-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #46 from bwiercinski/client-credentials-backend
- Loading branch information
Showing
5 changed files
with
329 additions
and
38 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
oauth2-backend-cats/src/main/scala/com/ocadotechnology/sttp/oauth2/backend/Cache.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
package com.ocadotechnology.sttp.oauth2.backend | ||
|
||
import cats.effect.Sync | ||
import cats.implicits._ | ||
import cats.effect.concurrent.Ref | ||
|
||
trait Cache[F[_], A] { | ||
def get: F[Option[A]] | ||
def set(a: A): F[Unit] | ||
} | ||
|
||
object Cache { | ||
|
||
def refCache[F[_]: Sync, A]: F[Cache[F, A]] = Ref[F].of(Option.empty[A]).map { ref => | ||
new Cache[F, A] { | ||
override def get: F[Option[A]] = ref.get | ||
override def set(a: A): F[Unit] = ref.set(Some(a)) | ||
} | ||
} | ||
|
||
} |
115 changes: 115 additions & 0 deletions
115
...cala/com/ocadotechnology/sttp/oauth2/backend/SttpOauth2ClientCredentialsCatsBackend.scala
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
package com.ocadotechnology.sttp.oauth2.backend | ||
|
||
import cats.Monad | ||
import cats.data.OptionT | ||
import cats.effect.Clock | ||
import cats.effect.Concurrent | ||
import cats.effect.concurrent.Semaphore | ||
import cats.implicits._ | ||
import com.ocadotechnology.sttp.oauth2.ClientCredentialsProvider | ||
import com.ocadotechnology.sttp.oauth2.ClientCredentialsToken.AccessTokenResponse | ||
import com.ocadotechnology.sttp.oauth2.Secret | ||
import com.ocadotechnology.sttp.oauth2.backend.SttpOauth2ClientCredentialsCatsBackend.TokenWithExpiryInstant | ||
import com.ocadotechnology.sttp.oauth2.common.Scope | ||
import eu.timepit.refined.types.string.NonEmptyString | ||
import sttp.capabilities.Effect | ||
import sttp.client3._ | ||
import sttp.model.Uri | ||
|
||
import java.time.Instant | ||
|
||
final class SttpOauth2ClientCredentialsCatsBackend[F[_]: Monad: Clock, P] private ( | ||
delegate: SttpBackend[F, P], | ||
fetchTokenAction: F[AccessTokenResponse], | ||
cache: Cache[F, TokenWithExpiryInstant], | ||
semaphore: Semaphore[F] | ||
) extends DelegateSttpBackend(delegate) { | ||
|
||
override def send[T, R >: P with Effect[F]](request: Request[T, R]): F[Response[T]] = for { | ||
token <- semaphore.withPermit(resolveToken) | ||
response <- delegate.send(request.auth.bearer(token.value)) | ||
} yield response | ||
|
||
private val resolveToken: F[Secret[String]] = | ||
OptionT(cache.get) | ||
.product(OptionT.liftF(Clock[F].instantNow)) | ||
.filter { case (TokenWithExpiryInstant(_, expiryInstant), currentInstant) => currentInstant isBefore expiryInstant } | ||
.map(_._1) | ||
.getOrElseF(fetchAndSaveToken) | ||
.map(_.token) | ||
|
||
private def fetchAndSaveToken: F[TokenWithExpiryInstant] = | ||
fetchTokenAction.flatMap(calculateExpiryInstant).flatTap(cache.set) | ||
|
||
private def calculateExpiryInstant(response: AccessTokenResponse): F[TokenWithExpiryInstant] = | ||
Clock[F].instantNow.map(_ plusMillis response.expiresIn.toMillis).map(TokenWithExpiryInstant(response.accessToken, _)) | ||
|
||
} | ||
|
||
object SttpOauth2ClientCredentialsCatsBackend { | ||
final case class TokenWithExpiryInstant(token: Secret[String], expiryInstant: Instant) | ||
|
||
def apply[F[_]: Concurrent: Clock, P]( | ||
tokenUrl: Uri, | ||
tokenIntrospectionUrl: Uri, | ||
clientId: NonEmptyString, | ||
clientSecret: Secret[String] | ||
)( | ||
scope: Scope | ||
)( | ||
implicit backend: SttpBackend[F, P] | ||
): F[SttpOauth2ClientCredentialsCatsBackend[F, P]] = { | ||
val clientCredentialsProvider = ClientCredentialsProvider.instance(tokenUrl, tokenIntrospectionUrl, clientId, clientSecret) | ||
usingClientCredentialsProvider(clientCredentialsProvider)(scope) | ||
} | ||
|
||
/** Keep in mind that the given implicit `backend` may be different than this one used by `clientCredentialsProvider` | ||
*/ | ||
def usingClientCredentialsProvider[F[_]: Concurrent: Clock, P]( | ||
clientCredentialsProvider: ClientCredentialsProvider[F] | ||
)( | ||
scope: Scope | ||
)( | ||
implicit backend: SttpBackend[F, P] | ||
): F[SttpOauth2ClientCredentialsCatsBackend[F, P]] = | ||
Cache.refCache[F, TokenWithExpiryInstant].flatMap(usingClientCredentialsProviderAndCache(clientCredentialsProvider, _)(scope)) | ||
|
||
def usingCache[F[_]: Concurrent: Clock, P]( | ||
cache: Cache[F, TokenWithExpiryInstant] | ||
)( | ||
tokenUrl: Uri, | ||
tokenIntrospectionUrl: Uri, | ||
clientId: NonEmptyString, | ||
clientSecret: Secret[String] | ||
)( | ||
scope: Scope | ||
)( | ||
implicit backend: SttpBackend[F, P] | ||
): F[SttpOauth2ClientCredentialsCatsBackend[F, P]] = { | ||
val clientCredentialsProvider = ClientCredentialsProvider.instance(tokenUrl, tokenIntrospectionUrl, clientId, clientSecret) | ||
usingClientCredentialsProviderAndCache(clientCredentialsProvider, cache)(scope) | ||
} | ||
|
||
/** Keep in mind that the given implicit `backend` may be different than this one used by `clientCredentialsProvider` | ||
*/ | ||
def usingClientCredentialsProviderAndCache[F[_]: Concurrent: Clock, P]( | ||
clientCredentialsProvider: ClientCredentialsProvider[F], | ||
cache: Cache[F, TokenWithExpiryInstant] | ||
)( | ||
scope: Scope | ||
)( | ||
implicit backend: SttpBackend[F, P] | ||
): F[SttpOauth2ClientCredentialsCatsBackend[F, P]] = | ||
usingFetchTokenActionAndCache(clientCredentialsProvider.requestToken(scope), cache) | ||
|
||
/** Keep in mind that the given implicit `backend` may be different than this one used by `fetchTokenAction` | ||
*/ | ||
def usingFetchTokenActionAndCache[F[_]: Concurrent: Clock, P]( | ||
fetchTokenAction: F[AccessTokenResponse], | ||
cache: Cache[F, TokenWithExpiryInstant] | ||
)( | ||
implicit backend: SttpBackend[F, P] | ||
): F[SttpOauth2ClientCredentialsCatsBackend[F, P]] = | ||
Semaphore(n = 1).map(new SttpOauth2ClientCredentialsCatsBackend(backend, fetchTokenAction, cache, _)) | ||
|
||
} |
Oops, something went wrong.