Summary
DefaultAuthProviderFactory bundles several concerns that framework integrations need individually: (1) resolving ReferenceableAuthenticationPolicy references, (2) extracting
OAuth2AuthenticationData from the union-of-unions structure, and (3) constructing AuthProvider instances. All internal methods are private, forcing frameworks to duplicate the resolution and
extraction logic.
Deliverables
1. resolvePolicy static method
Public static method on DefaultAuthProviderFactory that resolves a ReferenceableAuthenticationPolicy to an AuthenticationPolicyUnion:
public static AuthenticationPolicyUnion resolvePolicy(
Workflow workflow, ReferenceableAuthenticationPolicy auth)
2. OAuthPolicyData record
Public record that extracts OAuth2AuthenticationData + SecretBasedAuthenticationPolicy + OIDC flag from an AuthenticationPolicyUnion, eliminating the need to navigate the union-of-unions structure:
public record OAuthPolicyData(
OAuth2AuthenticationData data,
SecretBasedAuthenticationPolicy secret,
boolean openIdConnect) {
public static Optional<OAuthPolicyData> from(AuthenticationPolicyUnion policy);
}
Both changes are:
- Additive-only — no existing API changes
- Fully backward compatible — new public types/methods, no signature changes
- Pure and stateless — no dependency on instance state
The existing buildFromPolicy is refactored internally to use OAuthPolicyData.from(), consolidating the OAuth2/OIDC dispatch.
Use case
The Quarkus Flow OIDC extension implements AuthProviderFactory using Quarkus OIDC Client for token negotiation. It currently maintains a local
OAuth2Policy type that duplicates the union unwrapping and a union() method that duplicates the reference resolution logic. With resolvePolicy() + OAuthPolicyData.from(), the framework
integration pipeline becomes:
AuthenticationPolicyUnion union = DefaultAuthProviderFactory.resolvePolicy(workflow, auth);
Optional<OAuthPolicyData> oauthData = OAuthPolicyData.from(union);
// oauthData.get().data() → OAuth2AuthenticationData
// oauthData.get().openIdConnect() → boolean
This eliminates the Quarkus-side OAuth2Policy type and the union() reference resolution method entirely.
Summary
DefaultAuthProviderFactorybundles several concerns that framework integrations need individually: (1) resolvingReferenceableAuthenticationPolicyreferences, (2) extractingOAuth2AuthenticationDatafrom the union-of-unions structure, and (3) constructingAuthProviderinstances. All internal methods are private, forcing frameworks to duplicate the resolution andextraction logic.
Deliverables
1.
resolvePolicystatic methodPublic static method on
DefaultAuthProviderFactorythat resolves aReferenceableAuthenticationPolicyto anAuthenticationPolicyUnion:2.
OAuthPolicyDatarecordPublic record that extracts
OAuth2AuthenticationData+SecretBasedAuthenticationPolicy+ OIDC flag from anAuthenticationPolicyUnion, eliminating the need to navigate the union-of-unions structure:Both changes are:
The existing
buildFromPolicyis refactored internally to useOAuthPolicyData.from(), consolidating the OAuth2/OIDC dispatch.Use case
The Quarkus Flow OIDC extension implements
AuthProviderFactoryusing Quarkus OIDC Client for token negotiation. It currently maintains a localOAuth2Policytype that duplicates the union unwrapping and aunion()method that duplicates the reference resolution logic. WithresolvePolicy()+OAuthPolicyData.from(), the frameworkintegration pipeline becomes:
This eliminates the Quarkus-side
OAuth2Policytype and theunion()reference resolution method entirely.