While yesterday I was very happy to share the good developper experience I got recently with Auth0, today I am feeling frustrated by something I was expecting to be easy and which finally isn’t.
I am sharing my experience here, with the hope it can help someone else to have the same headache….
The context is very simple:
A Spring Boot application (latest 2.4.x) needs to connect to a REST service protected with a JWT Token using Auth0
I was expecting to implement in five minutes… It was more 5 hours.. :-/
While I like the large ecosystem which is proposed by Spring and the reference documentations which are (in general) of good quality it’s often very hard to figure out for a given use case what is the correct way to implement it due to variety of resources and the lack of up-to-date tutorial.
Googling about it is a big challenge because the terms are generic and the Spring stack evolved especially with Spring Security 5 and it’s “native” support for Oauth.
In general “How to” articles which are very useful are more on @baeldung website than on Spring docs :-/
Maybe I missed a better solution to do it but what I found is that to add this audience in the request I have to create a Converter<OAuth2ClientCredentialsGrantRequest, RequestEntity<?>>.
But I cannot reuse OAuth2ClientCredentialsGrantRequestEntityConverter which is not extensible.
Thus I ended with 100 lines of copy/paste (BEURK) to just add one useful line: formParameters.add("audience", this.audience);
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
And a big method to configure correctly the WebClient
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I probably missed a lost of things and it could be done differently but it works. It’s just very frustrating to not have to concrete tutorials to handle something which is supposed to be “basic”. I could probably blame Auth0 to need this extra audience field but sooo much code for 1 line to add, I am very sad..
On macOS you have the classical nice command similar to linux to reduce the process priority. You can use it like this:
nice -n 20 myProcess
The priority can be adjusted over a range of -20 (the highest – the quickest) to 20 (the lowest – the slowest).
But you can go further and reduce also the disk IO. There is no ionice command on macOS but you can use taskpolicy as described in this article:
taskpolicy -b myProcess
With the 2 commands I was able to divide per 5 the speed of a process (it’s sometimes useful when you want to simulate a degradation of the runtime environment)
Si vous me suivez, le mouvement Devops ne vous est certainement pas inconnu.
Si vous avez loupé un épisode voici un petit rappel : l’origine du terme vient du rapprochement de développement et opérations, et encourage les développeurs et administrateurs systèmes à travailler de plus près ensembles, en visant à aligner le système d’information sur les besoins de l’entreprise (d’après l’article Devops de Wikipedia). Ce mouvement est souvent expliqué avec l’acronyme CAMS, pour Culture, Automation, Measurement, Sharing.
Une fois de plus, votre hôte va vous gâter! Vous n’êtes pas sans savoir qu’il n’y a plus de places pour Devoxx France.
Alors cette année, je vais vous offrir non pas une place mais DEUX places pour nous rejoindre dans 2 semaines.