serverlessworkflow · fjtirado · Jun 26, 2026 · Jun 25, 2026 · Jun 25, 2026 · Jun 25, 2026
@@ -22,6 +22,8 @@
 import io.serverlessworkflow.api.types.Workflow;
 import io.serverlessworkflow.impl.additional.NamedWorkflowAdditionalObject;
 import io.serverlessworkflow.impl.additional.WorkflowAdditionalObject;
+import io.serverlessworkflow.impl.auth.AuthProviderFactory;
+import io.serverlessworkflow.impl.auth.DefaultAuthProviderFactory;
 import io.serverlessworkflow.impl.config.ConfigManager;
 import io.serverlessworkflow.impl.config.ConfigSecretManager;
 import io.serverlessworkflow.impl.config.SecretManager;
@@ -89,6 +91,7 @@ public class WorkflowApplication implements AutoCloseable {
   private final WorkflowModelFactory contextFactory;
   private final WorkflowScheduler scheduler;
   private final Map<String, WorkflowAdditionalObject<?>> additionalObjects;
+  private final AuthProviderFactory authProviderFactory;
   private final ConfigManager configManager;
   private final SecretManager secretManager;
   private final SchedulerListener schedulerListener;
@@ -120,6 +123,7 @@ private WorkflowApplication(Builder builder) {
     this.scheduler = builder.scheduler;
     this.schedulerListener = builder.schedulerListener;
     this.additionalObjects = builder.additionalObjects;
+    this.authProviderFactory = builder.authProviderFactory;
     this.configManager = builder.configManager;
     this.secretManager = builder.secretManager;
     this.templateResolver = builder.templateResolver;
@@ -241,6 +245,7 @@ public SchemaValidator getValidator(SchemaInline inline) {
     private WorkflowModelFactory modelFactory;
     private WorkflowModelFactory contextFactory;
     private Map<String, WorkflowAdditionalObject<?>> additionalObjects = new HashMap<>();
+    private AuthProviderFactory authProviderFactory;
     private SecretManager secretManager;
     private ConfigManager configManager;
     private SchedulerListener schedulerListener;
@@ -357,6 +362,11 @@ public <T> Builder withAdditionalObject(
       return this;
     }
 
+    public Builder withAuthProviderFactory(AuthProviderFactory authProviderFactory) {
+      this.authProviderFactory = authProviderFactory;
+      return this;
+    }
+
     public Builder withModelFactory(WorkflowModelFactory modelFactory) {
       this.modelFactory = modelFactory;
       return this;
@@ -470,6 +480,10 @@ public WorkflowApplication build() {
       if (id == null) {
         id = idFactory.get();
       }
+      if (authProviderFactory == null) {
+        authProviderFactory = DefaultAuthProviderFactory.factory();
+      }
+
       return new WorkflowApplication(this);
     }
 
@@ -586,6 +600,10 @@ public <T> Optional<T> additionalObject(
         .map(v -> (T) v.apply(workflowContext, taskContext));
   }
 
+  public AuthProviderFactory authProviderFactory() {
+    return authProviderFactory;
+  }
+
   public Collection<CallableTaskProxyBuilder> callableProxyBuilders() {
     return callableProxyBuilders;
   }

@@ -15,87 +15,17 @@
  */
 package io.serverlessworkflow.impl.auth;
 
-import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
 import io.serverlessworkflow.api.types.EndpointConfiguration;
 import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy;
-import io.serverlessworkflow.api.types.Use;
-import io.serverlessworkflow.api.types.UseAuthentications;
-import io.serverlessworkflow.api.types.Workflow;
-import io.serverlessworkflow.impl.WorkflowApplication;
 import io.serverlessworkflow.impl.WorkflowDefinition;
 import java.util.Optional;
 
-public class AuthProviderFactory {
+/** Resolves the {@link AuthProvider} to use for a given authentication policy. */
+public interface AuthProviderFactory {
 
-  private AuthProviderFactory() {}
+  Optional<AuthProvider> getAuth(
+      WorkflowDefinition definition, EndpointConfiguration configuration);
 
