From 75d4c6f6549b30b0e9ff47d42105c71f9c8b21c7 Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Wed, 1 Jul 2026 20:26:19 -0300 Subject: [PATCH 1/7] Create a resolvePolicy to help downstream frameworks Signed-off-by: Matheus Cruz --- .../impl/auth/DefaultAuthProviderFactory.java | 42 +++----- .../impl/test/ResolvePolicyTest.java | 100 ++++++++++++++++++ 2 files changed, 117 insertions(+), 25 deletions(-) create mode 100644 impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java index 59d8f193f..3004dc089 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java @@ -46,35 +46,27 @@ public Optional getAuth( @Override public Optional getAuth( WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) { + AuthenticationPolicyUnion policy = resolvePolicy(definition.workflow(), auth); + return policy == null + ? Optional.empty() + : buildFromPolicy(definition.application(), definition.workflow(), policy, method); + } + + public static AuthenticationPolicyUnion resolvePolicy( + Workflow workflow, ReferenceableAuthenticationPolicy auth) { if (auth == null) { - return Optional.empty(); + return null; } if (auth.getAuthenticationPolicyReference() != null) { - return buildFromReference( - definition.application(), - definition.workflow(), - auth.getAuthenticationPolicyReference().getUse(), - method); - } else if (auth.getAuthenticationPolicy() != null) { - return buildFromPolicy( - definition.application(), definition.workflow(), auth.getAuthenticationPolicy(), method); - } - return Optional.empty(); - } - - private Optional buildFromReference( - WorkflowApplication app, Workflow workflow, String use, String method) { - Use useInfo = workflow.getUse(); - if (useInfo == null) { - return Optional.empty(); + String use = auth.getAuthenticationPolicyReference().getUse(); + Use useInfo = workflow.getUse(); + if (useInfo == null) { + return null; + } + UseAuthentications authInfo = useInfo.getAuthentications(); + return authInfo == null ? null : authInfo.getAdditionalProperties().get(use); } - UseAuthentications authInfo = useInfo.getAuthentications(); - return authInfo == null - ? Optional.empty() - : authInfo.getAdditionalProperties().entrySet().stream() - .filter(s -> s.getKey().equals(use)) - .findAny() - .flatMap(e -> buildFromPolicy(app, workflow, e.getValue(), method)); + return auth.getAuthenticationPolicy(); } private Optional buildFromPolicy( diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java new file mode 100644 index 000000000..03b92d9e0 --- /dev/null +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java @@ -0,0 +1,100 @@ +/* + * Copyright 2020-Present The Serverless Workflow Specification Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.serverlessworkflow.impl.test; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; + +import io.serverlessworkflow.api.types.AuthenticationPolicyReference; +import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; +import io.serverlessworkflow.api.types.BearerAuthenticationPolicy; +import io.serverlessworkflow.api.types.BearerAuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.BearerAuthenticationProperties; +import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy; +import io.serverlessworkflow.api.types.Use; +import io.serverlessworkflow.api.types.UseAuthentications; +import io.serverlessworkflow.api.types.Workflow; +import io.serverlessworkflow.impl.auth.DefaultAuthProviderFactory; +import org.junit.jupiter.api.Test; + +public class ResolvePolicyTest { + + private static final AuthenticationPolicyUnion BEARER_POLICY = + new AuthenticationPolicyUnion() + .withBearerAuthenticationPolicy( + new BearerAuthenticationPolicy( + new BearerAuthenticationPolicyConfiguration() + .withBearerAuthenticationProperties( + new BearerAuthenticationProperties("test-token")))); + + @Test + void nullAuthReturnsNull() { + assertNull(DefaultAuthProviderFactory.resolvePolicy(new Workflow(), null)); + } + + @Test + void inlinePolicyReturnsPolicyDirectly() { + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy().withAuthenticationPolicy(BEARER_POLICY); + assertEquals(BEARER_POLICY, DefaultAuthProviderFactory.resolvePolicy(new Workflow(), auth)); + } + + @Test + void referenceResolvesFromWorkflowUseAuthentications() { + Workflow workflow = + new Workflow() + .withUse( + new Use() + .withAuthentications( + new UseAuthentications().withAdditionalProperty("myAuth", BEARER_POLICY))); + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy() + .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); + assertEquals(BEARER_POLICY, DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); + } + + @Test + void referenceWithNullUseReturnsNull() { + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy() + .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); + assertNull(DefaultAuthProviderFactory.resolvePolicy(new Workflow(), auth)); + } + + @Test + void referenceWithNullAuthenticationsReturnsNull() { + Workflow workflow = new Workflow().withUse(new Use()); + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy() + .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); + assertNull(DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); + } + + @Test + void referenceToNonExistentKeyReturnsNull() { + Workflow workflow = + new Workflow() + .withUse( + new Use() + .withAuthentications( + new UseAuthentications() + .withAdditionalProperty("otherAuth", BEARER_POLICY))); + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy() + .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); + assertNull(DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); + } +} From cedbd157e82689acb723064eccad9a5fb1d54d29 Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Wed, 1 Jul 2026 20:42:35 -0300 Subject: [PATCH 2/7] Introduce OAuthPolicyData Signed-off-by: Matheus Cruz --- .../impl/auth/DefaultAuthProviderFactory.java | 16 +-- .../impl/auth/OAuth2AuthProvider.java | 7 +- .../impl/auth/OAuthPolicyData.java | 59 +++++++++ .../impl/auth/OpenIdAuthProvider.java | 9 +- .../impl/test/OAuthPolicyDataTest.java | 121 ++++++++++++++++++ 5 files changed, 192 insertions(+), 20 deletions(-) create mode 100644 impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java create mode 100644 impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java index 3004dc089..7e6596e33 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java @@ -86,16 +86,12 @@ private Optional buildFromPolicy( return Optional.of( new DigestAuthProvider( app, workflow, authenticationPolicy.getDigestAuthenticationPolicy(), method)); - } else if (authenticationPolicy.getOAuth2AuthenticationPolicy() != null) { - return Optional.of( - new OAuth2AuthProvider( - app, workflow, authenticationPolicy.getOAuth2AuthenticationPolicy())); - } else if (authenticationPolicy.getOpenIdConnectAuthenticationPolicy() != null) { - return Optional.of( - new OpenIdAuthProvider( - app, workflow, authenticationPolicy.getOpenIdConnectAuthenticationPolicy())); } - - return Optional.empty(); + return OAuthPolicyData.from(authenticationPolicy) + .map( + policyData -> + policyData.scheme() == OAuthPolicyData.OAuthScheme.OPENID_CONNECT + ? new OpenIdAuthProvider(app, workflow, policyData) + : new OAuth2AuthProvider(app, workflow, policyData)); } } diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java index 9831051df..424fc9aca 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java @@ -15,19 +15,18 @@ */ package io.serverlessworkflow.impl.auth; -import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy; import io.serverlessworkflow.api.types.Workflow; import io.serverlessworkflow.impl.WorkflowApplication; class OAuth2AuthProvider extends CommonOAuthProvider { public OAuth2AuthProvider( - WorkflowApplication application, Workflow workflow, OAuth2AuthenticationPolicy authPolicy) { + WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { super( accessToken( workflow, - authPolicy.getOauth2().getOAuth2ConnectAuthenticationProperties(), - authPolicy.getOauth2().getOAuth2AuthenticationPolicySecret(), + policyData.data(), + policyData.secret(), new OAuthRequestBuilder(application))); } } diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java new file mode 100644 index 000000000..a01ee33b3 --- /dev/null +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java @@ -0,0 +1,59 @@ +/* + * Copyright 2020-Present The Serverless Workflow Specification Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.serverlessworkflow.impl.auth; + +import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; +import io.serverlessworkflow.api.types.OAuth2AuthenticationData; +import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy; +import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; +import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import java.util.Optional; + +public record OAuthPolicyData( + OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) { + + public enum OAuthScheme { + OAUTH2, + OPENID_CONNECT + } + + public static Optional from(AuthenticationPolicyUnion policy) { + if (policy == null) { + return Optional.empty(); + } + OAuth2AuthenticationPolicy oauth2 = policy.getOAuth2AuthenticationPolicy(); + if (oauth2 != null) { + OAuth2AuthenticationPolicyConfiguration config = oauth2.getOauth2(); + return Optional.of( + new OAuthPolicyData( + config.getOAuth2ConnectAuthenticationProperties(), + config.getOAuth2AuthenticationPolicySecret(), + OAuthScheme.OAUTH2)); + } + OpenIdConnectAuthenticationPolicy oidc = policy.getOpenIdConnectAuthenticationPolicy(); + if (oidc != null) { + OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); + return Optional.of( + new OAuthPolicyData( + config.getOpenIdConnectAuthenticationProperties(), + config.getOpenIdConnectAuthenticationPolicySecret(), + OAuthScheme.OPENID_CONNECT)); + } + return Optional.empty(); + } +} diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java index dc7db0548..197b23c49 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java @@ -15,21 +15,18 @@ */ package io.serverlessworkflow.impl.auth; -import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.Workflow; import io.serverlessworkflow.impl.WorkflowApplication; class OpenIdAuthProvider extends CommonOAuthProvider { public OpenIdAuthProvider( - WorkflowApplication application, - Workflow workflow, - OpenIdConnectAuthenticationPolicy authPolicy) { + WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { super( accessToken( workflow, - authPolicy.getOidc().getOpenIdConnectAuthenticationProperties(), - authPolicy.getOidc().getOpenIdConnectAuthenticationPolicySecret(), + policyData.data(), + policyData.secret(), new