Configure client id and client secret in the config file

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=224158599

java/google/registry/config/RegistryConfig.java

@@ -1258,15 +1258,18 @@ public final class RegistryConfig {
       return "/tos";
     }
 
-    /**
+    /** OAuth client ID used by the nomulus tool. */
-     * Returns the name of the OAuth2 client secrets file.
-     *
-     * <p>This is the name of a resource relative to the root of the class tree.
-     */
     @Provides
-    @Config("clientSecretFilename")
+    @Config("toolsClientId")
-    public static String provideClientSecretFilename(RegistryConfigSettings config) {
+    public static String provideToolsClientId(RegistryConfigSettings config) {
-      return config.registryTool.clientSecretFilename;
+      return config.registryTool.clientId;
+    }
+
+    /** OAuth client secret used by the nomulus tool. */
+    @Provides
+    @Config("toolsClientSecret")
+    public static String provideToolsClientSecret(RegistryConfigSettings config) {
+      return config.registryTool.clientSecret;
     }
 
     @Provides
@@ -1551,12 +1554,6 @@ public final class RegistryConfig {
     return Duration.standardDays(CONFIG_SETTINGS.get().registryPolicy.contactAutomaticTransferDays);
   }
 
-  /** Provided for testing. */
-  @VisibleForTesting
-  public static String getClientSecretFilename() {
-    return CONFIG_SETTINGS.get().registryTool.clientSecretFilename;
-  }
-
   /**
    * Memoizes loading of the {@link RegistryConfigSettings} POJO.
    *

java/google/registry/config/RegistryConfigSettings.java

@@ -182,6 +182,7 @@ public class RegistryConfigSettings {
 
   /** Configuration options for the registry tool. */
   public static class RegistryTool {
-    public String clientSecretFilename;
+    public String clientId;
+    public String clientSecret;
   }
 }

java/google/registry/config/files/default-config.yaml

@@ -257,8 +257,8 @@ oAuth:
     - https://www.googleapis.com/auth/userinfo.email
 
   # OAuth client IDs that are allowed to authenticate and communicate with
-  # backend services, e. g. nomulus tool, EPP proxy, etc. All client_id values
+  # backend services, e. g. nomulus tool, EPP proxy, etc. The client_id value
-  # used in client_secret.json files for associated tooling should be included
+  # used in registryTool.clientId field for associated tooling should be included
   # in this list. Client IDs are typically of the format
   # numbers-alphanumerics.apps.googleusercontent.com
   allowedOauthClientIds: []
@@ -388,5 +388,7 @@ keyring:
 
 # Configuration options relevant to the "nomulus" registry tool.
 registryTool:
-  # Name of the client secret file used for authenticating with App Engine.
+  # OAuth client Id used by the tool.
-  clientSecretFilename: /google/registry/tools/resources/client_secret.json
+  clientId: YOUR_CLIENT_ID
+  # OAuth client secret used by the tool.
+  clientSecret: YOUR_CLIENT_SECRET

java/google/registry/tools/AuthModule.java

@@ -21,6 +21,7 @@ import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInsta
 import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
 import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
 import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
+import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.Details;
 import com.google.api.client.http.javanet.NetHttpTransport;
 import com.google.api.client.json.JsonFactory;
 import com.google.api.client.util.store.AbstractDataStoreFactory;
@@ -38,7 +39,6 @@ import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.InputStreamReader;
 import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -91,20 +91,21 @@ public class AuthModule {
     return new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver());
   }
 
+  @Provides
+  static Details provideDefaultInstalledDetails() {
+    return new Details()
+        .setAuthUri("https://accounts.google.com/o/oauth2/auth")
+        .setTokenUri("https://accounts.google.com/o/oauth2/token")
+        .setRedirectUris(ImmutableList.of("urn:ietf:wg:oauth:2.0:oob", "http://localhost"));
+  }
+
   @Provides
   public static GoogleClientSecrets provideClientSecrets(
-      @Config("clientSecretFilename") String clientSecretFilename, JsonFactory jsonFactory) {
+      @Config("toolsClientId") String clientId,
-    try {
+      @Config("toolsClientSecret") String clientSecret,
-      // Load the client secrets file.
+      Details details) {
-      InputStream secretResourceStream = AuthModule.class.getResourceAsStream(clientSecretFilename);
+    return new GoogleClientSecrets()
-      if (secretResourceStream == null) {
+        .setInstalled(details.setClientId(clientId).setClientSecret(clientSecret));
-        throw new RuntimeException("No client secret file found: " + clientSecretFilename);
-      }
-      return GoogleClientSecrets.load(jsonFactory,
-          new InputStreamReader(secretResourceStream, UTF_8));
-    } catch (IOException ex) {
-      throw new RuntimeException(ex);
-    }
   }
 
