reinkrul / java-nuts-client Goto Github PK

It seems that the security field in the OpenAPI spec causes the generator to require that a jwtBearerAuth token is set, but the code to set it isn't generated. This causes any call using an AuthApi client (and possibly other clients that have this securitySchema) to throw an exception.

This is where the exception is thrown (in nl.reinkrul.nuts.ApiClient)

    public void updateParamsForAuth(String[] authNames, List<Pair> queryParams, Map<String, String> headerParams,
                                    Map<String, String> cookieParams, String payload, String method, URI uri) throws ApiException {
        for (String authName : authNames) {
            Authentication auth = authentications.get(authName);
            if (auth == null) {
                throw new RuntimeException("Authentication undefined: " + authName);
            }
            auth.applyToParams(queryParams, headerParams, cookieParams, payload, method, uri);
        }
    }

The part of the OpenAPI spec that defines this securitySchema

  securitySchemes:
    jwtBearerAuth:
      type: http
      scheme: bearer

security:
  - {}
  - jwtBearerAuth: []

The part of AuthApi that requires this authentication (in nl.reinkrul.nuts.auth.AuthApi)

String[] localVarAuthNames = new String[] { "jwtBearerAuth" };
return localVarApiClient.buildCall(basePath, localVarPath, "POST", localVarQueryParams, localVarCollectionQueryParams, localVarPostBody, localVarHeaderParams, localVarCookieParams, localVarFormParams, localVarAuthNames, _callback);

You're supposed to be able to set this bearer token in the ApiClient, but the setter that's supposed to do that isn't generated and the authentications map that's supposed to contain this jwtBearerAuth authentication is immediately set to immutable.

In nl.reinkrul.nuts.ApiClient

    public ApiClient() {
        init();
        initHttpClient();

        // Setup authentications (key: authentication name, value: authentication).
        // Prevent the authentications from being modified.
        authentications = Collections.unmodifiableMap(authentications);
    }

I worked around this issue by deleting the securitySchema and security fields of the OpenAPI specs

The library is currently generated with two different classes for VCs, namely nl.reinkrul.nuts.auth.VerifiableCredential and nl.reinkrul.nuts.vcr.v2.VerifiableCredential. This causes issues when you want to share VC objects between APIs.

This is probably because the spec has this type defined separately in https://github.com/nuts-foundation/nuts-node/blob/master/docs/_static/auth/v1.yaml and https://github.com/nuts-foundation/nuts-node/blob/master/docs/_static/vcr/v2.yaml. Both of those refer to the same common type though ($ref: '../common/ssi_types.yaml#/components/schemas/VerifiableCredential').

Would it be an option to delete the schema definitions for these two types from the spec and just directly refer to the common type where it's used? I'm assuming this happens with more schemas than just VerifiableCredentials.

We're currently trying to see if an ObjectMapper might work as a workaround.

Since version 5.2.0-rc.1, the introspectAccessToken function in the AuthApi class no longer works. The introspection always returns

{
    "active": false
}

According to the nuts node logs, this is caused by Missing token for introspection. After checking the generated AuthApi class, it turns out that the token is indeed not added to the request as form data. Further investigation showed that this was caused by changing the library in the configOptions of the OpenAPI generator to native.
I tried changing this back to default (which uses okhttp3) and regenerate the client but this caused problems with missing dependencies.