SRVLOGIC-98-security: Another round of Walter review round 5

Kalyani Desai · openshift-cherrypick-robot · commit 71cffeda437a · 2025-05-16T11:39:29.000Z
diff --git a/modules/serverless-logic-security-example-oauth-authentication.adoc b/modules/serverless-logic-security-example-oauth-authentication.adoc
@@ -62,9 +62,9 @@ In this example, the `sayHelloOauth2` operation is protected by the `oauth-examp
 [id="serverless-logic-security-oauth-support-oidc-client-filter-extention_{context}"]
 == OAuth 2.0 Support with the OIDC Client filter extension
 
-OAuth 2.0 token management is handled by a Quarkus `OidcClient`. To enable this integration, you must add the Quarkus OIDC Client Filter extension to your project as shown in the following examples:
+OAuth 2.0 token management is handled by a Quarkus `OidcClient`. To enable this integration, you must add the Quarkus OIDC Client Filter, and the Quarkus OpenApi Generator OIDC extensions to your project as shown in the following examples:
 
-.Example of adding extension using Maven
+.Example of adding extensions using Maven
 [source,text,subs="attributes+"]
 ----
 <dependency>
@@ -80,14 +80,35 @@ OAuth 2.0 token management is handled by a Quarkus `OidcClient`. To enable this
 </dependency>
 ----
 
-.Example of adding extension using `gitops` profile
+.Example of adding extensions using `gitops` profile
 
 Ensure that you configure the QUARKUS_EXTENSIONS build argument with the following value when building the workflow image:
 [source,text,subs="attributes+"]
 ----
 $ --build-arg=QUARKUS_EXTENSIONS=io.quarkus:quarkus-oidc-client-filter:{ServerlessLogicQuarkusVersion},io.quarkiverse.openapi.generator:quarkus-openapi-generator-oidc:{ServerlessLogicOauthDependencyVersion}
 ----
 
+.Example of adding extensions using `preview` profile
+[source,text,subs="attributes+"]
+----
+apiVersion: sonataflow.org/v1alpha08
+kind: SonataFlowPlatform
+metadata:
+  name: sonataflow-platform-example
+  namespace: example-namespace
+spec:
+  build:
+    template:
+      buildArgs:
+        - name: QUARKUS_EXTENSIONS
+          value: io.quarkus:quarkus-oidc-client-filter:{ServerlessLogicQuarkusVersion},io.quarkiverse.openapi.generator:quarkus-openapi-generator-oidc:{ServerlessLogicOauthDependencyVersion}
+----
+
+[NOTE]
+====
+The extensions that are added in the `SonataFlowPlatform` CR are included for all the workflows that you deploy in that namespace with the `preview` profile.
+====
+
 [id="serverless-logic-security-oidc-configuration_{context}"]
 == `OidcClient` configuration
 
@@ -97,7 +118,7 @@ To access the secured operation, define an `OidcClient` configuration in your `a
 ----
 # adjust these configurations according with the authentication service.
 quarkus.oidc-client.oauth_example.auth-server-url=https://example.com/oauth
-quarkus.oidc-client.oauth_example.token-path=/tokens
+quarkus.oidc-client.oauth_example.token-path=/token
 quarkus.oidc-client.oauth_example.discovery-enabled=false
 quarkus.oidc-client.oauth_example.client-id=example-app
 quarkus.oidc-client.oauth_example.grant.type=client