-  public static Optional<AuthProvider> getAuth(
-      WorkflowDefinition definition, EndpointConfiguration configuration) {
-    return configuration == null
-        ? Optional.empty()
-        : getAuth(definition, configuration.getAuthentication(), "GET");
-  }
-
-  public static Optional<AuthProvider> getAuth(
-      WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) {
-    if (auth == null) {
-      return Optional.empty();
-    }
-    if (auth.getAuthenticationPolicyReference() != null) {
-      return buildFromReference(
-          definition.application(),
-          definition.workflow(),
-          auth.getAuthenticationPolicyReference().getUse(),
-          method);
-    } else if (auth.getAuthenticationPolicy() != null) {
-      return buildFromPolicy(
-          definition.application(), definition.workflow(), auth.getAuthenticationPolicy(), method);
-    }
-    return Optional.empty();
-  }
-
-  private static Optional<AuthProvider> buildFromReference(
-      WorkflowApplication app, Workflow workflow, String use, String method) {
-    Use useInfo = workflow.getUse();
-    if (useInfo == null) {
-      return Optional.empty();
-    }
-    UseAuthentications authInfo = useInfo.getAuthentications();
-    return authInfo == null
-        ? Optional.empty()
-        : authInfo.getAdditionalProperties().entrySet().stream()
-            .filter(s -> s.getKey().equals(use))
-            .findAny()
-            .flatMap(e -> buildFromPolicy(app, workflow, e.getValue(), method));
-  }
-
-  private static Optional<AuthProvider> buildFromPolicy(
-      WorkflowApplication app,
-      Workflow workflow,
-      AuthenticationPolicyUnion authenticationPolicy,
-      String method) {
-    if (authenticationPolicy.getBasicAuthenticationPolicy() != null) {
-      return Optional.of(
-          new BasicAuthProvider(
-              app, workflow, authenticationPolicy.getBasicAuthenticationPolicy()));
-    } else if (authenticationPolicy.getBearerAuthenticationPolicy() != null) {
-      return Optional.of(
-          new BearerAuthProvider(
-              app, workflow, authenticationPolicy.getBearerAuthenticationPolicy()));
-    } else if (authenticationPolicy.getDigestAuthenticationPolicy() != null) {
-      return Optional.of(
-          new DigestAuthProvider(
-              app, workflow, authenticationPolicy.getDigestAuthenticationPolicy(), method));
-    } else if (authenticationPolicy.getOAuth2AuthenticationPolicy() != null) {
-      return Optional.of(
-          new OAuth2AuthProvider(
-              app, workflow, authenticationPolicy.getOAuth2AuthenticationPolicy()));
-    } else if (authenticationPolicy.getOpenIdConnectAuthenticationPolicy() != null) {
-      return Optional.of(
-          new OpenIdAuthProvider(
-              app, workflow, authenticationPolicy.getOpenIdConnectAuthenticationPolicy()));
-    }
-
-    return Optional.empty();
-  }
+  Optional<AuthProvider> getAuth(
+      WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method);
 }
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2020-Present The Serverless Workflow Specification Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.serverlessworkflow.impl.auth;
+
+import io.serverlessworkflow.api.types.AuthenticationPolicyUnion;
+import io.serverlessworkflow.api.types.EndpointConfiguration;
+import io.serverlessworkflow.api.types.ReferenceableAuthenticationPolicy;
+import io.serverlessworkflow.api.types.Use;
+import io.serverlessworkflow.api.types.UseAuthentications;
+import io.serverlessworkflow.api.types.Workflow;
+import io.serverlessworkflow.impl.WorkflowApplication;
+import io.serverlessworkflow.impl.WorkflowDefinition;
+import java.util.Optional;
+
+public class DefaultAuthProviderFactory implements AuthProviderFactory {
+
+  private static class DefaultAuthProviderFactoryHolder {
+    private static final DefaultAuthProviderFactory instance = new DefaultAuthProviderFactory();
+  }
+
+  public static DefaultAuthProviderFactory factory() {
+    return DefaultAuthProviderFactoryHolder.instance;
+  }
+
+  @Override
+  public Optional<AuthProvider> getAuth(
+      WorkflowDefinition definition, EndpointConfiguration configuration) {
+    return configuration == null
+        ? Optional.empty()
+        : getAuth(definition, configuration.getAuthentication(), "GET");
+  }
+
+  @Override
+  public Optional<AuthProvider> getAuth(
+      WorkflowDefinition definition, ReferenceableAuthenticationPolicy auth, String method) {
+    if (auth == null) {
+      return Optional.empty();
+    }
+    if (auth.getAuthenticationPolicyReference() != null) {
+      return buildFromReference(
+          definition.application(),
+          definition.workflow(),
+          auth.getAuthenticationPolicyReference().getUse(),
+          method);
+    } else if (auth.getAuthenticationPolicy() != null) {
+      return buildFromPolicy(
+          definition.application(), definition.workflow(), auth.getAuthenticationPolicy(), method);
+    }
+    return Optional.empty();
+  }
+
+  private Optional<AuthProvider> buildFromReference(
+      WorkflowApplication app, Workflow workflow, String use, String method) {
+    Use useInfo = workflow.getUse();
+    if (useInfo == null) {
+      return Optional.empty();
+    }
+    UseAuthentications authInfo = useInfo.getAuthentications();
+    return authInfo == null
+        ? Optional.empty()
+        : authInfo.getAdditionalProperties().entrySet().stream()
+            .filter(s -> s.getKey().equals(use))
+            .findAny()
+            .flatMap(e -> buildFromPolicy(app, workflow, e.getValue(), method));
+  }
+
+  private Optional<AuthProvider> buildFromPolicy(
+      WorkflowApplication app,
+      Workflow workflow,
+      AuthenticationPolicyUnion authenticationPolicy,
+      String method) {
+    if (authenticationPolicy.getBasicAuthenticationPolicy() != null) {
+      return Optional.of(
+          new BasicAuthProvider(
+              app, workflow, authenticationPolicy.getBasicAuthenticationPolicy()));
+    } else if (authenticationPolicy.getBearerAuthenticationPolicy() != null) {
+      return Optional.of(
+          new BearerAuthProvider(
+              app, workflow, authenticationPolicy.getBearerAuthenticationPolicy()));
+    } else if (authenticationPolicy.getDigestAuthenticationPolicy() != null) {
+      return Optional.of(
+          new DigestAuthProvider(
+              app, workflow, authenticationPolicy.getDigestAuthenticationPolicy(), method));
+    } else if (authenticationPolicy.getOAuth2AuthenticationPolicy() != null) {
+      return Optional.of(
+          new OAuth2AuthProvider(
+              app, workflow, authenticationPolicy.getOAuth2AuthenticationPolicy()));
+    } else if (authenticationPolicy.getOpenIdConnectAuthenticationPolicy() != null) {
+      return Optional.of(
+          new OpenIdAuthProvider(
+              app, workflow, authenticationPolicy.getOpenIdConnectAuthenticationPolicy()));
+    }
+
+    return Optional.empty();
+  }
+}
@@ -26,7 +26,6 @@
 import io.serverlessworkflow.impl.WorkflowContext;
 import io.serverlessworkflow.impl.WorkflowModel;
 import io.serverlessworkflow.impl.WorkflowValueResolver;
-import io.serverlessworkflow.impl.auth.AuthProviderFactory;
 import io.serverlessworkflow.impl.auth.AuthUtils;
 import io.serverlessworkflow.impl.expressions.ExpressionDescriptor;
 import java.net.URI;
@@ -108,8 +107,9 @@ public <T> T load(
     return loadURI(
         uri,
         function,
-        AuthProviderFactory.getAuth(
-                workflowContext.definition(), endPoint.getEndpointConfiguration())
+        application
+            .authProviderFactory()
+            .getAuth(workflowContext.definition(), endPoint.getEndpointConfiguration())
             .map(
                 auth ->
                     AuthUtils.authHeaderValue(

