Updates to support using active directory for API authentication.

app/src/test/java/io/apicurio/registry/auth/MojoAuthTest.java

@@ -55,6 +55,8 @@ public class MojoAuthTest extends RegistryMojoTestBase {
 
     String clientSecret = "test1";
 
+    String clientScope = "testScope";
+
     String testUsername = "sr-test-user";
     String testPassword = "sr-test-password";
 
@@ -88,6 +90,7 @@ public void testRegister() throws IOException, MojoFailureException, MojoExecuti
         registerRegistryMojo.setAuthServerUrl(authServerUrlConfigured);
         registerRegistryMojo.setClientId(JWKSMockServer.ADMIN_CLIENT_ID);
         registerRegistryMojo.setClientSecret(clientSecret);
+        registerRegistryMojo.setClientScope(clientScope);
 
         super.testRegister(registerRegistryMojo, "testRegister");
     }

docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-automatically-using-maven-plugin.adoc

@@ -66,6 +66,7 @@ This section shows a simple example of using the Maven plug-in to register an Av
                 <authServerUrl>MY-AUTH-SERVER</authServerUrl> 
                 <clientId>MY-CLIENT-ID</clientId>
                 <clientSecret>MY-CLIENT-SECRET</clientSecret> <3>
+                <clientScope>MY-CLIENT-SCOPE</clientScope>
                 <artifacts>
                     <artifact>
                         <groupId>test-group</groupId> <4>

docs/modules/ROOT/partials/getting-started/proc-adding-artifact-references-manually-using-maven-plugin.adoc

@@ -66,6 +66,7 @@ This example then creates a `TradeKey` schema artifact, which includes a referen
                 <authServerUrl>MY-AUTH-SERVER</authServerUrl> 
                 <clientId>MY-CLIENT-ID</clientId>
                 <clientSecret>MY-CLIENT-SECRET</clientSecret> <3>
+                <clientScope>MY-CLIENT-SCOPE</clientScope>
                 <artifacts>
                     <artifact>
                         <groupId>test-group</groupId> <4>

docs/modules/ROOT/partials/getting-started/proc-adding-artifacts-using-maven-plugin.adoc

@@ -30,6 +30,7 @@ The most common use case for the Maven plug-in is adding artifacts during a buil
             <authServerUrl>MY-AUTH-SERVER</authServerUrl> 
             <clientId>MY-CLIENT-ID</clientId>
             <clientSecret>MY-CLIENT-SECRET</clientSecret> <3>
+            <clientScope>MY-CLIENT-SCOPE</clientScope>
             <artifacts>
                 <artifact>
                     <groupId>TestGroup</groupId> <4>

docs/modules/ROOT/partials/getting-started/proc-downloading-artifacts-using-maven-plugin.adoc

@@ -30,6 +30,7 @@ You can use the Maven plug-in to download artifacts from {registry}. This is oft
           <authServerUrl>MY-AUTH-SERVER</authServerUrl> 
           <clientId>MY-CLIENT-ID</clientId>
           <clientSecret>MY-CLIENT-SECRET</clientSecret> <3>
+          <clientScope>MY-CLIENT-SCOPE</clientScope>
           <artifacts>
               <artifact>
                   <groupId>TestGroup</groupId> <4>
@@ -60,7 +61,7 @@ ifdef::rh-openshift-sr[]
 <3> Specify your service account ID and secret and {org-name} Single Sign-On authentication server: `{sso-token-url}`
 endif::[]
 <4> Specify the {registry} artifact group ID. You can specify the `default` group if you do not want to use a unique group.
-<5> You can download multiple artifacts to a specified directory using the artifact ID. 
+<5> You can download multiple artifacts to a specified directory using the artifact ID.
 
