From 1bde821e9a3c9d50284fa802a40291ebf066700d Mon Sep 17 00:00:00 2001
From: Nahuel <nahuel@getcollate.io>
Date: Wed, 16 Nov 2022 16:53:01 +0100
Subject: [PATCH] On init the auth provider 'openmetadata' must generate a JWT
 token if not present on config (#8815)

* On init the auth provider 'openmetadata' must generate a JWT token if not present on config

* Address PR comments
---
 .../service/security/DefaultAuthorizer.java   | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
index ad21be4d38e..8a192e5e8d9 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/DefaultAuthorizer.java
@@ -13,6 +13,7 @@
 
 package org.openmetadata.service.security;
 
+import static org.openmetadata.common.utils.CommonUtil.nullOrEmpty;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AUTH_0;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.AZURE;
 import static org.openmetadata.schema.auth.SSOAuthMechanism.SsoServiceType.CUSTOM_OIDC;
@@ -31,6 +32,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.UUID;
 import javax.ws.rs.core.SecurityContext;
@@ -283,12 +285,7 @@ public class DefaultAuthorizer implements Authorizer {
       // if the auth provider is "openmetadata" in the configuration set JWT as auth mechanism
       if ("openmetadata".equals(airflowConfig.getAuthProvider()) && !"basic".equals(authConfig.getProvider())) {
         OpenMetadataJWTClientConfig jwtClientConfig = airflowConfig.getAuthConfig().getOpenmetadata();
-        authMechanism =
-            buildAuthMechanism(
-                JWT,
-                new JWTAuthMechanism()
-                    .withJWTToken(jwtClientConfig.getJwtToken())
-                    .withJWTTokenExpiry(JWTTokenExpiry.Unlimited));
+        authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(jwtClientConfig, user));
       } else {
         // Otherwise, set auth mechanism from airflow configuration
         // TODO: https://github.com/open-metadata/OpenMetadata/issues/7712
@@ -323,8 +320,7 @@ public class DefaultAuthorizer implements Authorizer {
                       "Unexpected auth provider [%s] for bot [%s]", authConfig.getProvider(), user.getName()));
           }
         } else if ("basic".equals(authConfig.getProvider())) {
-          authMechanism =
-              buildAuthMechanism(JWT, JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited));
+          authMechanism = buildAuthMechanism(JWT, buildJWTAuthMechanism(null, user));
         }
       }
     }
@@ -334,6 +330,14 @@ public class DefaultAuthorizer implements Authorizer {
     return addOrUpdateUser(user);
   }
 
+  private static JWTAuthMechanism buildJWTAuthMechanism(OpenMetadataJWTClientConfig jwtClientConfig, User user) {
+    return Objects.isNull(jwtClientConfig) || nullOrEmpty(jwtClientConfig.getJwtToken())
+        ? JWTTokenGenerator.getInstance().generateJWTToken(user, JWTTokenExpiry.Unlimited)
+        : new JWTAuthMechanism()
+            .withJWTToken(jwtClientConfig.getJwtToken())
+            .withJWTTokenExpiry(JWTTokenExpiry.Unlimited);
+  }
+
   private static SSOAuthMechanism buildAuthMechanismConfig(
       SSOAuthMechanism.SsoServiceType ssoServiceType, Object config) {
     return new SSOAuthMechanism().withSsoServiceType(ssoServiceType).withAuthConfig(config);