Understanding the credentialSupplier class

The client library invokes the credentialSupplier class that you provide to process the individual authentication credential. For example, this class can be used to decrypt the external string in a configuration file or it could request the credential from an active directory.

When executing its build method, the Config.Builder calls the credentialSupplier class for each auth property. The following example illustrates the implementation for decrypting the credentials depending on the auth property.

class DecryptingCredentialSupplier implements Config.CredentialSupplier {
      @Override
      public String apply(String key, String defaultValue) {
        switch (key) {
          case "username":
          case "clientId":
                return defaultValue;
          case "password":
          case "clientSecret":
          case "BearerToken":
          default: // for ApiKeyAuth.paramName and HttpBearerAuth.scheme
                return defaultValue == null ? defaultValue : cipher.decrypt(Base64.getDecoder().decode(defaultValue));
         }
      }
   }

In the following example, the implementation obtains the credentials from Active Directory service.

public class JNDICredentialSupplier implements CredentialSupplierSupplier {
  @SneakyThrows
  @Override
  public Config.CredentialSupplier apply(Map<String, String> properties) {
    Properties props = new Properties();
    if (!properties.containsKey(Context.INITIAL_CONTEXT_FACTORY) || !properties.containsKey(Context.PROVIDER_URL)) {
      throw new IllegalArgumentException("Required param missing");
    }
    props.putAll(properties);
    final Context initialContext = new InitialContext(props);
    return (key, value) -> (String) initialContext.lookup(key);
  }
}