Merge branch '4-use-oauth-server-for-service-to-service-authentication' into 'main'

Issue token from OAuth server and pass it along with HTTP requests

Closes #4

See merge request gaia-x/data-infrastructure-federation-services/tsa/infohub!2

cmd/infohub/main.go

@@ -17,6 +17,8 @@ import (
 	"go.uber.org/zap/zapcore"
 	goahttp "goa.design/goa/v3/http"
 	goa "goa.design/goa/v3/pkg"
+	"golang.org/x/oauth2"
+	"golang.org/x/oauth2/clientcredentials"
 	"golang.org/x/sync/errgroup"
 
 	"gitlab.com/gaia-x/data-infrastructure-federation-services/tsa/golib/cache"
@@ -76,16 +78,22 @@ func main() {
 	}
 
 	httpClient := httpClient()
-	credentials := credential.New(cfg.Credential.IssuerURI, httpClient)
+
+	// Create an HTTP Client which uses an authentication token.
+	// The token will auto-refresh as necessary.
+	oauthCtx := context.WithValue(context.Background(), oauth2.HTTPClient, httpClient)
+	oauthClient := newOAuth2Client(oauthCtx, cfg.OAuth.ClientID, cfg.OAuth.ClientSecret, cfg.OAuth.TokenURL)
+
+	credentials := credential.New(cfg.Credential.IssuerURI, oauthClient)
 
 	// create policy client
-	policy := policy.New(cfg.Policy.Addr, policy.WithHTTPClient(httpClient))
+	policy := policy.New(cfg.Policy.Addr, policy.WithHTTPClient(oauthClient))
 
 	// create cache client
-	cache := cache.New(cfg.Cache.Addr)
+	cache := cache.New(cfg.Cache.Addr, cache.WithHTTPClient(oauthClient))
 
 	// create signer client
-	signer := signer.New(cfg.Signer.Addr, signer.WithHTTPClient(httpClient))
+	signer := signer.New(cfg.Signer.Addr, signer.WithHTTPClient(oauthClient))
 
 	// create services
 	var (
@@ -217,6 +225,16 @@ func httpClient() *http.Client {
 	}
 }
 
+func newOAuth2Client(ctx context.Context, cID, cSecret, tokenURL string) *http.Client {
+	oauthCfg := clientcredentials.Config{
+		ClientID:     cID,
+		ClientSecret: cSecret,
+		TokenURL:     tokenURL,
+	}
+
+	return oauthCfg.Client(ctx)
+}
+
 func exposeMetrics(addr string, logger *zap.Logger) {
 	promMux := http.NewServeMux()
 	promMux.Handle("/metrics", promhttp.Handler())

go.mod

@@ -14,6 +14,7 @@ require (
 	go.mongodb.org/mongo-driver v1.10.2
 	go.uber.org/zap v1.23.0
 	goa.design/goa/v3 v3.8.5
+	golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4
 )
 
@@ -64,9 +65,11 @@ require (
 	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect
 	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect
+	golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b // indirect
 	golang.org/x/sys v0.0.0-20220803195053-6e608f9ce704 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	golang.org/x/tools v0.1.12 // indirect
+	google.golang.org/appengine v1.6.6 // indirect
 	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -462,6 +462,8 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b h1:3ogNYyK4oIQdIKzTu68hQrr4iuVxF3AxKl9Aj/eDrw0=
+golang.org/x/net v0.0.0-20220802222814-0bcc04d9c69b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -469,6 +471,7 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg=
 golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -611,6 +614,7 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=

internal/config/config.go

@@ -10,6 +10,7 @@ type Config struct {
 	Credential credentialConfig
 	Signer     signerConfig
 	Metrics    metricsConfig
+	OAuth      oauthConfig
 
 	LogLevel string `envconfig:"LOG_LEVEL" default:"INFO"`
 }
@@ -49,3 +50,9 @@ type signerConfig struct {
 type metricsConfig struct {
 	Addr string `envconfig:"METRICS_ADDR" default:":2112"`
 }
+
+type oauthConfig struct {
+	ClientID     string `envconfig:"OAUTH_CLIENT_ID" required:"true"`
+	ClientSecret string `envconfig:"OAUTH_CLIENT_SECRET" required:"true"`
+	TokenURL     string `envconfig:"OAUTH_TOKEN_URL" required:"true"`
+}

internal/service/infohub/service.go

@@ -3,6 +3,7 @@ package infohub
 import (
 	"context"
 	"encoding/json"
+
 	"github.com/google/uuid"
 	"github.com/hyperledger/aries-framework-go/pkg/doc/verifiable"
 	"go.uber.org/zap"