Skip to content

Expose reference resolution in DefaultAuthProviderFactory as a public static method #1511

Description

@mcruzdev

Summary

DefaultAuthProviderFactory bundles several concerns that framework integrations need individually: (1) resolving ReferenceableAuthenticationPolicy references, (2) extracting
OAuth2AuthenticationData from the union-of-unions structure, and (3) constructing AuthProvider instances. All internal methods are private, forcing frameworks to duplicate the resolution and
extraction logic.

Deliverables

1. resolvePolicy static method

Public static method on DefaultAuthProviderFactory that resolves a ReferenceableAuthenticationPolicy to an AuthenticationPolicyUnion:

public static AuthenticationPolicyUnion resolvePolicy(
    Workflow workflow, ReferenceableAuthenticationPolicy auth)

2. OAuthPolicyData record

Public record that extracts OAuth2AuthenticationData + SecretBasedAuthenticationPolicy + OIDC flag from an AuthenticationPolicyUnion, eliminating the need to navigate the union-of-unions structure:

public record OAuthPolicyData(
    OAuth2AuthenticationData data,
    SecretBasedAuthenticationPolicy secret,
    boolean openIdConnect) {
  public static Optional<OAuthPolicyData> from(AuthenticationPolicyUnion policy);
}

Both changes are:

  • Additive-only — no existing API changes
  • Fully backward compatible — new public types/methods, no signature changes
  • Pure and stateless — no dependency on instance state

The existing buildFromPolicy is refactored internally to use OAuthPolicyData.from(), consolidating the OAuth2/OIDC dispatch.

Use case

The Quarkus Flow OIDC extension implements AuthProviderFactory using Quarkus OIDC Client for token negotiation. It currently maintains a local
OAuth2Policy type that duplicates the union unwrapping and a union() method that duplicates the reference resolution logic. With resolvePolicy() + OAuthPolicyData.from(), the framework
integration pipeline becomes:

AuthenticationPolicyUnion union = DefaultAuthProviderFactory.resolvePolicy(workflow, auth);
Optional<OAuthPolicyData> oauthData = OAuthPolicyData.from(union);
// oauthData.get().data() → OAuth2AuthenticationData
// oauthData.get().openIdConnect() → boolean

This eliminates the Quarkus-side OAuth2Policy type and the union() reference resolution method entirely.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions