Replies: 3 comments 4 replies
-
@geoand @cescoffier |
Beta Was this translation helpful? Give feedback.
-
@nitinty I recommend using OIDC token propagation, https://quarkus.io/guides/security-openid-connect-client-reference#token-propagation-rest Note in this case the incoming bearer token must be verified first before being propagated, you can use Propagating unverified tokens risks turning the endpoint into a proxy which will send even invalid tokens to the downstream internal services. If the token is invalid, even if the downstream service is capable of rejecting it, the pressure on the whole system grows with posisbly foreign tokens flowing through it |
Beta Was this translation helpful? Give feedback.
-
What @sberyozkin proposes is the proper way to go if you are looking for OIDC token propagation. If your use case is little different and the OOTB functionality does not cover your needs, there are a few way to achieve the end result you are after. Here is one: Create an implementation of
Then your public static class CustomRestClientBuilderListener implements RestClientBuilderListener {
@Override
public void onNewBuilder(RestClientBuilder builder) {
builder.register(new ClientHeadersFactoryContextResolver(
Arc.container().instance(MyReactiveClientHeadersFactory.class).get()));
}
@Unremovable
@ApplicationScoped
public static class MyReactiveClientHeadersFactory extends ReactiveClientHeadersFactory {
@Override
public Uni<MultivaluedMap<String, String>> getHeaders(MultivaluedMap<String, String> incomingHeaders,
MultivaluedMap<String, String> clientOutgoingHeaders) {
// TODO: implement in whatever way makes sense, including calling other CDI beans
}
}
} This way you ensure that every REST client will use |
Beta Was this translation helpful? Give feedback.
-
Hello Everyone,
I’m trying to add a token to the request header when calling an external service. I found the ReactiveClientHeadersFactory class in the Quarkus framework to achieve this. However, it requires my client to be annotated with
@RegisterClientHeaders(ReactiveClientHeadersFactoryImpl.class)
, which means I would need to add this annotation to every client individually.Is there a way to define this globally so that it can be invoked before all requests to the external system without having to use
@RegisterClientHeaders
on each client? (Other than filter approach)Beta Was this translation helpful? Give feedback.
All reactions