
   private static IdTokenProvider createIdTokenProvider() throws IOException {