BetterCloud · jsok · Aug 21, 2018 · Aug 21, 2018
diff --git a/src/main/java/com/bettercloud/vault/api/Auth.java b/src/main/java/com/bettercloud/vault/api/Auth.java
@@ -857,6 +857,71 @@ public AuthResponse loginByGithub(final String githubToken, final String githubA
         }
     }
 
+     /**
+     * <p>Basic login operation to authenticate to an JWT/OIDC backend.  Example usage:</p>
+     *
+     * <blockquote>
+     * <pre>{@code
+     * final AuthResponse response = vault.auth().loginByJWT("role", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...", "jwt");
+     *
+     * final String token = response.getAuthClientToken();
+     * }</pre>
+     * </blockquote>
+     *
+     * @param role The jwt role used for authentication
+     * @param jwt Signed JSON Web Token (JWT)
+     * @param path Path the JWT auth backend is mounted
+     * @return The auth token, with additional response metadata
+     * @throws VaultException If any error occurs, or unexpected response received from Vault
+     */
+     // TODO: Needs integration test coverage if possible
+    public AuthResponse loginByJWT(final String role, final String jwt, final String path)  throws VaultException {
+        int retryCount = 0;
+
+        while (true) {
+            try {
+                // HTTP request to Vault
+                final String requestJson = Json.object()
+                    .add("role", role)
+                    .add("jwt", jwt)
+                    .toString();
+                final RestResponse restResponse = new Rest()
+                        .url(config.getAddress() + "/v1/auth/" + path + "/login")
+                        .body(requestJson.getBytes("UTF-8"))
+                        .connectTimeoutSeconds(config.getOpenTimeout())
+                        .readTimeoutSeconds(config.getReadTimeout())
+                        .sslVerification(config.getSslConfig().isVerify())
+                        .sslContext(config.getSslConfig().getSslContext())
+                        .post();
+
+                // Validate restResponse
+                if (restResponse.getStatus() != 200) {
+                    throw new VaultException("Vault responded with HTTP status code: " + restResponse.getStatus(), restResponse.getStatus());
+                }
+                final String mimeType = restResponse.getMimeType() == null ? "null" : restResponse.getMimeType();
+                if (!mimeType.equals("application/json")) {
+                    throw new VaultException("Vault responded with MIME type: " + mimeType, restResponse.getStatus());
+                }
+                return new AuthResponse(restResponse, retryCount);
+            } catch (Exception e) {
+                // If there are retries to perform, then pause for the configured interval and then execute the loop again...
+                if (retryCount < config.getMaxRetries()) {
+                    retryCount++;
+                    try {
+                        final int retryIntervalMilliseconds = config.getRetryIntervalMilliseconds();
+                        Thread.sleep(retryIntervalMilliseconds);
+                    } catch (InterruptedException e1) {
+                        e1.printStackTrace();
+                    }
+                } else if (e instanceof VaultException) {
+                    // ... otherwise, give up.
+                    throw (VaultException) e;
+                } else {
+                    throw new VaultException(e);
+                }
+            }
+        }
+    }
      /**
      * <p>Basic login operation to authenticate to an GCP backend.  Example usage:</p>
      *

diff --git a/src/test-integration/java/com/bettercloud/vault/util/VaultContainer.java b/src/test-integration/java/com/bettercloud/vault/util/VaultContainer.java
@@ -34,7 +34,7 @@ public class VaultContainer implements TestRule, TestConstants {
 
     /** Establishes a running Docker container, hosting a Vault server instance. */
     public VaultContainer() {
-        container = new GenericContainer("vault:0.9.1")
+        container = new GenericContainer("vault:0.10.4")
                 .withClasspathResourceMapping("/startup.sh", CONTAINER_STARTUP_SCRIPT, BindMode.READ_ONLY)
                 .withClasspathResourceMapping("/config.json", CONTAINER_CONFIG_FILE, BindMode.READ_ONLY)
                 .withClasspathResourceMapping("/libressl.conf", CONTAINER_OPENSSL_CONFIG_FILE, BindMode.READ_ONLY)