Integration of OAuth2 flows in Feign

[hosuaby]

Hello @velo

I am starting working on the integration of OAuth2 client flows into Feign. I am opening this issue first.

Reason one: to evaluate the public interest for this feature.

Reason two: as this is not an easy task, I will need to ask for your opinions and suggestions during the development.

Are you agreeing to proceed like that? Or do you prefer to move discussion on Gitter?

[velo]

Reason one: to evaluate the public interest for this feature.

Quite sure the interest to get the feature exists.... not sure if enough interest to contribute

Reason two: as this is not an easy task, I will need to ask for your opinions and suggestions during the development.

My main ask would be to concentrate the work on a new module dedicated to that. Changes to core might be needed and welcome (as long you don't break code compatibility and don't add dependencies to core, anything is fair game)

Are you agreeing to proceed like that?

I have a very, very, very limited amount of time that I'm willing to spend on this. If you expect more than a whole hour from me I can't commit to it. Full time dad first, full time worker second. Unless you want to hire me to develop tge feature. This is how strip for time I am: https://github.com/OpenFeign/querydsl/blob/master/.github/ISSUE_TEMPLATE/bug_report.md

[hosuaby]

@velo No problem, man. I don't ask you to code it for me. I will take care of development. I just will need to ask you some questions when they arise and validate a few architectural choices to integrate a new module with core as seamlessly as possible.

[hosuaby]

Hello @velo

I found a good architectural solution to integrate OAuth2 flows into OpenFeign. 70% percents of a new module is done, and soon enough I will make a PR. The solution that I found is based on Capability interface, and required me to make only a minor change to the core code. Here how it looks like from users perspective:

        AWSCognitoAuthentication awsCognitoAuthentication = new AWSCognitoAuthentication(
                AWSCognitoCredentials.DOMAIN,
                AWSCognitoCredentials.REGION,
                AWSCognitoCredentials.CLIENT_ID,
                AWSCognitoCredentials.CLIENT_SECRET);

        IcecreamClient client = Feign
                .builder()
                .encoder(new JacksonEncoder())
                .decoder(new JacksonDecoder())
                .addCapability(awsCognitoAuthentication)  // <-- new authentication capability
                .target(IcecreamClient.class, "http://localhost:8080");

        Collection<Mixin> mixins = client.getAvailableMixins();

Or using OpenID discovery:

        String issuer = String.format("https://cognito-idp.%s.amazonaws.com/%s",
                AWSCognitoCredentials.REGION, AWSCognitoCredentials.TENANT);
        OpenIdAuthentication openIdAuthenticator = OpenIdAuthentication.discover(ClientRegistration
                        .builder()
                        .credentials(Credentials
                                .builder()
                                .clientId(AWSCognitoCredentials.CLIENT_ID)
                                .clientSecret(AWSCognitoCredentials.CLIENT_SECRET)
                                .build())
                        .providerDetails(ProviderDetails
                                .builder()
                                .issuerUri(issuer)
                                .build())
                        .build());

        IcecreamClient client = Feign
                .builder()
                .encoder(new JacksonEncoder())
                .decoder(new JacksonDecoder())
                .addCapability(openIdAuthenticator)
                .target(IcecreamClient.class, "http://localhost:8080");

        Collection<Mixin> mixins = client.getAvailableMixins();