OpenIdRequestBuilder(application))); } } diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java new file mode 100644 index 000000000..0260607c8 --- /dev/null +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java @@ -0,0 +1,121 @@ +/* + * Copyright 2020-Present The Serverless Workflow Specification Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.serverlessworkflow.impl.test; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; +import io.serverlessworkflow.api.types.BasicAuthenticationPolicy; +import io.serverlessworkflow.api.types.OAuth2AuthenticationData; +import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy; +import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.OAuth2ConnectAuthenticationProperties; +import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; +import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import io.serverlessworkflow.impl.auth.OAuthPolicyData; +import java.util.Optional; +import org.junit.jupiter.api.Test; + +public class OAuthPolicyDataTest { + + @Test + void fromNullReturnsEmpty() { + assertEquals(Optional.empty(), OAuthPolicyData.from(null)); + } + + @Test + void fromNonOAuthPolicyReturnsEmpty() { + AuthenticationPolicyUnion union = + new AuthenticationPolicyUnion() + .withBasicAuthenticationPolicy(new BasicAuthenticationPolicy()); + assertTrue(OAuthPolicyData.from(union).isEmpty()); + } + + @Test + void fromOAuth2InlineData() { + OAuth2ConnectAuthenticationProperties props = new OAuth2ConnectAuthenticationProperties(); + AuthenticationPolicyUnion union = + new AuthenticationPolicyUnion() + .withOAuth2AuthenticationPolicy( + new OAuth2AuthenticationPolicy() + .withOauth2( + new OAuth2AuthenticationPolicyConfiguration() + .withOAuth2ConnectAuthenticationProperties(props))); + Optional result = OAuthPolicyData.from(union); + assertTrue(result.isPresent()); + OAuthPolicyData data = result.get(); + assertEquals(OAuthPolicyData.OAuthScheme.OAUTH2, data.scheme()); + assertEquals(props, data.data()); + assertNull(data.secret()); + } + + @Test + void fromOAuth2Secret() { + SecretBasedAuthenticationPolicy secret = new SecretBasedAuthenticationPolicy("mySecret"); + AuthenticationPolicyUnion union = + new AuthenticationPolicyUnion() + .withOAuth2AuthenticationPolicy( + new OAuth2AuthenticationPolicy() + .withOauth2( + new OAuth2AuthenticationPolicyConfiguration() + .withOAuth2AuthenticationPolicySecret(secret))); + Optional result = OAuthPolicyData.from(union); + assertTrue(result.isPresent()); + OAuthPolicyData data = result.get(); + assertEquals(OAuthPolicyData.OAuthScheme.OAUTH2, data.scheme()); + assertNull(data.data()); + assertEquals(secret, data.secret()); + } + + @Test + void fromOidcInlineData() { + OAuth2AuthenticationData oidcData = new OAuth2AuthenticationData(); + AuthenticationPolicyUnion union = + new AuthenticationPolicyUnion() + .withOpenIdConnectAuthenticationPolicy( + new OpenIdConnectAuthenticationPolicy() + .withOidc( + new OpenIdConnectAuthenticationPolicyConfiguration() + .withOpenIdConnectAuthenticationProperties(oidcData))); + Optional result = OAuthPolicyData.from(union); + assertTrue(result.isPresent()); + OAuthPolicyData data = result.get(); + assertEquals(OAuthPolicyData.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertEquals(oidcData, data.data()); + assertNull(data.secret()); + } + + @Test + void fromOidcSecret() { + SecretBasedAuthenticationPolicy secret = new SecretBasedAuthenticationPolicy("oidcSecret"); + AuthenticationPolicyUnion union = + new AuthenticationPolicyUnion() + .withOpenIdConnectAuthenticationPolicy( + new OpenIdConnectAuthenticationPolicy() + .withOidc( + new OpenIdConnectAuthenticationPolicyConfiguration() + .withOpenIdConnectAuthenticationPolicySecret(secret))); + Optional result = OAuthPolicyData.from(union); + assertTrue(result.isPresent()); + OAuthPolicyData data = result.get(); + assertEquals(OAuthPolicyData.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertNull(data.data()); + assertEquals(secret, data.secret()); + } +} From 7cc24d9043d1a87163f1e7a4135d525b01923777 Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Wed, 1 Jul 2026 21:28:08 -0300 Subject: [PATCH 3/7] Guard against null nested configuration in OAuthPolicyData.from Signed-off-by: Matheus Cruz --- .../java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java index a01ee33b3..71388b459 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java @@ -37,7 +37,7 @@ public static Optional from(AuthenticationPolicyUnion policy) { return Optional.empty(); } OAuth2AuthenticationPolicy oauth2 = policy.getOAuth2AuthenticationPolicy(); - if (oauth2 != null) { + if (oauth2 != null && oauth2.getOauth2() != null) { OAuth2AuthenticationPolicyConfiguration config = oauth2.getOauth2(); return Optional.of( new OAuthPolicyData( @@ -46,7 +46,7 @@ public static Optional from(AuthenticationPolicyUnion policy) { OAuthScheme.OAUTH2)); } OpenIdConnectAuthenticationPolicy oidc = policy.getOpenIdConnectAuthenticationPolicy(); - if (oidc != null) { + if (oidc != null && oidc.getOidc() != null) { OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); return Optional.of( new OAuthPolicyData( From 1bcd170f7b336063b7927dc3f172696f88f6171c Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Wed, 1 Jul 2026 21:36:28 -0300 Subject: [PATCH 4/7] Fail fast on null workflow in resolvePolicy