From 9947e466d61248f08c30ab2f4fb2d274ba71ac62 Mon Sep 17 00:00:00 2001 From: Waldemar Reusch Date: Tue, 23 Jan 2024 15:21:28 +0000 Subject: [PATCH] feat(oidc-client): allow forcing the oidc client filter to get new tokens, discarding all access or refresh tokens (cherry picked from commit fc68cde51b270087cf270f5b50ab00a69a18552b) --- .../runtime/AbstractTokensProducer.java | 20 ++++++++++++++++++- .../oidc/client/runtime/TokensHelper.java | 8 ++++++-- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java index a8eb0806ad95c..3ef2337efc737 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/AbstractTokensProducer.java @@ -6,6 +6,8 @@ import jakarta.annotation.PostConstruct; import jakarta.inject.Inject; +import org.jboss.logging.Logger; + import io.quarkus.arc.Arc; import io.quarkus.oidc.client.OidcClient; import io.quarkus.oidc.client.OidcClients; @@ -13,6 +15,8 @@ import io.smallrye.mutiny.Uni; public abstract class AbstractTokensProducer { + private static final Logger LOG = Logger.getLogger(AbstractTokensProducer.class); + private static final String DEFAULT_OIDC_CLIENT_ID = "Default"; private OidcClient oidcClient; protected boolean earlyTokenAcquisition = true; @@ -46,7 +50,13 @@ protected void initTokens() { } public Uni getTokens() { - return tokensHelper.getTokens(oidcClient); + final boolean forceNewTokens = isForceNewTokens(); + if (forceNewTokens) { + final Optional clientId = clientId(); + LOG.debugf("%s OidcClient will discard the current access and refresh tokens", + clientId.orElse(DEFAULT_OIDC_CLIENT_ID)); + } + return tokensHelper.getTokens(oidcClient, forceNewTokens); } public Tokens awaitTokens() { @@ -60,4 +70,12 @@ public Tokens awaitTokens() { protected Optional clientId() { return Optional.empty(); } + + /** + * @return {@code true} if the OIDC client must acquire a new set of tokens, discarding + * previously obtained access and refresh tokens. + */ + protected boolean isForceNewTokens() { + return false; + } } diff --git a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java index ed41d5082e3b3..1e347ba937918 100644 --- a/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java +++ b/extensions/oidc-client/runtime/src/main/java/io/quarkus/oidc/client/runtime/TokensHelper.java @@ -21,6 +21,10 @@ public void initTokens(OidcClient oidcClient) { } public Uni getTokens(OidcClient oidcClient) { + return getTokens(oidcClient, false); + } + + public Uni getTokens(OidcClient oidcClient, boolean forceNewTokens) { TokenRequestState currentState = null; TokenRequestState newState = null; //if the tokens are expired we refresh them in an async manner @@ -39,9 +43,9 @@ public Uni getTokens(OidcClient oidcClient) { return currentState.tokenUni; } else { Tokens tokens = currentState.tokens; - if (tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) { + if (forceNewTokens || tokens.isAccessTokenExpired() || tokens.isAccessTokenWithinRefreshInterval()) { newState = new TokenRequestState( - prepareUni((tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired()) + prepareUni((!forceNewTokens && tokens.getRefreshToken() != null && !tokens.isRefreshTokenExpired()) ? oidcClient.refreshTokens(tokens.getRefreshToken()) : oidcClient.getTokens())); if (tokenRequestStateUpdater.compareAndSet(this, currentState, newState)) {