diff --git a/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java b/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
index f6e8a5588a..1d12a41a0b 100644
--- a/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
+++ b/app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java
@@ -55,6 +55,8 @@ public class MojoAuthTest extends RegistryMojoTestBase {
String clientSecret = "test1";
+ String clientScope = "testScope";
+
String testUsername = "sr-test-user";
String testPassword = "sr-test-password";
@@ -88,6 +90,7 @@ public void testRegister() throws IOException, MojoFailureException, MojoExecuti
registerRegistryMojo.setAuthServerUrl(authServerUrlConfigured);
registerRegistryMojo.setClientId(JWKSMockServer.ADMIN_CLIENT_ID);
registerRegistryMojo.setClientSecret(clientSecret);
+ registerRegistryMojo.setClientScope(clientScope);
super.testRegister(registerRegistryMojo, "testRegister");
}
diff --git a/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-automatically-using-maven-plugin.adoc b/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-automatically-using-maven-plugin.adoc
index 3c5c343ba6..8c826789a4 100644
--- a/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-automatically-using-maven-plugin.adoc
+++ b/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-automatically-using-maven-plugin.adoc
@@ -66,6 +66,7 @@ This section shows a simple example of using the Maven plug-in to register an Av
MY-AUTH-SERVER
MY-CLIENT-ID
MY-CLIENT-SECRET <3>
+ MY-CLIENT-SCOPE
test-group <4>
diff --git a/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-manually-using-maven-plugin.adoc b/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-manually-using-maven-plugin.adoc
index 3edf403bca..b91e31c219 100644
--- a/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-manually-using-maven-plugin.adoc
+++ b/docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-manually-using-maven-plugin.adoc
@@ -66,6 +66,7 @@ This example then creates a `TradeKey` schema artifact, which includes a referen
MY-AUTH-SERVER
MY-CLIENT-ID
MY-CLIENT-SECRET <3>
+ MY-CLIENT-SCOPE
test-group <4>
diff --git a/docs/modules/ROOT/partials/getting-started/proc-adding-artifacts-using-maven-plugin.adoc b/docs/modules/ROOT/partials/getting-started/proc-adding-artifacts-using-maven-plugin.adoc
index 756cc51b0c..27e06d4b2d 100644
--- a/docs/modules/ROOT/partials/getting-started/proc-adding-artifacts-using-maven-plugin.adoc
+++ b/docs/modules/ROOT/partials/getting-started/proc-adding-artifacts-using-maven-plugin.adoc
@@ -30,6 +30,7 @@ The most common use case for the Maven plug-in is adding artifacts during a buil
MY-AUTH-SERVER
MY-CLIENT-ID
MY-CLIENT-SECRET <3>
+ MY-CLIENT-SCOPE
TestGroup <4>
diff --git a/docs/modules/ROOT/partials/getting-started/proc-downloading-artifacts-using-maven-plugin.adoc b/docs/modules/ROOT/partials/getting-started/proc-downloading-artifacts-using-maven-plugin.adoc
index 801f27a436..e4e29323c7 100644
--- a/docs/modules/ROOT/partials/getting-started/proc-downloading-artifacts-using-maven-plugin.adoc
+++ b/docs/modules/ROOT/partials/getting-started/proc-downloading-artifacts-using-maven-plugin.adoc
@@ -30,6 +30,7 @@ You can use the Maven plug-in to download artifacts from {registry}. This is oft
MY-AUTH-SERVER
MY-CLIENT-ID
MY-CLIENT-SECRET <3>
+ MY-CLIENT-SCOPE
TestGroup <4>
@@ -60,7 +61,7 @@ ifdef::rh-openshift-sr[]
<3> Specify your service account ID and secret and {org-name} Single Sign-On authentication server: `{sso-token-url}`
endif::[]
<4> Specify the {registry} artifact group ID. You can specify the `default` group if you do not want to use a unique group.
-<5> You can download multiple artifacts to a specified directory using the artifact ID.
+<5> You can download multiple artifacts to a specified directory using the artifact ID.
. Build your Maven project, for example, by using the `mvn package` command.
