Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: OpenAPI client configuration does not set bearer token for authentication #40

Open
4 tasks done
ghferrari opened this issue Jan 18, 2025 · 0 comments
Open
4 tasks done

Bug: OpenAPI client configuration does not set bearer token for authentication #40

ghferrari opened this issue Jan 18, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@ghferrari
Copy link

Prerequisites

Describe the issue

The kinde-management project uses an OpenAPI client to access the Kinde Management API. The class kinde-management/src/main/java/com/kinde/admin/KindeAdminSessionImpl.java is intended to generate an OpenAPI client configured with appropriate settings to access the Kinde Management API.

When attempting to use this client, I receive this error response:

{"errors":[{"code":"INVALID_CREDENTIALS","message":"Invalid credentials used to access API"}]}

Inspection of the code in KindeAdminSessionImpl.java suggests that it does not properly configure the OpenAPI client with an access token. This is the existing code:

public ApiClient initClient() {
        if (kindeClient == null) {
            return new ApiClient();
        }
        KindeTokens kindeTokens = kindeClient.clientSession().retrieveTokens();
        if (kindeTokens.getAccessToken() == null) {
            throw new IllegalStateException("Invalid session type.");
        }
        AccessToken accessToken = kindeTokens.getAccessToken();
        HttpBearerAuth httpBearerAuth = new HttpBearerAuth("bearer");
        httpBearerAuth.setBearerToken(accessToken.token());
        Map<String, Authentication> authMap = new HashMap<>();
        ApiClient apiClient = new ApiClient(authMap);
        apiClient.setBasePath(kindeClient.kindeConfig().domain());
        return apiClient;
    }

While this code generates an access token which is then used to configure an HTTPBearerAuth object, I don't see any mechanism by which this is transferred to the apiClient instance. I don't know enough about the ApiClient to know how this code was intended to work - perhaps it was meant to be added to the (currently empty) authMap...

In any case, the following simpler code achieves the intended result and fixes the error:

[...]
AccessToken accessToken = kindeTokens.getAccessToken();
Map<String, Authentication> authMap = new HashMap<>();
ApiClient apiClient = new ApiClient(authMap);
apiClient.setBasePath(kindeClient.kindeConfig().domain());
apiClient.setBearerToken(accessToken.token());
return apiClient;

For anyone using the existing code and wanting a temporary workaround, it is possible to add the token manually after the apiClient is generated, e.g.:

KindeClient kindeClient = KindeClientBuilder
                .builder()
                .build();

KindeClientSession kindeClientSession = kindeClient.clientSession();
KindeTokens tokens = kindeClientSession.retrieveTokens();
KindeAdminSession kindeAdminSession = KindeAdminSessionBuilder.builder().client(kindeClient).build();
ApiClient apiClient = kindeAdminSession.initClient();
apiClient.setBearerToken(tokens.getAccessToken().token());
[...]

Library URL

https://github.com/kinde-oss/kinde-java-sdk

Library version

2.0.1

Operating system(s)

Other Linux

Operating system version(s)

Fedora 41

Further environment details

No response

Reproducible test case URL

No response

Additional information

No response
@ghferrari ghferrari added the bug Something isn't working label Jan 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ghferrari