Update flex examples #38
Conversation
…n filesystem, but only in FATJAR'
| 3. ```FlexApiHeaderAuthenticator.java``` complete HTTP Signature authentication implementation that can be plugged to any JAX-RS client implementation as an ```@Provider```. | ||
| 4. ```FlexApiPublicKeysResolver.java``` complete cryptographic Key provider for Jose4J that can retrieve and cache Flex API long living keys. | ||
|
|
||
| # Deployment to Google Cloud |
|
|
||
| For details, please consult https://quarkus.io/guides/maven-tooling#dev-mode. | ||
|
|
||
| ## Few technical details |
There was a problem hiding this comment.
Could remove the word "Few" and just have "Technical details"?
| </dependencies> | ||
| </dependencyManagement> | ||
|
|
||
| <dependencies> |
There was a problem hiding this comment.
Just a note that not all of these are available on the CYBS maven mirror, unless you have a different one?
There was a problem hiding this comment.
I'll answer this internally.
|
|
||
| Flex Direct API allows merchants to write their own integration based on Transient Token concept. | ||
| For example Flex API can be used to isolate systems that capture *payment credentials* from systems that invoke *card services*. | ||
| Flex API facilitates keeping *payment credentials* away from merchant's backend processing, keeping those systems away from PCI compliance. |
There was a problem hiding this comment.
"reducing PCI scope." may be more accurate?
|
|
||
| private JsonObject payload(String jwt) { | ||
| // nasty way - do not do this at home | ||
| jwt = jwt.substring(jwt.indexOf('.') + 1); |
There was a problem hiding this comment.
Should we give this a more readable name since we're just trying to isolate the payload?
Still gross but might be slightly cleaner to do something like
final String[] jwtChunks = jwt.split("\\.");
return new JsonObject(Base64.getDecoder().decode(jwtChunks[1]));?
| */ | ||
| private static final String HMAC_ALG = "HmacSHA256"; | ||
|
|
||
| private static String getDigest(String payload) { |
There was a problem hiding this comment.
There's nothing in the rest-client to do the heavy lifting here?
There was a problem hiding this comment.
It is unlikely that merchant with the need for Flex Direct will require SDK. Flex Direct is a low level API contract for advanced and custom integrations, including merchant responsibility for JWE encryption - i.e. no reliance on microform or any other SDK. So Let's then for consistency have same approach for API calls.
There was a problem hiding this comment.
There is an authentication SDK that does this for you. It is not the full SDK of the APIs but it is much better than coding this again.
@bprokopc Maybe consider that SDK instead.
| <configuration> | ||
| <projectId>flex-mf-springboot-sample</projectId> | ||
| <version>3</version> | ||
| <!-- <artifact>${project.build.directory}/xxxx.jar</artifact>--> |
There was a problem hiding this comment.
Is this something users would ever want to uncomment?
| final long lineCount = lines.count(); | ||
| model.addAttribute("requestLineCount", lineCount); | ||
| } | ||
| model.addAttribute("requestLineCount", new String(captureContextRequestJson.getInputStream().readAllBytes(), "UTF-8")); |
There was a problem hiding this comment.
This is supposed to be a numerical value. Since we're reading bytes is it possible anymore to set this easily? If not should be safely removable
| #app.merchantID= | ||
| #app.merchantKeyId= | ||
| #app.merchantSecretKey= | ||
| app.merchantID= |
There was a problem hiding this comment.
I'd leave the commented. We want to encourage users to set these in application-local.properties which can't be checked in without modifying the .gitignore.
| <maven.compiler.source>17</maven.compiler.source> | ||
| <maven.compiler.target>17</maven.compiler.target> | ||
| <maven.compiler.source>8</maven.compiler.source> | ||
| <maven.compiler.target>8</maven.compiler.target> |
There was a problem hiding this comment.
Why was this downgraded? Please note that the prerequisite mentioned in the README.md file is Java 14.
| } | ||
| String[] split = key.split("\\."); | ||
|
|
||
| for (int i = 0; i < split.length; i++) { |
There was a problem hiding this comment.
I find this pretty unreadable. Is this functionally equivalent?
Arrays.stream(key.split("\\.")).forEach( s -> {
if (!fields.containsKey(s)) {
fields.put(s, new JsonObject());
}
});|
|
||
| @Provider | ||
| @ConstrainedTo(RuntimeType.CLIENT) | ||
| public class FlexApiHeaderAuthenticator implements WriterInterceptor { |
There was a problem hiding this comment.
Do we need this class at all? Can't we just use Cybersource provided ApiClient and make a generic Call?
Add Flex direct live demo + source code.
Deploy microform demo to Google Cloud and make live demo available.
Upgrade microform demo to SpringBoot 3 / Java 17.