https://kotlinlang.org logo
Join SlackCommunities
Powered by
Hey guys, this might be a question with an obvious...
# http4k
p
Hey guys, this might be a question with an obvious answer, but I’m currently quite confused 😂 We have an application that fetches data from an external service and authenticates via OAuth2. No user interactions, just service -> external service. I’m currently transferring the Spring implementation to http4k and just realized how much I have forgotten about OAuth 🌚 Long story short: I guess for the given use case I have to follow this guide?
After trying out multiple things I seem to be even more confused - I can’t remember setting up a callback url on our side when we set up the initial OAuth connection. But I would also not be surprised if Spring abstracts that away..
d
I think you are confused. 🙂 That OAuth code you're using is generally for PROVIDING an OAuth token to your clients. If you are connecting to another service, I presume you're using a client credentials grant. You just need to set up a filter to retrieve the auth token for those credentials (and for it to refresh when needed)
p
Yeah I’m slowly getting there - currently looking into
Copy code
.then(ClientFilters.RefreshingOAuthToken(config, oAuthHttpClient))
d
That should do it. 🙂
p
But where do I supply the scope in this workflow? 🤔 Looking at the examples the library provides (google, discord etc), they’re only used when setting up an OAuthProvider. I think it’s time for lunch and refreshing my OAuth knowledge..
Copy code
fun OAuthProvider.Companion.discord(client: HttpHandler, credentials: Credentials, callbackUri: Uri, oAuthPersistence: OAuthPersistence, scopes: List<String> = listOf()): OAuthProvider =
    OAuthProvider(
        OAuthProviderConfig(Uri.of("<https://discord.com>"), "/api/oauth2/authorize", "/api/oauth2/token", credentials, Uri.of("<https://discord.com>")),
        client,
        callbackUri,
        scopes,
        oAuthPersistence
    )
Edit: I’m right now realizing that we always supplied the scope without any need for it. nvm
Turns out: I was so confused because it was way more complex in Spring. Nuff said..
d
I am shocked! 😂
p
Reading more about it, I still can’t understand why I can’t supply scopes when using 
ClientFilters.RefreshingOAuthToken(config, JavaHttpClient())
. 🤔 Can you elaborate? 😬 For reference:
Copy code
fun ClientFilters.RefreshingOAuthToken(
    config: OAuthProviderConfig,
    backend: HttpHandler,
    oAuthFlowFilter: Filter = ClientFilters.OAuthClientCredentials(config.credentials),
    gracePeriod: Duration = Duration.ofSeconds(10),
    clock: Clock = Clock.systemUTC()
) = ClientFilters.RefreshingOAuthToken(
    config.credentials,
    config.tokenUri,
    backend,
    oAuthFlowFilter,
    gracePeriod,
    clock
)
Digging more into it, I think one should(?) be able to provide the scope optionally here as this is making use of OAuthWebForms, which already holds the scope property. Happy to contribute to this, but first I would like to verify my assumption. Wdyt?
d
yeah - I think this is probably a legit change in theory, although I think we represent scopes as a list of strings elsewhere in the code.
(which we then munge into a single string joined with " ")
p
Thanks for coming back to that! I already worked on it and could provide a PR later on - wanna continue the discussion there? Still have some thoughts about it.
38 Views
Open in Slack
PreviousNext
Powered by