Signed-off-by: Matheus Cruz --- .../impl/auth/DefaultAuthProviderFactory.java | 4 ++++ .../impl/test/ResolvePolicyTest.java | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java index 7e6596e33..a7a3147d8 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java @@ -54,6 +54,10 @@ public Optional getAuth( public static AuthenticationPolicyUnion resolvePolicy( Workflow workflow, ReferenceableAuthenticationPolicy auth) { + if (workflow == null) { + throw new IllegalArgumentException( + "workflow must not be null when resolving an authentication policy reference"); + } if (auth == null) { return null; } diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java index 03b92d9e0..835e7af36 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java @@ -17,6 +17,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import io.serverlessworkflow.api.types.AuthenticationPolicyReference; import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; @@ -66,6 +67,15 @@ void referenceResolvesFromWorkflowUseAuthentications() { assertEquals(BEARER_POLICY, DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); } + @Test + void referenceWithNullWorkflowThrows() { + ReferenceableAuthenticationPolicy auth = + new ReferenceableAuthenticationPolicy() + .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); + assertThrows( + IllegalArgumentException.class, () -> DefaultAuthProviderFactory.resolvePolicy(null, auth)); + } + @Test void referenceWithNullUseReturnsNull() { ReferenceableAuthenticationPolicy auth = From 0bf14d47a623cada49fd035fccef66ec2aa25bd2 Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Thu, 2 Jul 2026 11:17:55 -0300 Subject: [PATCH 5/7] Consolidate auth utilities into OAuthUtils Signed-off-by: Matheus Cruz --- .../impl/auth/DefaultAuthProviderFactory.java | 29 +--------- .../impl/auth/OAuth2AuthProvider.java | 2 +- .../{OAuthPolicyData.java => OAuthUtils.java} | 57 ++++++++++++++----- .../impl/auth/OpenIdAuthProvider.java | 2 +- ...olicyDataTest.java => OAuthUtilsTest.java} | 25 ++++---- .../impl/test/ResolvePolicyTest.java | 24 +++----- 6 files changed, 68 insertions(+), 71 deletions(-) rename impl/core/src/main/java/io/serverlessworkflow/impl/auth/{OAuthPolicyData.java => OAuthUtils.java} (52%) rename impl/test/src/test/java/io/serverlessworkflow/impl/test/{OAuthPolicyDataTest.java => OAuthUtilsTest.java} (84%) diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java index a7a3147d8..db4d2d449 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java @@ -18,8 +18,6 @@ import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; import io.serverlessworkflow.api.types.EndpointConfiguration; import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy; -import io.serverlessworkflow.api.types.Use; -import io.serverlessworkflow.api.types.UseAuthentications; import io.serverlessworkflow.api.types.Workflow; import io.serverlessworkflow.impl.WorkflowApplication; import io.serverlessworkflow.impl.WorkflowDefinition; @@ -46,33 +44,12 @@ public Optional getAuth( @Override public Optional getAuth( WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) { - AuthenticationPolicyUnion policy = resolvePolicy(definition.workflow(), auth); + AuthenticationPolicyUnion policy = OAuthUtils.resolvePolicy(definition.workflow(), auth); return policy == null ? Optional.empty() : buildFromPolicy(definition.application(), definition.workflow(), policy, method); } - public static AuthenticationPolicyUnion resolvePolicy( - Workflow workflow, ReferenceableAuthenticationPolicy auth) { - if (workflow == null) { - throw new IllegalArgumentException( - "workflow must not be null when resolving an authentication policy reference"); - } - if (auth == null) { - return null; - } - if (auth.getAuthenticationPolicyReference() != null) { - String use = auth.getAuthenticationPolicyReference().getUse(); - Use useInfo = workflow.getUse(); - if (useInfo == null) { - return null; - } - UseAuthentications authInfo = useInfo.getAuthentications(); - return authInfo == null ? null : authInfo.getAdditionalProperties().get(use); - } - return auth.getAuthenticationPolicy(); - } - private Optional buildFromPolicy( WorkflowApplication app, Workflow workflow, @@ -91,10 +68,10 @@ private Optional buildFromPolicy( new DigestAuthProvider( app, workflow, authenticationPolicy.getDigestAuthenticationPolicy(), method)); } - return OAuthPolicyData.from(authenticationPolicy) + return OAuthUtils.from(authenticationPolicy) .map( policyData -> - policyData.scheme() == OAuthPolicyData.OAuthScheme.OPENID_CONNECT + policyData.scheme() == OAuthUtils.OAuthScheme.OPENID_CONNECT ? new OpenIdAuthProvider(app, workflow, policyData) : new OAuth2AuthProvider(app, workflow, policyData)); } diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java index 424fc9aca..5b9c6665e 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java @@ -21,7 +21,7 @@ class OAuth2AuthProvider extends CommonOAuthProvider { public OAuth2AuthProvider( - WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { + WorkflowApplication application, Workflow workflow, OAuthUtils.OAuthPolicyData policyData) { super( accessToken( workflow, diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java similarity index 52% rename from impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java rename to impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java index 71388b459..b7509abdd 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java @@ -21,39 +21,68 @@ import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; +import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy; import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import io.serverlessworkflow.api.types.Use; +import io.serverlessworkflow.api.types.UseAuthentications; +import io.serverlessworkflow.api.types.Workflow; import java.util.Optional; -public record OAuthPolicyData( - OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) { +public class OAuthUtils { + + private OAuthUtils() {} public enum OAuthScheme { OAUTH2, OPENID_CONNECT } + public record OAuthPolicyData( + OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {} + public static Optional from(AuthenticationPolicyUnion policy) { if (policy == null) { return Optional.empty(); } OAuth2AuthenticationPolicy oauth2 = policy.getOAuth2AuthenticationPolicy(); - if (oauth2 != null && oauth2.getOauth2() != null) { + if (oauth2 != null) { OAuth2AuthenticationPolicyConfiguration config = oauth2.getOauth2(); - return Optional.of( - new OAuthPolicyData( - config.getOAuth2ConnectAuthenticationProperties(), - config.getOAuth2AuthenticationPolicySecret(), - OAuthScheme.OAUTH2)); + if (config != null) { + return Optional.of( + new OAuthPolicyData( + config.getOAuth2ConnectAuthenticationProperties(), + config.getOAuth2AuthenticationPolicySecret(), + OAuthScheme.OAUTH2)); + } } OpenIdConnectAuthenticationPolicy oidc = policy.getOpenIdConnectAuthenticationPolicy(); - if (oidc != null && oidc.getOidc() != null) { + if (oidc != null) { OpenIdConnectAuthenticationPolicyConfiguration config = oidc.getOidc(); - return Optional.of( - new OAuthPolicyData( - config.getOpenIdConnectAuthenticationProperties(), - config.getOpenIdConnectAuthenticationPolicySecret(), - OAuthScheme.OPENID_CONNECT)); + if (config != null) { + return Optional.of( + new OAuthPolicyData( + config.getOpenIdConnectAuthenticationProperties(), + config.getOpenIdConnectAuthenticationPolicySecret(), + OAuthScheme.OPENID_CONNECT)); + } } return Optional.empty(); } + + public static AuthenticationPolicyUnion resolvePolicy( + Workflow workflow, ReferenceableAuthenticationPolicy auth) { + if (auth == null) { + return null; + } + if (auth.getAuthenticationPolicyReference() != null) { + String use = auth.getAuthenticationPolicyReference().getUse(); + Use useInfo = workflow.getUse(); + if (useInfo == null) { + return null; + } + UseAuthentications authInfo = useInfo.getAuthentications(); + return authInfo == null ? null : authInfo.getAdditionalProperties().get(use); + } + return auth.getAuthenticationPolicy(); + } } diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java index 197b23c49..7263a3643 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java @@ -21,7 +21,7 @@ class OpenIdAuthProvider extends CommonOAuthProvider { public OpenIdAuthProvider( - WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { + WorkflowApplication application, Workflow workflow, OAuthUtils.OAuthPolicyData policyData) { super( accessToken( workflow, diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java similarity index 84% rename from impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java rename to impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java index 0260607c8..ff7908bcf 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthPolicyDataTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java @@ -28,15 +28,16 @@ import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; -import io.serverlessworkflow.impl.auth.OAuthPolicyData; +import io.serverlessworkflow.impl.auth.OAuthUtils; +import io.serverlessworkflow.impl.auth.OAuthUtils.OAuthPolicyData; import java.util.Optional; import org.junit.jupiter.api.Test; -public class OAuthPolicyDataTest { +public class OAuthUtilsTest { @Test void fromNullReturnsEmpty() { - assertEquals(Optional.empty(), OAuthPolicyData.from(null)); + assertEquals(Optional.empty(), OAuthUtils.from(null)); } @Test @@ -44,7 +45,7 @@ void fromNonOAuthPolicyReturnsEmpty() { AuthenticationPolicyUnion union = new AuthenticationPolicyUnion() .withBasicAuthenticationPolicy(new BasicAuthenticationPolicy()); - assertTrue(OAuthPolicyData.from(union).isEmpty()); + assertTrue(OAuthUtils.from(union).isEmpty()); } @Test @@ -57,10 +58,10 @@ void fromOAuth2InlineData() { .withOauth2( new OAuth2AuthenticationPolicyConfiguration() .withOAuth2ConnectAuthenticationProperties(props))); - Optional result = OAuthPolicyData.from(union); + Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthPolicyData.OAuthScheme.OAUTH2, data.scheme()); + assertEquals(OAuthUtils.OAuthScheme.OAUTH2, data.scheme()); assertEquals(props, data.data()); assertNull(data.secret()); } @@ -75,10 +76,10 @@ void fromOAuth2Secret() { .withOauth2( new OAuth2AuthenticationPolicyConfiguration() .withOAuth2AuthenticationPolicySecret(secret))); - Optional result = OAuthPolicyData.from(union); + Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthPolicyData.OAuthScheme.OAUTH2, data.scheme()); + assertEquals(OAuthUtils.OAuthScheme.OAUTH2, data.scheme()); assertNull(data.data()); assertEquals(secret, data.secret()); } @@ -93,10 +94,10 @@ void fromOidcInlineData() { .withOidc( new OpenIdConnectAuthenticationPolicyConfiguration() .withOpenIdConnectAuthenticationProperties(oidcData))); - Optional result = OAuthPolicyData.from(union); + Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthPolicyData.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertEquals(OAuthUtils.OAuthScheme.OPENID_CONNECT, data.scheme()); assertEquals(oidcData, data.data()); assertNull(data.secret()); } @@ -111,10 +112,10 @@ void fromOidcSecret() { .withOidc( new OpenIdConnectAuthenticationPolicyConfiguration() .withOpenIdConnectAuthenticationPolicySecret(secret))); - Optional result = OAuthPolicyData.from(union); + Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthPolicyData.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertEquals(OAuthUtils.OAuthScheme.OPENID_CONNECT, data.scheme()); assertNull(data.data()); assertEquals(secret, data.secret()); } diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java index 835e7af36..21521f71f 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java @@ -17,7 +17,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; -import static org.junit.jupiter.api.Assertions.assertThrows; import io.serverlessworkflow.api.types.AuthenticationPolicyReference; import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; @@ -28,7 +27,7 @@ import io.serverlessworkflow.api.types.Use; import io.serverlessworkflow.api.types.UseAuthentications; import io.serverlessworkflow.api.types.Workflow; -import io.serverlessworkflow.impl.auth.DefaultAuthProviderFactory; +import io.serverlessworkflow.impl.auth.OAuthUtils; import org.junit.jupiter.api.Test; public class ResolvePolicyTest { @@ -43,14 +42,14 @@ public class ResolvePolicyTest { @Test void nullAuthReturnsNull() { - assertNull(DefaultAuthProviderFactory.resolvePolicy(new Workflow(), null)); + assertNull(OAuthUtils.resolvePolicy(new Workflow(), null)); } @Test void inlinePolicyReturnsPolicyDirectly() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy().withAuthenticationPolicy(BEARER_POLICY); - assertEquals(BEARER_POLICY, DefaultAuthProviderFactory.resolvePolicy(new Workflow(), auth)); + assertEquals(BEARER_POLICY, OAuthUtils.resolvePolicy(new Workflow(), auth)); } @Test @@ -64,16 +63,7 @@ void referenceResolvesFromWorkflowUseAuthentications() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertEquals(BEARER_POLICY, DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); - } - - @Test - void referenceWithNullWorkflowThrows() { - ReferenceableAuthenticationPolicy auth = - new ReferenceableAuthenticationPolicy() - .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertThrows( - IllegalArgumentException.class, () -> DefaultAuthProviderFactory.resolvePolicy(null, auth)); + assertEquals(BEARER_POLICY, OAuthUtils.resolvePolicy(workflow, auth)); } @Test @@ -81,7 +71,7 @@ void referenceWithNullUseReturnsNull() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(DefaultAuthProviderFactory.resolvePolicy(new Workflow(), auth)); + assertNull(OAuthUtils.resolvePolicy(new Workflow(), auth)); } @Test @@ -90,7 +80,7 @@ void referenceWithNullAuthenticationsReturnsNull() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); + assertNull(OAuthUtils.resolvePolicy(workflow, auth)); } @Test @@ -105,6 +95,6 @@ void referenceToNonExistentKeyReturnsNull() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(DefaultAuthProviderFactory.resolvePolicy(workflow, auth)); + assertNull(OAuthUtils.resolvePolicy(workflow, auth)); } } From 5bfd5e962d2bffbfa118a991a1a64a7991e18eb4 Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Thu, 2 Jul 2026 12:08:31 -0300 Subject: [PATCH 6/7] Return Optional from resolvePolicy and extract OAuthScheme enum Replace null returns with Optional in OAuthUtils.resolvePolicy to align with the existing from() method style, and extract OAuthScheme to its own top-level file. Signed-off-by: Matheus Cruz --- .../impl/auth/DefaultAuthProviderFactory.java | 10 ++++----- .../impl/auth/OAuthScheme.java | 21 +++++++++++++++++++ .../impl/auth/OAuthUtils.java | 21 ++++++------------- .../impl/test/OAuthUtilsTest.java | 9 ++++---- .../impl/test/ResolvePolicyTest.java | 21 ++++++++++--------- 5 files changed, 48 insertions(+), 34 deletions(-) create mode 100644 impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthScheme.java diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java index db4d2d449..3d68e4b0e 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/DefaultAuthProviderFactory.java @@ -44,10 +44,10 @@ public Optional getAuth( @Override public Optional getAuth( WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) { - AuthenticationPolicyUnion policy = OAuthUtils.resolvePolicy(definition.workflow(), auth); - return policy == null - ? Optional.empty() - : buildFromPolicy(definition.application(), definition.workflow(), policy, method); + return OAuthUtils.resolvePolicy(definition.workflow(), auth) + .flatMap( + policy -> + buildFromPolicy(definition.application(), definition.workflow(), policy, method)); } private Optional buildFromPolicy( @@ -71,7 +71,7 @@ private Optional buildFromPolicy( return OAuthUtils.from(authenticationPolicy) .map( policyData -> - policyData.scheme() == OAuthUtils.OAuthScheme.OPENID_CONNECT + policyData.scheme() == OAuthScheme.OPENID_CONNECT ? new OpenIdAuthProvider(app, workflow, policyData) : new OAuth2AuthProvider(app, workflow, policyData)); } diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthScheme.