Package io.openlineage.client.transports

Class JwtTokenProvider

java.lang.Object
io.openlineage.client.transports.JwtTokenProvider
All Implemented Interfaces:
TokenProvider
public class JwtTokenProvider extends Object implements TokenProvider
TokenProvider that exchanges an API key for a JWT token via a POST endpoint.

Sends the API key and OAuth parameters as URL-encoded form data.

The provider automatically tries multiple common JSON field names for the token: the configured tokenFields (default ["token", "access_token"]). This ensures compatibility with various OAuth providers.

The provider caches tokens and automatically refreshes them before expiry. By default, tokens are refreshed 120 seconds before they expire. This can be configured using the tokenRefreshBuffer parameter.

Configuration example: 


 transport:
   type: http
   url: https://api.example.com
   auth:
     type: jwt
     apiKey: your-api-key
     tokenEndpoint: https://auth.example.com/token
     tokenFields: ["token", "access_token"]  # optional, defaults to ["token", "access_token"]
     expiresInField: expires_in  # optional, defaults to "expires_in"
     grantType: urn:ietf:params:oauth:grant-type:jwt-bearer  # optional, defaults to "urn:ietf:params:oauth:grant-type:jwt-bearer"
     responseType: token  # optional, defaults to "token"
     tokenRefreshBuffer: 120  # optional, defaults to 120 seconds

For IBM Cloud IAM, use these settings: 


 auth:
   type: jwt
   apiKey: your-ibm-api-key
   tokenEndpoint: https://iam.cloud.ibm.com/identity/token
   grantType: urn:ibm:params:oauth:grant-type:apikey
   responseType: cloud_iam

  • Constructor Details

    • JwtTokenProvider

      public JwtTokenProvider(String apiKey, URI tokenEndpoint)
      Constructor that requires mandatory parameters apiKey and tokenEndpoint. Used by Jackson for deserialization.
      Parameters:
      apiKey - The API key for authentication (required)
      tokenEndpoint - The token endpoint URI (required)
      Throws:
      IllegalArgumentException - if apiKey is null/empty or tokenEndpoint is null

  • Method Details

    • getToken

      public String getToken()
      Specified by:
      getToken in interface TokenProvider

    • getCurrentTimeSeconds

      protected long getCurrentTimeSeconds()
      Gets current time in epoch seconds. Protected to allow test overrides.

    • createHttpClient

      protected org.apache.hc.client5.http.impl.classic.CloseableHttpClient createHttpClient()
      Creates an HTTP client for token requests. Protected to allow test overrides.

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • getApiKey

      public String getApiKey()

    • getTokenEndpoint

      public URI getTokenEndpoint()

    • getTokenFields

      public String[] getTokenFields()
      The JSON field name containing the JWT token in the response. Defaults to "access_token". The provider will also try "token" and "access_token" as fallback options.

    • setTokenFields

      public void setTokenFields(String[] tokenFields)
      The JSON field name containing the JWT token in the response. Defaults to "access_token". The provider will also try "token" and "access_token" as fallback options.

    • getExpiresInField

      public String getExpiresInField()
      The JSON field name containing the token expiration time in seconds. Defaults to "expires_in". If not present in response, token will be refreshed on every call.

    • setExpiresInField

      public void setExpiresInField(String expiresInField)
      The JSON field name containing the token expiration time in seconds. Defaults to "expires_in". If not present in response, token will be refreshed on every call.

    • getGrantType

      public String getGrantType()
      OAuth grant type parameter sent in the token request. Optional, default: "urn:ietf:params:oauth:grant-type:jwt-bearer"

    • setGrantType

      public void setGrantType(String grantType)
      OAuth grant type parameter sent in the token request. Optional, default: "urn:ietf:params:oauth:grant-type:jwt-bearer"

    • getResponseType

      public String getResponseType()
      OAuth response type parameter sent in the token request. Optional, default: "token"

    • setResponseType

      public void setResponseType(String responseType)
      OAuth response type parameter sent in the token request. Optional, default: "token"

    • getTokenRefreshBuffer

      public int getTokenRefreshBuffer()
      Number of seconds before token expiry to trigger a refresh. Optional, default: 120 seconds. This buffer ensures tokens are refreshed before they expire to avoid authentication failures.

    • setTokenRefreshBuffer

      public void setTokenRefreshBuffer(int tokenRefreshBuffer)
      Number of seconds before token expiry to trigger a refresh. Optional, default: 120 seconds. This buffer ensures tokens are refreshed before they expire to avoid authentication failures.