 . Build your Maven project, for example, by using the `mvn package` command. 
 

docs/modules/ROOT/partials/getting-started/proc-testing-artifacts-using-maven-plugin.adoc

@@ -33,6 +33,7 @@ NOTE: When testing artifacts using the Maven plug-in, even if the artifact passe
             <authServerUrl>MY-AUTH-SERVER</authServerUrl> 
             <clientId>MY-CLIENT-ID</clientId>
             <clientSecret>MY-CLIENT-SECRET</clientSecret> <3>
+            <clientScope>MY-CLIENT-SCOPE</clientScope>
             <artifacts>
                 <artifact>
                     <groupId>TestGroup</groupId> <4>

schema-resolver/src/main/java/io/apicurio/registry/resolver/AbstractSchemaResolver.java

@@ -289,8 +289,10 @@ private OidcAuth configureAuthWithUrl(DefaultSchemaResolverConfig config, String
             throw new IllegalArgumentException("Missing registry auth secret, set " + SchemaResolverConfig.AUTH_CLIENT_SECRET);
         }
 
+        final String clientScope = config.getAuthClientScope();
+
         authClient = ApicurioHttpClientFactory.create(tokenEndpoint, new AuthErrorHandler());
-        return new OidcAuth(authClient, clientId, clientSecret);
+        return new OidcAuth(authClient, clientId, clientSecret, null, clientScope);
     }
 
     private RegistryClient configureClientWithBasicAuth(DefaultSchemaResolverConfig config, String registryUrl, String username) {

schema-resolver/src/main/java/io/apicurio/registry/resolver/SchemaResolverConfig.java

@@ -115,6 +115,11 @@ public class SchemaResolverConfig {
      */
     public static final String AUTH_CLIENT_SECRET = "apicurio.auth.client.secret";
 
+    /**
+     * The Scope of the Auth Service.
+     */
+    public static final String AUTH_CLIENT_SCOPE = "apicurio.auth.client.scope";
+
     /**
      * The Username of the Auth Service.
      */

schema-resolver/src/main/java/io/apicurio/registry/resolver/config/DefaultSchemaResolverConfig.java

@@ -72,6 +72,10 @@ public String getAuthClientSecret() {
         return getString(AUTH_CLIENT_SECRET);
     }
 
+    public String getAuthClientScope() {
+        return getString(AUTH_CLIENT_SCOPE);
+    }
+
     public String getAuthUsername() {
         return getString(AUTH_USERNAME);
     }

schema-resolver/src/test/java/io/apicurio/registry/resolver/config/ConfigurationTest.java

@@ -51,6 +51,9 @@ void testDefaultConfiguration() {
         assertEquals(null, config.getAuthClientSecret());
         assertEquals(null, config.getObject("apicurio.auth.client.secret"));
 
+        assertEquals(null, config.getAuthClientScope());
+        assertEquals(null, config.getObject("apicurio.auth.client.scope"));
+
         assertEquals(null, config.getAuthPassword());
         assertEquals(null, config.getObject("apicurio.auth.password"));
 

utils/maven-plugin/src/main/java/io/apicurio/registry/maven/AbstractRegistryMojo.java

@@ -61,6 +61,9 @@ public abstract class AbstractRegistryMojo extends AbstractMojo {
     @Parameter(property = "client.secret")
     String clientSecret;
 
+    @Parameter(property = "client.scope")
+    String clientScope;
+
     @Parameter(property = "username")
     String username;
 
@@ -74,7 +77,7 @@ protected RegistryClient getClient() {
         if (client == null) {
             if (authServerUrl != null && clientId != null && clientSecret != null) {
                 httpClient = ApicurioHttpClientFactory.create(authServerUrl, new AuthErrorHandler());
-                Auth auth = new OidcAuth(httpClient, clientId, clientSecret);
+                Auth auth = new OidcAuth(httpClient, clientId, clientSecret, null, clientScope);
                 client = RegistryClientFactory.create(registryUrl, Collections.emptyMap(), auth);
             } else if (username != null && password != null) {
                 Auth auth = new BasicAuth(username, password);
@@ -151,6 +154,8 @@ public void setClientSecret(String clientSecret) {
         this.clientSecret = clientSecret;
     }
 
+    public void setClientScope(String clientScope) { this.clientScope = clientScope; }
+
     public void setUsername(String username) {
         this.username = username;
     }