lhotari commented on code in PR #24944:
URL: https://github.com/apache/pulsar/pull/24944#discussion_r2490745380
##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationFactoryOAuth2.java:
##########
@@ -43,23 +43,51 @@ public static Authentication clientCredentials(URL
issuerUrl, URL credentialsUrl
/**
* Authenticate with client credentials.
*
- * @param issuerUrl the issuer URL
+ * @param issuerUrl the issuer URL
* @param credentialsUrl the credentials URL
- * @param audience An optional field. The audience identifier used by some
Identity Providers, like Auth0.
- * @param scope An optional field. The value of the scope parameter is
expressed as a list of space-delimited,
- * case-sensitive strings. The strings are defined by the
authorization server.
- * If the value contains multiple space-delimited strings,
their order does not matter,
- * and each string adds an additional access range to the
requested scope.
- * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ * @param audience An optional field. The audience identifier used
by some Identity Providers, like Auth0.
+ * @param scope An optional field. The value of the scope
parameter is expressed as a list of
+ * space-delimited,
+ * case-sensitive strings. The strings are defined
by the authorization server.
+ * If the value contains multiple space-delimited
strings, their order does not matter,
+ * and each string adds an additional access range
to the requested scope.
+ * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
* @return an Authentication object
*/
public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience, String scope) {
+ return clientCredentials(issuerUrl, credentialsUrl, audience, scope,
null, null, null);
+ }
+
+ /**
+ * Authenticate with client credentials.
+ *
+ * @param issuerUrl the issuer URL
+ * @param credentialsUrl the credentials URL
+ * @param audience An optional field. The audience identifier
used by some Identity Providers, like Auth0.
+ * @param scope An optional field. The value of the scope
parameter is expressed as a list of
+ * space-delimited,
+ * case-sensitive strings. The strings are
defined by the authorization server.
+ * If the value contains multiple
space-delimited strings, their order does not matter,
+ * and each string adds an additional access
range to the requested scope.
+ * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ * @param connectTimeout the connect timeout in milliseconds
+ * @param readTimeout the read timeout in milliseconds
+ * @param trustCertsFilePath the path to the file that contains trusted
certificates
+ * @return an Authentication object
+ */
+ public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience, String scope,
+ Integer connectTimeout,
Integer readTimeout,
+ String trustCertsFilePath) {
Review Comment:
Since there are so many parameters, this method is problematic.
Passing a parameter object built using a builder would be a better approach.
Since ClientCredentialsFlow is package private and shouldn't be exposed
externally, so it would require a new public parameter object class + builder
to resolve this.
##########
pulsar-client/src/main/java/org/apache/pulsar/client/impl/auth/oauth2/AuthenticationFactoryOAuth2.java:
##########
@@ -43,23 +43,51 @@ public static Authentication clientCredentials(URL
issuerUrl, URL credentialsUrl
/**
* Authenticate with client credentials.
*
- * @param issuerUrl the issuer URL
+ * @param issuerUrl the issuer URL
* @param credentialsUrl the credentials URL
- * @param audience An optional field. The audience identifier used by some
Identity Providers, like Auth0.
- * @param scope An optional field. The value of the scope parameter is
expressed as a list of space-delimited,
- * case-sensitive strings. The strings are defined by the
authorization server.
- * If the value contains multiple space-delimited strings,
their order does not matter,
- * and each string adds an additional access range to the
requested scope.
- * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ * @param audience An optional field. The audience identifier used
by some Identity Providers, like Auth0.
+ * @param scope An optional field. The value of the scope
parameter is expressed as a list of
+ * space-delimited,
+ * case-sensitive strings. The strings are defined
by the authorization server.
+ * If the value contains multiple space-delimited
strings, their order does not matter,
+ * and each string adds an additional access range
to the requested scope.
+ * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
* @return an Authentication object
*/
public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience, String scope) {
+ return clientCredentials(issuerUrl, credentialsUrl, audience, scope,
null, null, null);
+ }
+
+ /**
+ * Authenticate with client credentials.
+ *
+ * @param issuerUrl the issuer URL
+ * @param credentialsUrl the credentials URL
+ * @param audience An optional field. The audience identifier
used by some Identity Providers, like Auth0.
+ * @param scope An optional field. The value of the scope
parameter is expressed as a list of
+ * space-delimited,
+ * case-sensitive strings. The strings are
defined by the authorization server.
+ * If the value contains multiple
space-delimited strings, their order does not matter,
+ * and each string adds an additional access
range to the requested scope.
+ * From here:
https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2
+ * @param connectTimeout the connect timeout in milliseconds
+ * @param readTimeout the read timeout in milliseconds
+ * @param trustCertsFilePath the path to the file that contains trusted
certificates
+ * @return an Authentication object
+ */
+ public static Authentication clientCredentials(URL issuerUrl, URL
credentialsUrl, String audience, String scope,
+ Integer connectTimeout,
Integer readTimeout,
+ String trustCertsFilePath) {
Review Comment:
Since there are so many parameters, this method is problematic.
Passing a parameter object built using a builder would be a better approach.
Since ClientCredentialsFlow is package private and shouldn't be exposed
externally, it would require a new public parameter object class + builder to
resolve this.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