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthScheme.java new file mode 100644 index 000000000..eaa353f2f --- /dev/null +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthScheme.java @@ -0,0 +1,21 @@ +/* + * Copyright 2020-Present The Serverless Workflow Specification Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.serverlessworkflow.impl.auth; + +public enum OAuthScheme { + OAUTH2, + OPENID_CONNECT +} diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java index b7509abdd..cf9eef4ee 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java @@ -24,7 +24,6 @@ import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy; import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; import io.serverlessworkflow.api.types.Use; -import io.serverlessworkflow.api.types.UseAuthentications; import io.serverlessworkflow.api.types.Workflow; import java.util.Optional; @@ -32,11 +31,6 @@ public class OAuthUtils { private OAuthUtils() {} - public enum OAuthScheme { - OAUTH2, - OPENID_CONNECT - } - public record OAuthPolicyData( OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {} @@ -69,20 +63,17 @@ public static Optional from(AuthenticationPolicyUnion policy) { return Optional.empty(); } - public static AuthenticationPolicyUnion resolvePolicy( + public static Optional resolvePolicy( Workflow workflow, ReferenceableAuthenticationPolicy auth) { if (auth == null) { - return null; + return Optional.empty(); } if (auth.getAuthenticationPolicyReference() != null) { String use = auth.getAuthenticationPolicyReference().getUse(); - Use useInfo = workflow.getUse(); - if (useInfo == null) { - return null; - } - UseAuthentications authInfo = useInfo.getAuthentications(); - return authInfo == null ? null : authInfo.getAdditionalProperties().get(use); + return Optional.ofNullable(workflow.getUse()) + .map(Use::getAuthentications) + .map(a -> a.getAdditionalProperties().get(use)); } - return auth.getAuthenticationPolicy(); + return Optional.ofNullable(auth.getAuthenticationPolicy()); } } diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java index ff7908bcf..d4d59b62c 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java @@ -28,6 +28,7 @@ import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import io.serverlessworkflow.impl.auth.OAuthScheme; import io.serverlessworkflow.impl.auth.OAuthUtils; import io.serverlessworkflow.impl.auth.OAuthUtils.OAuthPolicyData; import java.util.Optional; @@ -61,7 +62,7 @@ void fromOAuth2InlineData() { Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthUtils.OAuthScheme.OAUTH2, data.scheme()); + assertEquals(OAuthScheme.OAUTH2, data.scheme()); assertEquals(props, data.data()); assertNull(data.secret()); } @@ -79,7 +80,7 @@ void fromOAuth2Secret() { Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthUtils.OAuthScheme.OAUTH2, data.scheme()); + assertEquals(OAuthScheme.OAUTH2, data.scheme()); assertNull(data.data()); assertEquals(secret, data.secret()); } @@ -97,7 +98,7 @@ void fromOidcInlineData() { Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthUtils.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertEquals(OAuthScheme.OPENID_CONNECT, data.scheme()); assertEquals(oidcData, data.data()); assertNull(data.secret()); } @@ -115,7 +116,7 @@ void fromOidcSecret() { Optional result = OAuthUtils.from(union); assertTrue(result.isPresent()); OAuthPolicyData data = result.get(); - assertEquals(OAuthUtils.OAuthScheme.OPENID_CONNECT, data.scheme()); + assertEquals(OAuthScheme.OPENID_CONNECT, data.scheme()); assertNull(data.data()); assertEquals(secret, data.secret()); } diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java index 21521f71f..7bd45b303 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/ResolvePolicyTest.java @@ -16,7 +16,7 @@ package io.serverlessworkflow.impl.test; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; import io.serverlessworkflow.api.types.AuthenticationPolicyReference; import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; @@ -28,6 +28,7 @@ import io.serverlessworkflow.api.types.UseAuthentications; import io.serverlessworkflow.api.types.Workflow; import io.serverlessworkflow.impl.auth.OAuthUtils; +import java.util.Optional; import org.junit.jupiter.api.Test; public class ResolvePolicyTest { @@ -42,14 +43,14 @@ public class ResolvePolicyTest { @Test void nullAuthReturnsNull() { - assertNull(OAuthUtils.resolvePolicy(new Workflow(), null)); + assertTrue(OAuthUtils.resolvePolicy(new Workflow(), null).isEmpty()); } @Test void inlinePolicyReturnsPolicyDirectly() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy().withAuthenticationPolicy(BEARER_POLICY); - assertEquals(BEARER_POLICY, OAuthUtils.resolvePolicy(new Workflow(), auth)); + assertEquals(Optional.of(BEARER_POLICY), OAuthUtils.resolvePolicy(new Workflow(), auth)); } @Test @@ -63,28 +64,28 @@ void referenceResolvesFromWorkflowUseAuthentications() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertEquals(BEARER_POLICY, OAuthUtils.resolvePolicy(workflow, auth)); + assertEquals(Optional.of(BEARER_POLICY), OAuthUtils.resolvePolicy(workflow, auth)); } @Test - void referenceWithNullUseReturnsNull() { + void referenceWithNullUseReturnsEmpty() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(OAuthUtils.resolvePolicy(new