@@ -19,7 +19,7 @@
 import io.serverlessworkflow.impl.WorkflowDefinition;
 import io.serverlessworkflow.impl.WorkflowUtils;
 import io.serverlessworkflow.impl.WorkflowValueResolver;
-import io.serverlessworkflow.impl.auth.AuthProviderFactory;
+import io.serverlessworkflow.impl.auth.AuthProvider;
 import jakarta.ws.rs.HttpMethod;
 import java.net.URI;
 import java.util.Map;
@@ -101,24 +101,21 @@ public static HttpExecutorBuilder builder(WorkflowDefinition definition) {
   }
 
   private RequestExecutor buildRequestExecutor() {
-    String theMethod = method.toUpperCase();
-    switch (theMethod) {
+    String httpMethod = method.toUpperCase();
+    Optional<AuthProvider> auth =
+        definition.application().authProviderFactory().getAuth(definition, policy, httpMethod);
+    switch (httpMethod) {
       case HttpMethod.POST:
       case HttpMethod.PUT:
       case HttpMethod.PATCH:
         return new WithBodyRequestExecutor(
-            theMethod,
-            redirect,
-            AuthProviderFactory.getAuth(definition, policy, method),
-            definition.application(),
-            body);
+            httpMethod, redirect, auth, definition.application(), body);
       case HttpMethod.DELETE:
       case HttpMethod.HEAD:
       case HttpMethod.OPTIONS:
       case HttpMethod.GET:
       default:
-        return new WithoutBodyRequestExecutor(
-            theMethod, redirect, AuthProviderFactory.getAuth(definition, policy, method));
+        return new WithoutBodyRequestExecutor(httpMethod, redirect, auth);
     }
   }
 }