Skip to content

Commit

Permalink
feat(oidc-client): allow forcing the oidc client filter to get new to…
Browse files Browse the repository at this point in the history
…kens, discarding all access or refresh tokens

(cherry picked from commit fc68cde)
  • Loading branch information
lordvlad authored and gsmet committed Jan 30, 2024
1 parent 1c8c3a8 commit 9947e46
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,17 @@
import jakarta.annotation.PostConstruct;
import jakarta.inject.Inject;

import org.jboss.logging.Logger;

import io.quarkus.arc.Arc;
import io.quarkus.oidc.client.OidcClient;
import io.quarkus.oidc.client.OidcClients;
import io.quarkus.oidc.client.Tokens;
import io.smallrye.mutiny.Uni;

public abstract class AbstractTokensProducer {
private static final Logger LOG = Logger.getLogger(AbstractTokensProducer.class);
private static final String DEFAULT_OIDC_CLIENT_ID = "Default";
private OidcClient oidcClient;

protected boolean earlyTokenAcquisition = true;
Expand Down Expand Up @@ -46,7 +50,13 @@ protected void initTokens() {
}

public Uni<Tokens> getTokens() {
return tokensHelper.getTokens(oidcClient);
final boolean forceNewTokens = isForceNewTokens();
if (forceNewTokens) {
final Optional<String> clientId = clientId();
LOG.debugf("%s OidcClient will discard the current access and refresh tokens",
clientId.orElse(DEFAULT_OIDC_CLIENT_ID));
}
return tokensHelper.getTokens(oidcClient, forceNewTokens);
}

public Tokens awaitTokens() {
Expand All @@ -60,4 +70,12 @@ public Tokens awaitTokens() {
protected Optional<String> clientId() {
return Optional.empty();
}

/**
* @return {@code true} if the OIDC client must acquire a new set of tokens, discarding
* previously obtained access and refresh tokens.
*/
protected boolean isForceNewTokens() {
return false;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ public void initTokens(OidcClient oidcClient) {
}

public Uni<Tokens> getTokens(OidcClient oidcClient) {
return getTokens(oidcClient, false);
}

public Uni<Tokens> getTokens(OidcClient oidcClient, boolean forceNewTokens) {
TokenRequestState currentState = null;
TokenRequestState newState = null;
//if the tokens are expired we refresh them in an async manner
Expand All @@ -39,9 +43,9 @@ public Uni<Tokens> getTokens(OidcClient oidcClient) {
return currentState.tokenUni;
} else {
Tokens tokens = currentState.tokens;
if (tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) {
if (forceNewTokens || tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) {
newState = new TokenRequestState(
prepareUni((tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired())
prepareUni((!forceNewTokens && tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired())
? oidcClient.refreshTokens(tokens.getRefreshToken())
: oidcClient.getTokens()));
if (tokenRequestStateUpdater.compareAndSet(this, currentState, newState)) {
Expand Down

0 comments on commit 9947e46

Please sign in to comment.