Workflow(), auth)); + assertTrue(OAuthUtils.resolvePolicy(new Workflow(), auth).isEmpty()); } @Test - void referenceWithNullAuthenticationsReturnsNull() { + void referenceWithNullAuthenticationsReturnsEmpty() { Workflow workflow = new Workflow().withUse(new Use()); ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(OAuthUtils.resolvePolicy(workflow, auth)); + assertTrue(OAuthUtils.resolvePolicy(workflow, auth).isEmpty()); } @Test - void referenceToNonExistentKeyReturnsNull() { + void referenceToNonExistentKeyReturnsEmpty() { Workflow workflow = new Workflow() .withUse( @@ -95,6 +96,6 @@ void referenceToNonExistentKeyReturnsNull() { ReferenceableAuthenticationPolicy auth = new ReferenceableAuthenticationPolicy() .withAuthenticationPolicyReference(new AuthenticationPolicyReference("myAuth")); - assertNull(OAuthUtils.resolvePolicy(workflow, auth)); + assertTrue(OAuthUtils.resolvePolicy(workflow, auth).isEmpty()); } } From 00b697bb19966ad355ddca47ebae9b2c5242ed2e Mon Sep 17 00:00:00 2001 From: Matheus Cruz Date: Thu, 2 Jul 2026 12:22:41 -0300 Subject: [PATCH 7/7] Extract OAuthPolicyData to a top-level file with a from() factory method Move OAuthPolicyData out of OAuthUtils into its own file so integrations can reference it directly, and add a static from(AuthenticationPolicyUnion) convenience factory that delegates to OAuthUtils.from(). Signed-off-by: Matheus Cruz --- .../impl/auth/OAuth2AuthProvider.java | 2 +- .../impl/auth/OAuthPolicyData.java | 29 +++++++++++++++++++ .../impl/auth/OAuthUtils.java | 5 ---- .../impl/auth/OpenIdAuthProvider.java | 2 +- .../impl/test/OAuthUtilsTest.java | 2 +- 5 files changed, 32 insertions(+), 8 deletions(-) create mode 100644 impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java index 5b9c6665e..424fc9aca 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuth2AuthProvider.java @@ -21,7 +21,7 @@ class OAuth2AuthProvider extends CommonOAuthProvider { public OAuth2AuthProvider( - WorkflowApplication application, Workflow workflow, OAuthUtils.OAuthPolicyData policyData) { + WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { super( accessToken( workflow, diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java new file mode 100644 index 000000000..2ea2080fb --- /dev/null +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthPolicyData.java @@ -0,0 +1,29 @@ +/* + * Copyright 2020-Present The Serverless Workflow Specification Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package io.serverlessworkflow.impl.auth; + +import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; +import io.serverlessworkflow.api.types.OAuth2AuthenticationData; +import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import java.util.Optional; + +public record OAuthPolicyData( + OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) { + + public static Optional from(AuthenticationPolicyUnion policy) { + return OAuthUtils.from(policy); + } +} diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java index cf9eef4ee..c73ce4b23 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OAuthUtils.java @@ -16,13 +16,11 @@ package io.serverlessworkflow.impl.auth; import io.serverlessworkflow.api.types.AuthenticationPolicyUnion; -import io.serverlessworkflow.api.types.OAuth2AuthenticationData; import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicy; import io.serverlessworkflow.api.types.OAuth2AuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy; -import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; import io.serverlessworkflow.api.types.Use; import io.serverlessworkflow.api.types.Workflow; import java.util.Optional; @@ -31,9 +29,6 @@ public class OAuthUtils { private OAuthUtils() {} - public record OAuthPolicyData( - OAuth2AuthenticationData data, SecretBasedAuthenticationPolicy secret, OAuthScheme scheme) {} - public static Optional from(AuthenticationPolicyUnion policy) { if (policy == null) { return Optional.empty(); diff --git a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java index 7263a3643..197b23c49 100644 --- a/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java +++ b/impl/core/src/main/java/io/serverlessworkflow/impl/auth/OpenIdAuthProvider.java @@ -21,7 +21,7 @@ class OpenIdAuthProvider extends CommonOAuthProvider { public OpenIdAuthProvider( - WorkflowApplication application, Workflow workflow, OAuthUtils.OAuthPolicyData policyData) { + WorkflowApplication application, Workflow workflow, OAuthPolicyData policyData) { super( accessToken( workflow, diff --git a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java index d4d59b62c..69dbf7f20 100644 --- a/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java +++ b/impl/test/src/test/java/io/serverlessworkflow/impl/test/OAuthUtilsTest.java @@ -28,9 +28,9 @@ import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicy; import io.serverlessworkflow.api.types.OpenIdConnectAuthenticationPolicyConfiguration; import io.serverlessworkflow.api.types.SecretBasedAuthenticationPolicy; +import io.serverlessworkflow.impl.auth.OAuthPolicyData; import io.serverlessworkflow.impl.auth.OAuthScheme; import io.serverlessworkflow.impl.auth.OAuthUtils; -import io.serverlessworkflow.impl.auth.OAuthUtils.OAuthPolicyData; import java.util.Optional; import org.junit.jupiter.api.Test;