feat: add oauth scope (for entra id) (#110) (#112)

* feat: add oauth scope (for entra id) (#110) (cherry picked from commit 40138fc) * saas does not require a scope --------- Co-authored-by: TN <[email protected]>
camunda-community-hub · Oct 16, 2024 · 21f8ea7 · 21f8ea7
1 parent 1a38195
commit 21f8ea7
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 3 deletions.
diff --git a/...n/java-client-operate-compat/src/main/java/io/camunda/common/auth/SaaSAuthentication.java b/...n/java-client-operate-compat/src/main/java/io/camunda/common/auth/SaaSAuthentication.java
@@ -31,7 +31,8 @@ private static JwtAuthentication jwtAuthentication(JwtConfig jwtConfig, JsonMapp
               jwtCredential.getClientId(),
               jwtCredential.getClientSecret(),
               jwtCredential.getAudience(),
-              URI.create(jwtCredential.getAuthUrl()).toURL());
+              URI.create(jwtCredential.getAuthUrl()).toURL(),
+              null);
     } catch (MalformedURLException e) {
       throw new RuntimeException("Error while mapping jwt credential", e);
     }

diff --git a/extension/java-client-operate/src/main/java/io/camunda/operate/auth/JwtAuthentication.java b/extension/java-client-operate/src/main/java/io/camunda/operate/auth/JwtAuthentication.java
@@ -78,6 +78,7 @@ private HttpPost buildRequest() throws URISyntaxException {
     formParams.add(new BasicNameValuePair("client_id", jwtCredential.clientId()));
     formParams.add(new BasicNameValuePair("client_secret", jwtCredential.clientSecret()));
     formParams.add(new BasicNameValuePair("audience", jwtCredential.audience()));
+    formParams.add(new BasicNameValuePair("scope", jwtCredential.scope()));
     httpPost.setEntity(new UrlEncodedFormEntity(formParams));
     return httpPost;
   }

diff --git a/extension/java-client-operate/src/main/java/io/camunda/operate/auth/JwtCredential.java b/extension/java-client-operate/src/main/java/io/camunda/operate/auth/JwtCredential.java
@@ -2,4 +2,5 @@
 
 import java.net.URL;
 
-public record JwtCredential(String clientId, String clientSecret, String audience, URL authUrl) {}
+public record JwtCredential(
+    String clientId, String clientSecret, String audience, URL authUrl, String scope) {}
diff --git a/...r-camunda-operate/src/main/java/io/camunda/operate/spring/OperateClientConfiguration.java b/...r-camunda-operate/src/main/java/io/camunda/operate/spring/OperateClientConfiguration.java
@@ -81,7 +81,8 @@ public Authentication authentication() {
                 properties.clientId(),
                 properties.clientSecret(),
                 properties.audience(),
-                properties.authUrl()),
+                properties.authUrl(),
+                properties.scope()),
             new JacksonTokenResponseMapper(objectMapper));
       }
       default -> throw new IllegalStateException("Unsupported profile: " + properties.profile());

diff --git a/...operate/src/main/java/io/camunda/operate/spring/OperateClientConfigurationProperties.java b/...operate/src/main/java/io/camunda/operate/spring/OperateClientConfigurationProperties.java
@@ -19,6 +19,7 @@ public record OperateClientConfigurationProperties(
     String clientSecret,
     URL authUrl,
     String audience,
+    String scope,
     // saas auth properies
     String region,
     String clusterId) {