feat: Bearer token auth #786
Conversation
… client inits, codegen it in middleware context build process, and default it to StaticBearerTokenIdentityResolver in smithy-swift.
…more auth schemes to generated list.
…Builder from SmithyHTTPAPI module.
| .testTarget( | ||
| name: "SmithyHTTPAuthTests", | ||
| dependencies: ["SmithyHTTPAuth", "SmithyHTTPAPI", "Smithy", "SmithyIdentity", "ClientRuntime"] | ||
| ), |
There was a problem hiding this comment.
New target needed to add tests for BearerTokenSigner addd to the SmithyHTTPAuth module.
| @@ -0,0 +1,26 @@ | |||
| // | |||
There was a problem hiding this comment.
This is the new auth scheme for HTTP bearer auth. It scheme ID comes from the trait id for @httpBearerAuth Smithy trait. And it uses BearerTokenSigner to sign the request.
| @@ -0,0 +1,32 @@ | |||
| // | |||
There was a problem hiding this comment.
BearerTokenSigner signs the request by simply appending Auhotrization: Bearer <token-string> header to the HTTP request.
| @@ -0,0 +1,20 @@ | |||
| // | |||
There was a problem hiding this comment.
The BearerTokenIdentity that acts as credentials for HTTP bearer auth. Its token: String field literally just gets chucked onto Authorization header of the HTTP request during signing.
| @@ -0,0 +1,12 @@ | |||
| // | |||
There was a problem hiding this comment.
This is the new identity resolver protocol that all concrete implementations for identity resolvers that resolve token identity must conform to.
| @@ -126,6 +126,7 @@ class MiddlewareExecutionGenerator( | |||
| writer.write(" .withAuthSchemeResolver(value: config.authSchemeResolver)") | |||
| writer.write(" .withUnsignedPayloadTrait(value: ${op.hasTrait(UnsignedPayloadTrait::class.java)})") | |||
| writer.write(" .withSocketTimeout(value: config.httpClientConfiguration.socketTimeout)") | |||
| writer.write(" .withIdentityResolver(value: config.bearerTokenIdentityResolver, schemeID: \$S)", "smithy.api#httpBearerAuth") | |||
There was a problem hiding this comment.
We need bearerTokenIdentityResolver added to middleware context.
| @@ -0,0 +1,16 @@ | |||
| package software.amazon.smithy.swift.codegen.swiftmodules | |||
There was a problem hiding this comment.
The BearerTokenAuthScheme, but in codegen side now.
| @@ -6,6 +6,9 @@ import software.amazon.smithy.swift.codegen.SwiftDependency | |||
|
|
|||
There was a problem hiding this comment.
Again, the new runtime types but in codegen side now.
| @@ -0,0 +1,39 @@ | |||
| package software.amazon.smithy.swift.codegen.utils | |||
There was a problem hiding this comment.
This is a refactor for how we codegen the list of auth schemes supported by the service. Before, there was no auth scheme in smithy-swift, and so in smithy-swift codegen, the value of authSchemes field was always an empty array. The getModeledAuthSchemesSupportedBySDK was in aws-sdk-swift and only concerned itself with sigv4 & sigv4a. But now that BearerTokenAuthScheme is added to smithy-swift, generating list of auth schemes was pulled into smithy-swift.
| open fun addAdditionalSchemes(writer: SwiftWriter, authSchemeList: Array<String>): Array<String> { | ||
| // Override to add any additional auth schemes supported | ||
| return authSchemeList | ||
| } |
There was a problem hiding this comment.
This method is called within the getModeledAuthSchemesSupportedBySDK method above. THIS is the extension point for any custom codegen built on top of smithy-swift, e.g., aws-sdk-swift.
aws-sdk-swift detects & adds AWS specific auth schemes using this extension point.
| writer: SwiftWriter, | ||
| ): String { | ||
| val effectiveAuthSchemes = ServiceIndex(ctx.model).getEffectiveAuthSchemes(ctx.service) | ||
| var authSchemeList = arrayOf<String>() |
There was a problem hiding this comment.
Lists are usually preferred in Kotlin over arrays since they are a lot more powerful. It would probably be more idiomatic to use mutableListOf<String>() here and update related use cases accordingly
There was a problem hiding this comment.
Changed as suggested!
| authSchemeList = addAdditionalSchemes(writer, authSchemeList) | ||
|
|
||
| return "[${authSchemeList.joinToString(", ")}]" |
There was a problem hiding this comment.
consider changing to return addAdditionalSchemes(writer, authSchemeList).joinToString(prefix = "[", postfix = "]") or return authSchemeList.joinToString(prefix = "[", postfix = "]") to use idiomatic kotlin-provided functions -- prefix / postfix makes it more clear what's being added
the ", " in joinToString() should be unnecessary as comma separation is the default behavior (https://kotlinlang.org/api/latest/jvm/stdlib/kotlin.collections/join-to-string.html)
There was a problem hiding this comment.
Changed as suggested!
| return "[${authSchemeList.joinToString(", ")}]" | ||
| } | ||
|
|
||
| open fun addAdditionalSchemes(writer: SwiftWriter, authSchemeList: Array<String>): Array<String> { |
There was a problem hiding this comment.
Change function signature to use Lists instead of Arrays
open fun addAdditionalSchemes(writer: SwiftWriter, authSchemeList: MutableList<String>): List<String>
There was a problem hiding this comment.
Changed as suggested!
Companion PR: awslabs/aws-sdk-swift#1637
Issue #
awslabs/aws-sdk-swift#1083
Description of changes
Refer to comments on github diff
Scope
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.