   @Provides

java/google/registry/tools/BUILD

@@ -26,11 +26,6 @@ java_library(
     resources = glob([
         "*.properties",
         "sql/*.sql",
-
-        # These are example client secret files.  You'll need to obtain your
-        # own for every environment you use and install them in this
-        # directory.
-        "resources/client_secret*.json",
     ]),
     visibility = [":allowed-tools"],
     runtime_deps = [

java/google/registry/tools/resources/README.md

@@ -1,9 +0,0 @@
-
-# Adding Client Secrets
-
-This directory contains the client secret files needed by the `nomulus` tool to
-connect to the Nomulus backend via OAuth2. Adding client secret files to this
-directory is one of two steps you need to perform; the other is adding the
-client id contained in the client secret file to the list of allowed ids in the
-Nomulus configuration file. See the configuration documentation for more
-information.

java/google/registry/tools/resources/client_secret.json

@@ -1,11 +0,0 @@
-{
-  "installed": {
-    "client_id":"SEE-README.md-IN_THIS_DIRECTORY.apps.googleusercontent.com",
-    "project_id":"your-registry-server",
-    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
-    "token_uri":"https://accounts.google.com/o/oauth2/token",
-    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
-    "client_secret":"YOUR-CLIENT-SECRET",
-    "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]
-  }
-}

java/google/registry/tools/resources/client_secret_UNITTEST.json

@@ -1,11 +0,0 @@
-{
-  "installed": {
-    "client_id":"UNITTEST-CLIENT-ID",
-    "project_id":"DO NOT CHANGE",
-    "auth_uri":"https://accounts.google.com/o/oauth2/auth",
-    "token_uri":"https://accounts.google.com/o/oauth2/token",
-    "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
-    "client_secret":"UNITTEST-CLIENT-SECRET",
-    "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"]
-  }
-}

javatests/google/registry/config/RegistryConfigTest.java

@@ -25,13 +25,6 @@ import org.junit.runners.JUnit4;
 @RunWith(JUnit4.class)
 public class RegistryConfigTest {
 
-  @Test
-  public void test_clientSecretFilename() {
-    // Verify that we're pulling this from the default.
-    assertThat(RegistryConfig.getClientSecretFilename()).isEqualTo(
-        "/google/registry/tools/resources/client_secret.json");
-  }
-
   @Test
   public void test_reservedTermsExportDisclaimer_isPrependedWithOctothorpes() {
     assertThat(provideReservedTermsExportDisclaimer(CONFIG_SETTINGS.get()))

javatests/google/registry/tools/AuthModuleTest.java

@@ -46,8 +46,6 @@ import org.junit.runners.JUnit4;
 /** Unit tests for {@link AuthModule}. */
 @RunWith(JUnit4.class)
 public class AuthModuleTest {
-  private static final String TEST_CLIENT_SECRET_FILENAME =
-      "/google/registry/tools/resources/client_secret_UNITTEST.json";
 
   private static final String CLIENT_ID = "UNITTEST-CLIENT-ID";
   private static final String CLIENT_SECRET = "UNITTEST-CLIENT-SECRET";
@@ -89,8 +87,7 @@ public class AuthModuleTest {
   @Before
   public void setUp() throws Exception {
     fakeCredential.setRefreshToken(REFRESH_TOKEN);
-    when(dataStore.get(CLIENT_ID + " scope1"))
+    when(dataStore.get(CLIENT_ID + " scope1")).thenReturn(new StoredCredential(fakeCredential));
-        .thenReturn(new StoredCredential(fakeCredential));
   }
 
   @Test
@@ -151,7 +148,11 @@ public class AuthModuleTest {
   }
 
   private GoogleClientSecrets getSecrets() {
-    return AuthModule.provideClientSecrets(TEST_CLIENT_SECRET_FILENAME, new JacksonFactory());
+    return new GoogleClientSecrets()
+        .setInstalled(
+            AuthModule.provideDefaultInstalledDetails()
+                .setClientId(CLIENT_ID)
+                .setClientSecret(CLIENT_SECRET));
   }
 
   @Test
@@ -174,8 +175,8 @@ public class AuthModuleTest {
     Credential cred = getCredential();
     assertThat(cred.getAccessToken()).isEqualTo(fakeCredential.getAccessToken());
     assertThat(cred.getRefreshToken()).isEqualTo(fakeCredential.getRefreshToken());
-    assertThat(cred.getExpirationTimeMilliseconds()).isEqualTo(
+    assertThat(cred.getExpirationTimeMilliseconds())
-        fakeCredential.getExpirationTimeMilliseconds());
+        .isEqualTo(fakeCredential.getExpirationTimeMilliseconds());
   }
 
   @Test