From 4eb29414e0ed3867234248aac5027acc208a4830 Mon Sep 17 00:00:00 2001
From: David Kral <david.k.kral@oracle.com>
Date: Wed, 16 Aug 2023 11:06:43 +0200
Subject: [PATCH] Tenant now uses WebClientSecurity module

Signed-off-by: David Kral <david.k.kral@oracle.com>
---
 security/providers/oidc-common/pom.xml                    | 4 ++++
 .../io/helidon/security/providers/oidc/common/Tenant.java | 8 ++------
 .../providers/oidc-common/src/main/java/module-info.java  | 1 +
 3 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/security/providers/oidc-common/pom.xml b/security/providers/oidc-common/pom.xml
index 7792d104e39..f798512e7b1 100644
--- a/security/providers/oidc-common/pom.xml
+++ b/security/providers/oidc-common/pom.xml
@@ -54,6 +54,10 @@
             <groupId>io.helidon.nima.webclient</groupId>
             <artifactId>helidon-nima-webclient</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.helidon.nima.webclient</groupId>
+            <artifactId>helidon-nima-webclient-security</artifactId>
+        </dependency>
         <dependency>
             <groupId>io.helidon.nima.webclient</groupId>
             <artifactId>helidon-nima-webclient-tracing</artifactId>
diff --git a/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/Tenant.java b/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/Tenant.java
index c0a7c6b3bf7..20c403b5bb5 100644
--- a/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/Tenant.java
+++ b/security/providers/oidc-common/src/main/java/io/helidon/security/providers/oidc/common/Tenant.java
@@ -24,6 +24,7 @@
 import io.helidon.common.http.Http;
 import io.helidon.nima.webclient.api.WebClient;
 import io.helidon.nima.webclient.api.WebClientConfig;
+import io.helidon.nima.webclient.security.WebClientSecurity;
 import io.helidon.security.Security;
 import io.helidon.security.SecurityException;
 import io.helidon.security.jwt.jwk.JwkKeys;
@@ -121,12 +122,7 @@ public static Tenant create(OidcConfig oidcConfig, TenantConfig tenantConfig) {
                     .addOutboundSecurityProvider(httpBasicAuth)
                     .build();
 
-            //TODO Níma client security?
-//            webClientBuilder.addService(WebClientSecurity.create(tokenOutboundSecurity));
-            //This is workaround for missing Níma client security. This adds Authorization header to be used in every request.
-            byte[] byteArray = (tenantConfig.clientId() + ":" + tenantConfig.clientSecret()).getBytes(StandardCharsets.UTF_8);
-            String base64 = Base64.getEncoder().encodeToString(byteArray);
-            webClientBuilder.addHeader(Http.HeaderNames.AUTHORIZATION, "Basic " + base64);
+            webClientBuilder.addService(WebClientSecurity.create(tokenOutboundSecurity));
         }
 
         WebClient appWebClient = webClientBuilder.build();
diff --git a/security/providers/oidc-common/src/main/java/module-info.java b/security/providers/oidc-common/src/main/java/module-info.java
index be109f85add..4896ee340ab 100644
--- a/security/providers/oidc-common/src/main/java/module-info.java
+++ b/security/providers/oidc-common/src/main/java/module-info.java
@@ -34,6 +34,7 @@
     requires static io.helidon.config.metadata;
     requires io.helidon.cors;
     requires io.helidon.nima.http.media.jsonp;
+    requires io.helidon.nima.webclient.security;
     requires io.helidon.nima.webclient.tracing;
 
     exports io.helidon.security.providers.oidc.common;