Moved "Implement OAuth 2.0 Token Exchange credentials provider in C++ SDK" commit from ydb repo

Author: UgnineSirdis

include/ydb-cpp-sdk/client/types/credentials/oauth2_token_exchange/credentials.h

@@ -0,0 +1,62 @@
+#pragma once
+
+#include <ydb-cpp-sdk/client/types/credentials/credentials.h>
+#include <ydb-cpp-sdk/client/types/fluent_settings_helpers.h>
+
+#include <ydb-cpp-sdk/util/datetime/base.h>
+
+#include <string>
+
+namespace NYdb {
+
+class ITokenSource {
+public:
+    struct TToken {
+        std::string Token;
+
+        // token type according to OAuth 2.0 token exchange protocol
+	    // https://www.rfc-editor.org/rfc/rfc8693#TokenTypeIdentifiers
+	    // for example urn:ietf:params:oauth:token-type:jwt
+        std::string TokenType;
+    };
+
+    virtual ~ITokenSource() = default;
+    virtual TToken GetToken() const = 0;
+};
+
+std::shared_ptr<ITokenSource> CreateFixedTokenSource(const std::string& token, const std::string& tokenType);
+
+#define FLUENT_SETTING_VECTOR_OR_SINGLE(type, name) \
+    FLUENT_SETTING_VECTOR(type, name);              \
+    TSelf& name(const type& value) {                \
+        name##_.resize(1);                          \
+        name##_[0] = value;                         \
+        return static_cast<TSelf&>(*this);          \
+    }
+
+struct TOauth2TokenExchangeParams {
+    using TSelf = TOauth2TokenExchangeParams;
+
+    FLUENT_SETTING(std::string, TokenEndpoint);
+
+    FLUENT_SETTING_DEFAULT(std::string, GrantType, "urn:ietf:params:oauth:grant-type:token-exchange");
+
+    FLUENT_SETTING(std::string, Resource);
+    FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Audience);
+    FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Scope);
+
+    FLUENT_SETTING_DEFAULT(std::string, RequestedTokenType, "urn:ietf:params:oauth:token-type:access_token");
+
+    FLUENT_SETTING(std::shared_ptr<ITokenSource>, SubjectTokenSource);
+    FLUENT_SETTING(std::shared_ptr<ITokenSource>, ActorTokenSource);
+
+    FLUENT_SETTING_DEFAULT(TDuration, SocketTimeout, TDuration::Seconds(5));
+    FLUENT_SETTING_DEFAULT(TDuration, ConnectTimeout, TDuration::Seconds(30));
+    FLUENT_SETTING_DEFAULT(TDuration, SyncUpdateTimeout, TDuration::Seconds(20));
+};
+
+// Creates OAuth 2.0 token exchange credentials provider factory that exchanges token using standard protocol
+// https://www.rfc-editor.org/rfc/rfc8693
+std::shared_ptr<ICredentialsProviderFactory> CreateOauth2TokenExchangeCredentialsProviderFactory(const TOauth2TokenExchangeParams& params);
+
+} // namespace NYdb

include/ydb-cpp-sdk/client/types/credentials/oauth2_token_exchange/jwt_token_source.h

@@ -0,0 +1,68 @@
+#pragma once
+
+#include "credentials.h"
+
+#include <ydb-cpp-sdk/client/types/fluent_settings_helpers.h>
+
+#include <ydb-cpp-sdk/util/datetime/base.h>
+
+namespace NYdb {
+
+constexpr TDuration DEFAULT_JWT_TOKEN_TTL = TDuration::Hours(1);
+
+struct TJwtTokenSourceParams {
+    using TSelf = TJwtTokenSourceParams;
+
+    FLUENT_SETTING(std::string, KeyId);
+
+    template <class TAlg, class... T>
+    TSelf& SigningAlgorithm(T&&... args) {
+        SigningAlgorithm_ = std::make_shared<TJwtSigningAlgorithm<TAlg>>(std::forward<T>(args)...);
+        return *this;
+    }
+
+    // JWT Claims
+    FLUENT_SETTING(std::string, Issuer);
+    FLUENT_SETTING(std::string, Subject);
+    FLUENT_SETTING(std::string, Id);
+    FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Audience);
+
+    FLUENT_SETTING_DEFAULT(TDuration, TokenTtl, DEFAULT_JWT_TOKEN_TTL);
+
+
+    // Helpers
+    class ISigningAlgorithm {
+    public:
+        virtual ~ISigningAlgorithm() = default;
+        virtual std::string sign(const std::string& data, std::error_code& ec) const = 0;
+        virtual std::string name() const = 0;
+    };
+
+    // Interface implementation for jwt-cpp algorithm classes
+    template <class TAlg>
+    class TJwtSigningAlgorithm: public ISigningAlgorithm {
+    public:
+        template <class... T>
+        explicit TJwtSigningAlgorithm(T&&... args)
+            : Alg(std::forward<T>(args)...)
+        {
+        }
+
+        std::string sign(const std::string& data, std::error_code& ec) const override {
+            return Alg.sign(data, ec);
+        }
+
+        std::string name() const override {
+            return Alg.name();
+        }
+
+    private:
+        TAlg Alg;
+    };
+
+    std::shared_ptr<ISigningAlgorithm> SigningAlgorithm_;
+};
+
+std::shared_ptr<ITokenSource> CreateJwtTokenSource(const TJwtTokenSourceParams& params);
+
+} // namespace NYdb

src/client/types/credentials/CMakeLists.txt

@@ -1,4 +1,5 @@
 add_subdirectory(login)
+add_subdirectory(oauth2_token_exchange)
 
 add_library(client-ydb_types-credentials)
 
@@ -13,5 +14,3 @@ target_link_libraries(client-ydb_types-credentials PUBLIC
 target_sources(client-ydb_types-credentials PRIVATE
   credentials.cpp
 )
-
-

src/client/types/credentials/oauth2_token_exchange/CMakeLists.txt

@@ -0,0 +1,19 @@
+add_library(ydb_types-credentials-oauth2)
+
+target_link_libraries(ydb_types-credentials-oauth2 PUBLIC
+  yutil
+  jwt-cpp::jwt-cpp
+  library-cpp-cgiparam
+  cpp-http-misc
+  cpp-http-simple
+  library-cpp-json
+  library-cpp-retry
+  library-cpp-uri
+  client-ydb_types-credentials
+  cpp-client-ydb_types
+)
+
+target_sources(ydb_types-credentials-oauth2 PRIVATE
+  credentials.cpp
+  jwt_token_source.cpp
+)