Merge pull request #139 from camunda-community-hub/fix/respect-scope

respect scope for token request

Author: jonathanlukas

extension/client-java/src/main/java/io/camunda/tasklist/CamundaTaskListClientBuilder.java

@@ -79,10 +79,16 @@ public CamundaTaskListClientBuilder selfManagedAuthentication(
 
   public CamundaTaskListClientBuilder selfManagedAuthentication(
       String clientId, String clientSecret, String audience, String keycloakUrl) {
+    return selfManagedAuthentication(clientId, clientSecret, "tasklist-api", null, keycloakUrl);
+  }
+
+  public CamundaTaskListClientBuilder selfManagedAuthentication(
+      String clientId, String clientSecret, String audience, String scope, String authUrl) {
     try {
       properties.setAuthentication(
           new JwtAuthentication(
-              new JwtCredential(clientId, clientSecret, audience, URI.create(keycloakUrl).toURL()),
+              new JwtCredential(
+                  clientId, clientSecret, audience, URI.create(authUrl).toURL(), scope),
               new JacksonTokenResponseMapper(new ObjectMapper())));
     } catch (MalformedURLException e) {
       throw new RuntimeException("Error while parsing keycloak url", e);
@@ -98,7 +104,8 @@ public CamundaTaskListClientBuilder saaSAuthentication(String clientId, String c
                   clientId,
                   clientSecret,
                   "tasklist.camunda.io",
-                  URI.create("https://login.cloud.camunda.io/oauth/token").toURL()),
+                  URI.create("https://login.cloud.camunda.io/oauth/token").toURL(),
+                  null),
               new JacksonTokenResponseMapper(new ObjectMapper())));
     } catch (MalformedURLException e) {
       throw new RuntimeException("Error while parsing token url", e);

extension/client-java/src/main/java/io/camunda/tasklist/auth/JwtAuthentication.java

@@ -73,6 +73,9 @@ private HttpPost buildRequest() throws URISyntaxException {
     formParams.add(new BasicNameValuePair("client_id", jwtCredential.clientId()));
     formParams.add(new BasicNameValuePair("client_secret", jwtCredential.clientSecret()));
     formParams.add(new BasicNameValuePair("audience", jwtCredential.audience()));
+    if (jwtCredential.scope() != null) {
+      formParams.add(new BasicNameValuePair("scope", jwtCredential.scope()));
+    }
     httpPost.setEntity(new UrlEncodedFormEntity(formParams));
     return httpPost;
   }

extension/client-java/src/main/java/io/camunda/tasklist/auth/JwtCredential.java

@@ -2,4 +2,5 @@
 
 import java.net.URL;
 
-public record JwtCredential(String clientId, String clientSecret, String audience, URL authUrl) {}
+public record JwtCredential(
+    String clientId, String clientSecret, String audience, URL authUrl, String scope) {}

extension/client-java/src/test/java/io/camunda/tasklist/CamundaTasklistClientTest.java

@@ -100,7 +100,7 @@ void shouldAuthenticateUsingJwt() throws MalformedURLException, TaskListExceptio
     properties.setAuthentication(
         new JwtAuthentication(
             new JwtCredential(
-                "abc", "abc", "tasklist-api", URI.create(BASE_URL + "/token").toURL()),
+                "abc", "abc", "tasklist-api", URI.create(BASE_URL + "/token").toURL(), null),
             new JacksonTokenResponseMapper(new ObjectMapper())));
     CamundaTaskListClient client = new CamundaTaskListClient(properties, null);
     assertNotNull(client);