diff --git a/docs/modules/ROOT/partials/getting-started/proc-testing-artifacts-using-maven-plugin.adoc b/docs/modules/ROOT/partials/getting-started/proc-testing-artifacts-using-maven-plugin.adoc
index 740c37b16d..21db031d5e 100644
--- a/docs/modules/ROOT/partials/getting-started/proc-testing-artifacts-using-maven-plugin.adoc
+++ b/docs/modules/ROOT/partials/getting-started/proc-testing-artifacts-using-maven-plugin.adoc
@@ -33,6 +33,7 @@ NOTE: When testing artifacts using the Maven plug-in, even if the artifact passe
MY-AUTH-SERVER
MY-CLIENT-ID
MY-CLIENT-SECRET <3>
+ MY-CLIENT-SCOPE
TestGroup <4>
diff --git a/schema-resolver/src/main/java/io/apicurio/registry/resolver/AbstractSchemaResolver.java b/schema-resolver/src/main/java/io/apicurio/registry/resolver/AbstractSchemaResolver.java
index a8c8109b6d..4bf0addae3 100644
--- a/schema-resolver/src/main/java/io/apicurio/registry/resolver/AbstractSchemaResolver.java
+++ b/schema-resolver/src/main/java/io/apicurio/registry/resolver/AbstractSchemaResolver.java
@@ -289,8 +289,10 @@ private OidcAuth configureAuthWithUrl(DefaultSchemaResolverConfig config, String
throw new IllegalArgumentException("Missing registry auth secret, set " + SchemaResolverConfig.AUTH_CLIENT_SECRET);
}
+ final String clientScope = config.getAuthClientScope();
+
authClient = ApicurioHttpClientFactory.create(tokenEndpoint, new AuthErrorHandler());
- return new OidcAuth(authClient, clientId, clientSecret);
+ return new OidcAuth(authClient, clientId, clientSecret, null, clientScope);
}
private RegistryClient configureClientWithBasicAuth(DefaultSchemaResolverConfig config, String registryUrl, String username) {
diff --git a/schema-resolver/src/main/java/io/apicurio/registry/resolver/SchemaResolverConfig.java b/schema-resolver/src/main/java/io/apicurio/registry/resolver/SchemaResolverConfig.java
index cf5fb4cd15..46489fcbc9 100644
--- a/schema-resolver/src/main/java/io/apicurio/registry/resolver/SchemaResolverConfig.java
+++ b/schema-resolver/src/main/java/io/apicurio/registry/resolver/SchemaResolverConfig.java
@@ -115,6 +115,11 @@ public class SchemaResolverConfig {
*/
public static final String AUTH_CLIENT_SECRET = "apicurio.auth.client.secret";
+ /**
+ * The Scope of the Auth Service.
+ */
+ public static final String AUTH_CLIENT_SCOPE = "apicurio.auth.client.scope";
+
/**
* The Username of the Auth Service.
*/
diff --git a/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/DefaultSchemaResolverConfig.java b/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/DefaultSchemaResolverConfig.java
index ab0a210f30..2c6c5a9ecb 100644
--- a/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/DefaultSchemaResolverConfig.java
+++ b/schema-resolver/src/main/java/io/apicurio/registry/resolver/config/DefaultSchemaResolverConfig.java
@@ -72,6 +72,10 @@ public String getAuthClientSecret() {
return getString(AUTH_CLIENT_SECRET);
}
+ public String getAuthClientScope() {
+ return getString(AUTH_CLIENT_SCOPE);
+ }
+
public String getAuthUsername() {
return getString(AUTH_USERNAME);
}
diff --git a/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java b/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java
index e7fe076ede..4feb65e50e 100644
--- a/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java
+++ b/schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java
@@ -51,6 +51,9 @@ void testDefaultConfiguration() {
assertEquals(null, config.getAuthClientSecret());
assertEquals(null, config.getObject("apicurio.auth.client.secret"));
+ assertEquals(null, config.getAuthClientScope());
+ assertEquals(null, config.getObject("apicurio.auth.client.scope"));
+
assertEquals(null, config.getAuthPassword());
assertEquals(null, config.getObject("apicurio.auth.password"));
diff --git a/utils/maven-plugin/src/main/java/io/apicurio/registry/maven/AbstractRegistryMojo.java b/utils/maven-plugin/src/main/java/io/apicurio/registry/maven/AbstractRegistryMojo.java
index 54f22fdcdc..ec81df3589 100644
--- a/utils/maven-plugin/src/main/java/io/apicurio/registry/maven/AbstractRegistryMojo.java
+++ b/utils/maven-plugin/src/main/java/io/apicurio/registry/maven/AbstractRegistryMojo.java
@@ -61,6 +61,9 @@ public abstract class AbstractRegistryMojo extends AbstractMojo {
@Parameter(property = "client.secret")
String clientSecret;
+ @Parameter(property = "client.scope")
+ String clientScope;
+
@Parameter(property = "username")
String username;
@@ -74,7 +77,7 @@ protected RegistryClient getClient() {
if (client == null) {
if (authServerUrl != null && clientId != null && clientSecret != null) {
httpClient = ApicurioHttpClientFactory.create(authServerUrl, new AuthErrorHandler());
- Auth auth = new OidcAuth(httpClient, clientId, clientSecret);
+ Auth auth = new OidcAuth(httpClient, clientId, clientSecret, null, clientScope);
client = RegistryClientFactory.create(registryUrl, Collections.emptyMap(), auth);
} else if (username != null && password != null) {
Auth auth = new BasicAuth(username, password);
@@ -151,6 +154,8 @@ public void setClientSecret(String clientSecret) {
this.clientSecret = clientSecret;
}
+ public void setClientScope(String clientScope) { this.clientScope = clientScope; }
+
public void setUsername(String username) {
this.username = username;
}