Moved commit "OAuth 2.0 token exchange. Allow multiple resource parameters. Update docs" from ydb repo

Author: UgnineSirdis

include/ydb-cpp-sdk/client/types/credentials/oauth2_token_exchange/credentials.h

@@ -41,7 +41,7 @@ struct TOauth2TokenExchangeParams {
 
     FLUENT_SETTING_DEFAULT(std::string, GrantType, "urn:ietf:params:oauth:grant-type:token-exchange");
 
-    FLUENT_SETTING(std::string, Resource);
+    FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Resource);
     FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Audience);
     FLUENT_SETTING_VECTOR_OR_SINGLE(std::string, Scope);
 

include/ydb-cpp-sdk/client/types/credentials/oauth2_token_exchange/from_file.h

@@ -17,7 +17,7 @@ std::vector<std::string> GetSupportedOauth2TokenExchangeJwtAlgorithms();
 //
 // Fields of json file
 //     grant-type:           [string] Grant type option (default: see TOauth2TokenExchangeParams)
-//     res:                  [string] Resource option (optional)
+//     res:                  [string | list of strings] Resource option (optional)
 //     aud:                  [string | list of strings] Audience option for token exchange request (optional)
 //     scope:                [string | list of strings] Scope option (optional)
 //     requested-token-type: [string] Requested token type option (default: see TOauth2TokenExchangeParams)

src/client/types/credentials/oauth2_token_exchange/credentials.cpp

@@ -239,7 +239,9 @@ class TOauth2TokenExchangeProviderImpl: public std::enable_shared_from_this<TOau
             }
         };
 
-        addIfNotEmpty("resource", Params.Resource_);
+        for (const std::string& res : Params.Resource_) {
+            params.emplace("resource", res);
+        }
         for (const std::string& aud : Params.Audience_) {
             params.emplace("audience", aud);
         }

src/client/types/credentials/oauth2_token_exchange/from_file.cpp

@@ -235,7 +235,7 @@ TOauth2TokenExchangeParams ReadOauth2ConfigJson(const std::string& configJson, c
         }
 
         PROCESS_JSON_STRING_PARAM("grant-type", GrantType, false);
-        PROCESS_JSON_STRING_PARAM("res", Resource, false);
+        PROCESS_JSON_ARRAY_PARAM("res", Resource);
         PROCESS_JSON_STRING_PARAM("requested-token-type", RequestedTokenType, false);
         PROCESS_JSON_ARRAY_PARAM("aud", Audience);
         PROCESS_JSON_ARRAY_PARAM("scope", Scope);

tests/unit/client/oauth2_token_exchange/credentials_ut.cpp

@@ -930,14 +930,16 @@ Y_UNIT_TEST_SUITE(TestTokenExchange) {
 
         server.Check.ExpectedInputParams.erase("scope");
         server.Check.ExpectedInputParams.emplace("resource", "test_res");
+        server.Check.ExpectedInputParams.emplace("resource", "test_res_2");
         server.Check.ExpectedInputParams.emplace("actor_token", "act_token");
         server.Check.ExpectedInputParams.emplace("actor_token_type", "act_token_type");
         server.Run(
             TOauth2TokenExchangeParams()
                 .TokenEndpoint(server.GetEndpoint())
                 .AppendAudience("test_aud")
                 .AppendAudience("test_aud_2")
-                .Resource("test_res")
+                .AppendResource("test_res")
+                .AppendResource("test_res_2")
                 .SubjectTokenSource(CreateFixedTokenSource("test_token", "test_token_type"))
                 .ActorTokenSource(CreateFixedTokenSource("act_token", "act_token_type")),
             "Bearer hello_token"
@@ -950,13 +952,19 @@ Y_UNIT_TEST_SUITE(TestTokenExchange) {
         server.Check.ExpectedInputParams.emplace("requested_token_type", "test_requested_token_type");
         server.Check.ExpectedInputParams.emplace("subject_token", "test_token");
         server.Check.ExpectedInputParams.emplace("subject_token_type", "test_token_type");
+        server.Check.ExpectedInputParams.emplace("resource", "r1");
+        server.Check.ExpectedInputParams.emplace("resource", "r2");
         server.Check.Response = R"({"access_token": "received_token", "token_type": "bEareR", "expires_in": 42})";
         server.RunFromConfig(
             TTestConfigFile()
                 .Field("token-endpoint", "bla-bla-bla") // use explicit endpoint via param
                 .Field("unknown", "unknown value")
                 .Field("grant-type", "test_grant_type")
                 .Field("requested-token-type", "test_requested_token_type")
+                .Array("res")
+                    .Value("r1")
+                    .Value("r2")
+                    .Build()
                 .SubMap("subject-credentials")
                     .Field("type", "Fixed")
                     .Field("token", "test_token")