Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XsuaaTokenFlows: Deprecated constructors for client credential based authentication #707

Closed
hoffmannsv007 opened this issue Nov 8, 2021 · 8 comments · Fixed by #708
Closed

XsuaaTokenFlows: Deprecated constructors for client credential based authentication #707

hoffmannsv007 opened this issue Nov 8, 2021 · 8 comments · Fixed by #708
Assignees
@nenaraab
Labels
bug Something isn't working

Comments

@hoffmannsv007
Copy link

hoffmannsv007 commented Nov 8, 2021
edited by nenaraab
Loading

Hello Colleagues,
could you please provide an example for the proper usage of Example Usage of XsuaaServiceConfiguration?

The background of this request is the following:
We have developed a service which in turn is calling an instance of the Market Rates Management (MRM) service. For the MRM call we first get the access token from the uaa instance bound to the MRM service. Currently we use the following coding for this purpose:

XsuaaTokenFlows tokenFlows =
        new XsuaaTokenFlows(
            new DefaultOAuth2TokenService(),
            new XsuaaDefaultEndpoints(uaaUrl),
            new ClientCredentials(clientId, clientSecret));

return tokenFlows.clientCredentialsTokenFlow().execute().getAccessToken();

In this solution uaaUrl, clientId and clientSecret are coming from uaa environment variables (VCAP_SERVICES):

@Value("${vcap.services.bpi-market-rates.credentials.uaa.url}")
String uaaUrl;

The solution was/is working as expected but unfortunately the used constructor version of XsuaaTokenFlows is now deprecated. For the alternative constructor we need an instance of OAuth2ServiceConfigurationProperties. I have seen that XsuaaServiceConfiguration is a specialization of OAuth2ServiceConfigurationProperties. My question now is, how do we get a proper instance of XsuaaServiceConfiguration?

Seeing that the SpringBoot annotation @ConfigurationProperties("sap.security.services.xsuaa") is used I’m wondering from where the properties are really taken from and how can I get an instance which then contains the uaa-credentials of the MRM service and not the ones of my own service?

And maybe one additional remark: at the end my own service should be called from the BTP Job Scheduler - I'm not sure if this adds additional complexity for getting the MRM credentials.

Thanks in advance for your help!

Best regards,
Sven.

P.S.: If have seen that there was already a similar question raised but this doesn't answer my question above.
@liga-oz liga-oz self-assigned this Nov 8, 2021
@nenaraab nenaraab self-assigned this Nov 8, 2021
@nenaraab nenaraab mentioned this issue Nov 8, 2021
Merged
@nenaraab nenaraab added the bug Something isn't working label Nov 8, 2021
@nenaraab
Copy link
Contributor

nenaraab commented Nov 8, 2021
edited
Loading

Hi @hoffmannsv007
in regard to your 707 request!
First of all sorry for the circuminstances!

XsuaaServiceConfiguration isn't an option in your case, as this requires an Xsuaa Service binding, but you have a uaa binding...
Consequently, I had to undo the deprecation in XsuaaDefaultEndpoints(String url) constructor.

The deprecation from XsuaaTokenFlows constructor seems to be ok, but you need to make sure, that you use

new com.sap.cloud.security.config.ClientCredentials(clientId, clientSecret)

instead of deprecated class

new com.sap.cloud.security.xsuaa.client.ClientCredentials(clientId, clientSecret)

Kind regards,
Nena

@nenaraab
Copy link
Contributor

nenaraab commented Nov 8, 2021

The fix will be released with version 2.11.3 version.

@nenaraab nenaraab reopened this Nov 10, 2021
@nenaraab
Copy link
Contributor

Reopen, as it is not yet released.

@nenaraab
Copy link
Contributor

nenaraab commented Nov 10, 2021
edited
Loading

Hi @hoffmannsv007
we decided to keep the XsuaaDefaultEndpoints(String) constructor deprecated, so please make use of XsuaaDefaultEndpoints(String, String) whereas the second certUri parameter can be null.

@shravanpishike
Copy link

@nenaraab We also face the same issue reported here (already raised an issue #701).
With respect to the below constructor of XsuaaTokenFlows, the parameter 'DefaultOAuth2TokenService()' is still deprecated, and also from which version onwards 'XsuaaDefaultEndpoints(String, String)' is available ?
XsuaaTokenFlows tokenFlows = new XsuaaTokenFlows( new DefaultOAuth2TokenService(), new XsuaaDefaultEndpoints(uaaUrl), new ClientCredentials(clientId, clientSecret));

@nenaraab nenaraab changed the title Example Usage of XsuaaServiceConfiguration XsuaaTokenFlows: Deprecated constructors Nov 11, 2021
@nenaraab
Copy link
Contributor

nenaraab commented Nov 11, 2021
edited
Loading

Hi @shravanpishike
thanks for the additional remark...

Finally, instead of

XsuaaTokenFlows tokenFlows =
        new XsuaaTokenFlows(
            new DefaultOAuth2TokenService(),
            new XsuaaDefaultEndpoints(uaaUrl),
            new ClientCredentials(clientId, clientSecret));

...instantiate XsuaaTokenFlows like that:

ClientIdentity identity = new ClientCredentials(clientId, clientSecret);

XsuaaTokenFlows tokenFlows =
        new XsuaaTokenFlows(
            new DefaultOAuth2TokenService(HttpClientFactory.create(identity)),  
            new XsuaaDefaultEndpoints(uaaUrl, null), // available as of 2.11.3
            identity
           );

@nenaraab nenaraab changed the title XsuaaTokenFlows: Deprecated constructors XsuaaTokenFlows: Deprecated constructors for client secret based authentication Nov 11, 2021
@nenaraab nenaraab changed the title XsuaaTokenFlows: Deprecated constructors for client secret based authentication XsuaaTokenFlows: Deprecated constructors for client credential based authentication Nov 11, 2021
@nenaraab nenaraab mentioned this issue Nov 15, 2021
Closed
@nenaraab
Copy link
Contributor

@hoffmannsv007
please also consider the documentation, provided here as this gives you by default the option to support both client credential based AND certificate based authentication.

@nenaraab
Copy link
Contributor

Done: https://github.com/SAP/cloud-security-xsuaa-integration/releases/tag/2.11.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nenaraab nenaraab

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
3 participants
@nenaraab @hoffmannsv007 @liga-oz